Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/lhXeEy99jxpwtgovM-Db1t3CHBc.roa
File: lhXeEy99jxpwtgovM-Db1t3CHBc.roa (raw, json)
Hash identifier: W0EpWYz0rX71mBTqcQZLSR0AOeJDAiD+DWHdRuqRaak=
Subject key identifier: 96:15:DE:13:2F:7D:8F:1A:70:B6:0A:2F:33:E0:DB:D6:DD:C2:1C:17
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2267
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/lhXeEy99jxpwtgovM-Db1t3CHBc.roa
Signing time: Fri 06 Jun 2025 21:08:50 +0000
ROA not before: Fri 06 Jun 2025 21:08:50 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8807 (0x2267)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 6 21:08:50 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9615DE132F7D8F1A70B60A2F33E0DBD6DDC21C17
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:50:69:55:d8:e9:9a:41:27:49:2a:49:d5:08:
b5:d5:78:86:0b:15:57:0d:7c:c9:2e:9a:52:7e:3c:
13:96:6b:84:7b:19:09:c0:2a:b1:d3:16:55:83:81:
78:98:e8:f5:48:23:d9:e0:cf:9a:ec:02:41:38:76:
bb:b0:b0:98:08:5f:90:4b:c3:15:02:36:d5:b0:4d:
dd:26:15:fb:70:3f:90:a0:cd:f4:0a:6c:77:23:31:
2d:1d:db:5a:08:c7:b0:26:eb:1f:c3:2e:1f:58:01:
ec:87:1d:05:b0:37:ac:94:df:8e:2b:03:bd:0e:d5:
7c:68:00:f8:9e:d3:aa:e0:fe:51:51:47:65:8c:79:
99:13:3f:9f:17:0e:34:c3:15:46:0c:3b:a9:1e:aa:
f6:a3:fc:93:57:d8:63:74:a5:fb:6a:3c:6e:66:f7:
85:ca:06:72:83:81:cd:24:8a:53:85:b4:ba:a5:59:
f0:48:09:bc:08:71:cd:1d:48:b6:21:46:39:2e:79:
7e:88:ba:4d:11:92:2b:ff:63:f5:1d:b3:04:0d:e0:
48:f7:f9:64:ca:fa:b8:07:3b:55:7d:fe:f7:fa:52:
53:62:f4:1a:55:d3:ed:3c:1c:eb:96:ed:8d:00:85:
1b:e7:2c:5a:fe:e0:2c:70:dd:6d:6c:4b:ce:08:3e:
f8:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:15:DE:13:2F:7D:8F:1A:70:B6:0A:2F:33:E0:DB:D6:DD:C2:1C:17
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/lhXeEy99jxpwtgovM-Db1t3CHBc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
26:a6:94:23:a2:08:3f:27:b0:b4:4e:c5:b2:fe:8a:1a:2f:2e:
19:0b:27:05:ad:3b:66:25:9a:58:6f:ee:30:0a:b7:26:ec:51:
aa:e1:44:71:44:13:4c:a8:80:52:51:ee:c5:89:28:08:f7:1d:
d0:f2:a9:25:c1:db:97:3b:02:6f:8f:ec:61:e2:17:a7:e1:b4:
16:e7:5e:ac:dd:3e:64:09:9e:aa:88:9f:9a:8c:7e:52:10:61:
37:7a:66:8c:e8:ac:be:19:c3:39:de:f3:a5:88:00:27:fa:8c:
2f:d9:7d:be:71:2a:d0:f5:24:96:4f:70:28:a6:b6:f2:da:df:
49:67:11:a7:98:a7:20:52:04:9f:27:d5:29:32:e0:88:2e:ca:
b2:e3:46:93:72:5c:b6:08:26:34:18:8f:f4:c9:55:fa:67:18:
82:8f:ff:2f:8b:4d:2e:9a:41:58:7b:a6:9c:bf:d4:4d:79:f7:
c9:40:94:62:70:6d:2e:84:18:58:53:34:a6:9b:71:e1:3e:91:
34:1a:34:e1:61:c3:d4:58:28:e5:cc:c1:a4:6e:95:5d:ac:14:
02:a4:15:02:e8:c9:51:8b:a1:6f:ad:e7:d4:c4:8b:64:f4:15:
8f:55:48:8a:96:e0:60:1c:97:37:b7:32:1c:15:40:8d:f5:45:
e5:13:8d:9d
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICImcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDYy
MTA4NTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk2MTVERTEzMkY3RDhG
MUE3MEI2MEEyRjMzRTBEQkQ2RERDMjFDMTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDpUGlV2OmaQSdJKknVCLXVeIYLFVcNfMkumlJ+PBOWa4R7GQnA
KrHTFlWDgXiY6PVII9ngz5rsAkE4druwsJgIX5BLwxUCNtWwTd0mFftwP5CgzfQK
bHcjMS0d21oIx7Am6x/DLh9YAeyHHQWwN6yU344rA70O1XxoAPie06rg/lFRR2WM
eZkTP58XDjTDFUYMO6keqvaj/JNX2GN0pftqPG5m94XKBnKDgc0kilOFtLqlWfBI
CbwIcc0dSLYhRjkueX6Iuk0Rkiv/Y/UdswQN4Ej3+WTK+rgHO1V9/vf6UlNi9BpV
0+08HOuW7Y0AhRvnLFr+4Cxw3W1sS84IPvjxAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUlhXeEy99jxpwtgovM+Db1t3CHBcwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvbGhYZUV5OTlqeHB3
dGdvdk0tRGIxdDNDSEJjLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBACamlCOiCD8nsLROxbL+ihovLhkL
JwWtO2Ylmlhv7jAKtybsUarhRHFEE0yogFJR7sWJKAj3HdDyqSXB25c7Am+P7GHi
F6fhtBbnXqzdPmQJnqqIn5qMflIQYTd6ZozorL4Zwzne86WIACf6jC/Zfb5xKtD1
JJZPcCimtvLa30lnEaeYpyBSBJ8n1Sky4IguyrLjRpNyXLYIJjQYj/TJVfpnGIKP
/y+LTS6aQVh7ppy/1E1598lAlGJwbS6EGFhTNKabceE+kTQaNOFhw9RYKOXMwaRu
lV2sFAKkFQLoyVGLoW+t59TEi2T0FY9VSIqW4GAclze3MhwVQI31ReUTjZ0=
-----END CERTIFICATE-----
Generated at Sat Jun 21 02:29:17 2025 by rpki-client