Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/lY50r2m-7uldAABIP6EyUEOxWbY.roa
File: lY50r2m-7uldAABIP6EyUEOxWbY.roa (raw, json)
Hash identifier: O1t8jjGHFAoXXY14tADPG2fQNEdQQB62DFQe04qEq+k=
Subject key identifier: 95:8E:74:AF:69:BE:EE:E9:5D:00:00:48:3F:A1:32:50:43:B1:59:B6
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2315
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/lY50r2m-7uldAABIP6EyUEOxWbY.roa
Signing time: Sun 08 Jun 2025 02:08:54 +0000
ROA not before: Sun 08 Jun 2025 02:08:54 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8981 (0x2315)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 8 02:08:54 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=958E74AF69BEEEE95D0000483FA1325043B159B6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:af:57:e8:48:46:ce:cc:f8:b9:f4:36:8a:eb:
28:7d:de:48:8b:c5:9a:7d:5f:c3:fc:84:b1:b5:a3:
2f:03:3d:33:8d:81:15:91:75:b3:a2:31:56:79:a6:
87:39:da:67:19:eb:97:a3:2b:6f:17:13:a7:d3:55:
d6:fe:e9:46:72:24:b8:69:76:a6:9f:bf:13:ab:8d:
ce:f3:13:7b:c8:15:d2:8d:0b:bc:66:d3:72:83:38:
65:2c:0f:c1:f9:81:f6:50:ef:98:d0:7b:ec:ae:ca:
17:c7:88:97:da:e6:c0:49:0c:6a:30:70:ac:c0:26:
93:c5:88:fb:b8:a8:d4:96:0a:c2:c5:e6:1c:3d:36:
55:7c:18:6c:44:51:a9:61:61:d2:0c:47:c5:5b:13:
be:82:52:87:52:8f:6d:59:82:90:a5:8c:87:87:e5:
da:9c:f7:bd:2a:a2:dc:48:11:83:d7:f7:10:18:2d:
a2:7c:f1:54:6a:75:87:6b:b7:4e:2f:71:16:1f:4c:
c3:5c:6d:92:3e:90:33:80:54:80:af:78:bf:e8:bc:
ad:e8:7e:22:9b:89:79:bf:77:cc:c3:15:1b:c0:65:
70:5a:4b:f9:17:6f:80:85:41:6f:58:b0:82:75:d2:
ed:39:f2:65:5c:19:eb:4b:19:71:d3:bf:69:6d:e6:
a9:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:8E:74:AF:69:BE:EE:E9:5D:00:00:48:3F:A1:32:50:43:B1:59:B6
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/lY50r2m-7uldAABIP6EyUEOxWbY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
3f:0b:49:69:1c:93:07:1e:34:5f:fc:41:75:fb:f1:37:4a:5a:
f1:e8:4b:35:86:09:28:d6:0b:c1:7b:20:ab:a8:0b:9f:a8:ca:
82:f2:e7:33:b0:7d:c8:45:90:62:8d:4d:b6:b3:e0:9e:bc:43:
46:90:86:c8:76:25:43:09:53:75:b1:24:ce:b1:af:16:e6:86:
33:01:10:a5:67:cc:15:91:0e:de:79:2d:c5:cf:8d:f3:74:13:
8d:ca:21:8f:c2:f6:2f:1f:d0:60:48:4c:ea:55:b8:07:af:47:
9e:3e:7c:61:05:8b:99:69:f4:12:57:82:5e:73:74:17:e2:0d:
58:06:06:e2:d6:c4:a0:33:d9:0f:9f:c7:58:99:3c:bf:8e:5c:
19:29:60:ef:c6:16:2c:a8:a3:87:1a:97:7e:db:97:d8:7e:4e:
1a:3a:9e:c5:f5:61:f9:c5:21:e0:0b:ee:ab:c8:50:fa:23:cf:
55:a5:81:af:ef:1e:fc:15:3b:e9:3e:30:8a:b7:e4:3f:69:77:
4d:ad:98:ba:92:47:9c:47:58:d0:9a:2e:91:71:59:e4:04:8e:
42:70:18:06:92:48:98:02:dc:55:d6:04:ba:ef:b3:61:be:b4:
30:d9:f5:82:08:3c:16:66:21:e2:92:11:86:aa:40:7f:3d:35:
05:c1:02:d0
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIxUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDgw
MjA4NTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk1OEU3NEFGNjlCRUVF
RTk1RDAwMDA0ODNGQTEzMjUwNDNCMTU5QjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDlr1foSEbOzPi59DaK6yh93kiLxZp9X8P8hLG1oy8DPTONgRWR
dbOiMVZ5poc52mcZ65ejK28XE6fTVdb+6UZyJLhpdqafvxOrjc7zE3vIFdKNC7xm
03KDOGUsD8H5gfZQ75jQe+yuyhfHiJfa5sBJDGowcKzAJpPFiPu4qNSWCsLF5hw9
NlV8GGxEUalhYdIMR8VbE76CUodSj21ZgpCljIeH5dqc970qotxIEYPX9xAYLaJ8
8VRqdYdrt04vcRYfTMNcbZI+kDOAVICveL/ovK3ofiKbiXm/d8zDFRvAZXBaS/kX
b4CFQW9YsIJ10u058mVcGetLGXHTv2lt5qn1AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUlY50r2m+7uldAABIP6EyUEOxWbYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvbFk1MHIybS03dWxk
QUFCSVA2RXlVRU94V2JZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAD8LSWkckwceNF/8QXX78TdKWvHo
SzWGCSjWC8F7IKuoC5+oyoLy5zOwfchFkGKNTbaz4J68Q0aQhsh2JUMJU3WxJM6x
rxbmhjMBEKVnzBWRDt55LcXPjfN0E43KIY/C9i8f0GBITOpVuAevR54+fGEFi5lp
9BJXgl5zdBfiDVgGBuLWxKAz2Q+fx1iZPL+OXBkpYO/GFiyoo4cal37bl9h+Tho6
nsX1YfnFIeAL7qvIUPojz1Wlga/vHvwVO+k+MIq35D9pd02tmLqSR5xHWNCaLpFx
WeQEjkJwGAaSSJgC3FXWBLrvs2G+tDDZ9YIIPBZmIeKSEYaqQH89NQXBAtA=
-----END CERTIFICATE-----
Generated at Sat Jun 21 06:52:40 2025 by rpki-client