Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/lQN1pkEGSpMXAu-C3XlzljJWs_Q.roa
File: lQN1pkEGSpMXAu-C3XlzljJWs_Q.roa (raw, json)
Hash identifier: I1UiA9YXfgof0/Z8x/tUR4lqyCAGvnRrGW01kK6bH2c=
Subject key identifier: 95:03:75:A6:41:06:4A:93:17:02:EF:82:DD:79:73:96:32:56:B3:F4
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1F4A
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/lQN1pkEGSpMXAu-C3XlzljJWs_Q.roa
Signing time: Sun 01 Jun 2025 08:08:34 +0000
ROA not before: Sun 01 Jun 2025 08:08:34 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8010 (0x1f4a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 1 08:08:34 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=950375A641064A931702EF82DD7973963256B3F4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:1a:34:8c:c2:67:06:3e:08:0a:21:97:91:43:
e6:bc:a4:bf:14:f8:a5:0b:27:f6:b2:c0:6c:8d:a8:
a1:87:36:fc:fc:a2:9c:cd:b7:e7:5a:c8:ab:2d:a3:
37:09:07:dd:0b:d3:11:f4:97:3b:79:3c:c1:ff:b5:
24:0b:50:13:14:6f:f1:40:b4:60:4e:8d:a0:85:5f:
f0:55:20:eb:1d:23:d4:de:68:fc:93:39:f8:10:33:
ee:1f:a0:f1:5e:79:3e:96:12:68:d2:d0:ba:89:fe:
ff:43:c3:95:d6:ee:c6:bf:5f:5d:54:12:d9:a2:27:
40:f8:e1:06:78:bf:be:fe:64:ed:29:aa:db:92:56:
d5:4f:63:3c:14:80:8c:e6:eb:9d:63:47:3f:6e:da:
f1:da:7b:9f:7d:71:ea:68:0a:21:34:5e:4c:28:17:
38:f8:ff:14:54:5a:63:13:60:11:b6:ab:9b:e3:5f:
44:19:a6:f7:c2:8a:1d:70:1b:f4:63:49:c6:63:09:
e4:21:67:73:57:b0:f3:06:fc:38:b9:8a:d2:5d:60:
4c:f5:f7:d9:c3:df:01:28:69:d3:0a:d6:65:4d:7b:
9d:ad:07:3a:07:2d:a8:a9:af:80:e2:c1:fa:37:50:
e5:98:3c:bb:1f:90:9d:79:b9:69:01:d4:eb:9d:21:
fa:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:03:75:A6:41:06:4A:93:17:02:EF:82:DD:79:73:96:32:56:B3:F4
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/lQN1pkEGSpMXAu-C3XlzljJWs_Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
1b:a4:2d:71:ca:91:f1:df:21:9c:f0:bf:42:54:0a:6d:a3:4d:
36:69:e0:3e:55:0d:f9:f8:28:bf:d1:c2:5d:35:0c:55:b3:c4:
cf:ba:96:ae:73:f0:e0:0b:f3:dd:9c:b5:2b:cf:d2:00:49:cd:
29:a5:b8:9a:63:1d:67:e8:8e:08:35:17:6d:e4:68:d6:18:20:
14:b8:9c:00:c9:4a:ec:74:55:ec:0b:28:c6:84:e7:d5:5a:69:
fc:14:52:63:58:95:db:7e:01:6c:ee:b5:e2:6d:cc:ce:d1:8d:
7a:f9:c4:91:78:6c:2f:3c:d1:30:64:79:23:b1:df:ce:62:7c:
f4:80:bd:b3:8c:f7:35:c1:ff:13:a6:a8:bf:c1:18:e3:c1:f8:
ad:4b:49:c9:b4:75:52:c5:d5:36:22:d9:cb:b1:e3:53:cd:fd:
c0:c0:20:47:e3:8b:ae:1d:e0:00:03:32:c9:72:4e:5a:1c:a8:
87:a2:f4:2a:bf:ce:40:a1:2a:99:0d:6e:f6:30:00:e7:73:ad:
b6:53:38:b2:9b:d6:49:dd:bd:93:15:94:c7:0b:6c:1b:1b:eb:
2e:08:5d:f6:05:2d:3d:c1:24:1e:b1:f8:8d:40:5c:0c:ce:56:
4a:36:1f:6a:53:df:51:8b:7d:63:61:3f:6e:fe:31:87:f5:60:
c8:42:ba:d7
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICH0owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDEw
ODA4MzRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk1MDM3NUE2NDEwNjRB
OTMxNzAyRUY4MkRENzk3Mzk2MzI1NkIzRjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFGjSMwmcGPggKIZeRQ+a8pL8U+KULJ/aywGyNqKGHNvz8opzN
t+dayKstozcJB90L0xH0lzt5PMH/tSQLUBMUb/FAtGBOjaCFX/BVIOsdI9TeaPyT
OfgQM+4foPFeeT6WEmjS0LqJ/v9Dw5XW7sa/X11UEtmiJ0D44QZ4v77+ZO0pqtuS
VtVPYzwUgIzm651jRz9u2vHae599cepoCiE0XkwoFzj4/xRUWmMTYBG2q5vjX0QZ
pvfCih1wG/RjScZjCeQhZ3NXsPMG/Di5itJdYEz199nD3wEoadMK1mVNe52tBzoH
Laipr4Diwfo3UOWYPLsfkJ15uWkB1OudIfrPAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUlQN1pkEGSpMXAu+C3XlzljJWs/QwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvbFFOMXBrRUdTcE1Y
QXUtQzNYbHpsakpXc19RLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABukLXHKkfHfIZzwv0JUCm2jTTZp
4D5VDfn4KL/Rwl01DFWzxM+6lq5z8OAL892ctSvP0gBJzSmluJpjHWfojgg1F23k
aNYYIBS4nADJSux0VewLKMaE59VaafwUUmNYldt+AWzuteJtzM7RjXr5xJF4bC88
0TBkeSOx385ifPSAvbOM9zXB/xOmqL/BGOPB+K1LScm0dVLF1TYi2cux41PN/cDA
IEfji64d4AADMslyTlocqIei9Cq/zkChKpkNbvYwAOdzrbZTOLKb1kndvZMVlMcL
bBsb6y4IXfYFLT3BJB6x+I1AXAzOVko2H2pT31GLfWNhP27+MYf1YMhCutc=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:59:20 2025 by rpki-client