Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/ltD5RuYpH1VpvmftW223HInWFOk.roa
File: ltD5RuYpH1VpvmftW223HInWFOk.roa (raw, json)
Hash identifier: Z0hRO6l5yp+QxHaJ9N4lPQjV3iF2lyuns6rhBFdkVDw=
Subject key identifier: 96:D0:F9:46:E6:29:1F:55:69:BE:67:ED:5B:6D:B7:1C:89:D6:14:E9
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2016
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ltD5RuYpH1VpvmftW223HInWFOk.roa
Signing time: Mon 02 Jun 2025 18:08:37 +0000
ROA not before: Mon 02 Jun 2025 18:08:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8214 (0x2016)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 2 18:08:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=96D0F946E6291F5569BE67ED5B6DB71C89D614E9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:5e:88:6d:ff:0c:d3:79:e7:ad:0e:65:01:cf:
ab:03:c1:79:75:85:90:c2:91:19:82:79:ed:5f:85:
24:df:b9:77:8d:df:9f:4b:e4:92:f5:9a:01:43:b9:
0b:36:37:16:ad:03:1a:18:f1:aa:af:f3:52:cf:93:
19:af:96:18:99:e4:91:fe:65:c2:a9:57:dc:f4:e0:
95:5d:65:3d:8d:30:c7:5c:a5:86:7f:b4:0d:c2:81:
3d:c2:d4:f0:36:25:38:f1:7c:e1:97:1c:a5:b3:ac:
af:60:ea:39:f7:96:2e:ef:00:03:9b:05:1d:df:d6:
bb:07:e3:4c:b5:d7:8a:1a:59:05:f0:d8:b3:36:56:
47:e6:4a:6b:5e:b0:b4:23:83:fe:d6:f6:5d:14:51:
c6:2c:13:ea:5b:96:07:c6:19:82:b3:48:e7:78:90:
55:22:54:f5:5f:fa:2a:d1:20:ec:43:f6:30:4d:62:
aa:cf:1f:3e:c5:08:2c:5e:cd:f5:83:ee:e9:e2:cb:
ba:0b:a8:c3:34:65:15:c1:1d:07:6c:a9:19:ea:52:
9a:85:41:f3:c6:c8:6c:7c:3d:79:0c:a0:5f:87:ec:
fb:c1:c0:fa:69:89:7f:e9:de:92:ad:61:20:c1:77:
79:6f:c9:26:a0:3b:6d:2b:58:93:6b:80:d7:81:52:
dd:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:D0:F9:46:E6:29:1F:55:69:BE:67:ED:5B:6D:B7:1C:89:D6:14:E9
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ltD5RuYpH1VpvmftW223HInWFOk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
7f:7d:61:b8:f3:09:e8:cc:8e:c6:84:83:84:49:e5:9a:81:da:
39:32:72:9c:cc:29:cd:cc:31:f6:7f:cb:e7:29:c5:2c:27:96:
d4:f9:7e:ad:3c:33:e2:0d:ff:77:dc:7b:ba:db:61:ea:9e:08:
5d:a3:a4:16:da:8e:76:e9:cd:aa:5f:3b:4f:99:58:61:51:29:
14:75:07:89:3f:39:8e:22:98:d5:e9:21:9f:bf:46:e8:5f:58:
2c:d4:9e:d2:b1:08:6f:f8:ee:d7:84:92:80:f5:bf:71:1f:d7:
94:7b:41:b1:4d:37:01:01:26:e5:02:40:2a:69:16:22:59:42:
e4:18:55:63:4f:75:23:ad:63:e2:23:81:48:7d:44:ce:bf:30:
ff:e2:a9:c3:46:e3:2c:92:38:ce:00:01:b7:2f:b9:01:ae:ca:
9b:b7:c3:59:dc:e7:39:e3:54:4e:12:47:2e:f9:b8:94:e8:67:
ac:ad:76:8a:84:7b:4b:f6:cd:12:05:1d:93:5e:07:70:cc:b3:
a5:89:ea:78:34:b7:42:94:03:e4:d9:8d:e5:f0:22:58:dc:2a:
2d:75:c4:9a:f5:a7:93:cb:6b:35:65:e1:ca:af:ed:55:7e:e3:
0e:79:0c:b8:db:2c:32:1c:73:79:7b:a9:b4:af:6f:bc:e7:a4:
3e:96:b6:42
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIBYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDIx
ODA4MzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk2RDBGOTQ2RTYyOTFG
NTU2OUJFNjdFRDVCNkRCNzFDODlENjE0RTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDyXoht/wzTeeetDmUBz6sDwXl1hZDCkRmCee1fhSTfuXeN359L
5JL1mgFDuQs2NxatAxoY8aqv81LPkxmvlhiZ5JH+ZcKpV9z04JVdZT2NMMdcpYZ/
tA3CgT3C1PA2JTjxfOGXHKWzrK9g6jn3li7vAAObBR3f1rsH40y114oaWQXw2LM2
VkfmSmtesLQjg/7W9l0UUcYsE+pblgfGGYKzSOd4kFUiVPVf+irRIOxD9jBNYqrP
Hz7FCCxezfWD7uniy7oLqMM0ZRXBHQdsqRnqUpqFQfPGyGx8PXkMoF+H7PvBwPpp
iX/p3pKtYSDBd3lvySagO20rWJNrgNeBUt33AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUltD5RuYpH1VpvmftW223HInWFOkwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvbHRENVJ1WXBIMVZw
dm1mdFcyMjNISW5XRk9rLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAH99YbjzCejMjsaEg4RJ5ZqB2jky
cpzMKc3MMfZ/y+cpxSwnltT5fq08M+IN/3fce7rbYeqeCF2jpBbajnbpzapfO0+Z
WGFRKRR1B4k/OY4imNXpIZ+/RuhfWCzUntKxCG/47teEkoD1v3Ef15R7QbFNNwEB
JuUCQCppFiJZQuQYVWNPdSOtY+IjgUh9RM6/MP/iqcNG4yySOM4AAbcvuQGuypu3
w1nc5znjVE4SRy75uJToZ6ytdoqEe0v2zRIFHZNeB3DMs6WJ6ng0t0KUA+TZjeXw
IljcKi11xJr1p5PLazVl4cqv7VV+4w55DLjbLDIcc3l7qbSvb7znpD6WtkI=
-----END CERTIFICATE-----
Generated at Sun Jun 22 16:17:42 2025 by rpki-client