Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/lvBCqo9gS9vLgUkQmCW5VWq0e3I.roa
File: lvBCqo9gS9vLgUkQmCW5VWq0e3I.roa (raw, json)
Hash identifier: ERzUUumkf+SeribUXOfcGqARUuz4x0EQfuKUd1S7FKM=
Subject key identifier: 96:F0:42:AA:8F:60:4B:DB:CB:81:49:10:98:25:B9:55:6A:B4:7B:72
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2501
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/lvBCqo9gS9vLgUkQmCW5VWq0e3I.roa
Signing time: Wed 11 Jun 2025 12:09:09 +0000
ROA not before: Wed 11 Jun 2025 12:09:09 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9473 (0x2501)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 11 12:09:09 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=96F042AA8F604BDBCB8149109825B9556AB47B72
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:e1:e9:71:32:33:2d:07:98:16:65:ff:a2:d5:
e6:15:b2:79:b0:03:9f:b7:e7:fb:ce:b5:f1:f5:48:
e6:80:6e:11:cd:c8:10:31:fb:6f:25:09:98:8c:ad:
d0:b6:de:88:ad:26:38:92:e8:bb:59:92:50:45:c2:
88:bf:6a:17:aa:af:44:e7:7d:df:86:d2:5d:54:ab:
d6:17:81:32:1e:d7:2a:a3:d3:26:5a:e1:c0:80:85:
a5:23:b3:b7:6d:30:7e:e7:39:9c:f9:c7:b8:9a:c8:
38:5f:99:60:83:86:56:cb:86:96:63:8f:43:86:5a:
54:79:00:3c:d9:b8:e6:9e:e8:c5:e9:fd:af:18:ca:
3f:8f:bb:d6:e6:d3:bf:6a:1c:a7:c1:64:ce:e5:ad:
83:4a:71:7c:53:45:dd:d7:a9:9c:c3:5e:aa:ca:12:
bb:f7:5e:f4:ae:1a:76:3b:ae:ea:10:c8:18:b2:bc:
89:88:a9:8e:aa:ca:66:3e:f7:32:13:f6:bf:43:c5:
ee:2d:da:b9:d1:bf:cf:76:8c:74:43:00:78:0c:44:
49:27:5d:8e:77:31:21:87:d4:c2:cf:c2:6b:5f:ac:
7e:38:8b:97:da:fa:b3:47:ad:bd:19:96:98:fe:d0:
ad:c4:00:b4:24:64:7f:1b:d7:d4:1a:45:f3:2d:26:
26:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:F0:42:AA:8F:60:4B:DB:CB:81:49:10:98:25:B9:55:6A:B4:7B:72
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/lvBCqo9gS9vLgUkQmCW5VWq0e3I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
aa:f6:a2:e4:1b:a5:db:1f:3a:31:9b:6e:8f:4f:38:9d:59:73:
3b:62:21:b0:7c:45:1d:3c:8e:42:da:50:bc:de:53:ba:98:6c:
5c:83:68:27:0b:71:51:cb:10:d6:a7:89:c5:cf:64:14:ad:e2:
f3:73:69:7e:2b:21:6a:66:cd:ab:a0:2c:02:51:30:9f:14:b0:
aa:f3:bc:18:f9:96:23:35:5b:d2:40:d7:39:2e:0f:eb:25:c8:
91:49:e1:09:5f:09:40:01:b8:b0:9f:eb:66:a5:cd:f3:d5:d9:
73:91:aa:8d:ba:bd:ef:aa:a4:46:ae:ab:0c:2a:fa:d8:f2:f8:
cf:ea:53:df:73:0e:cc:e0:76:2a:a6:88:d4:85:52:4f:2c:44:
db:34:d4:e5:00:0a:ad:97:b3:70:9e:6a:53:88:11:e2:ae:bd:
8f:ed:81:cb:e6:fa:53:ee:6e:fd:d9:9f:57:b4:c8:ce:a1:66:
8f:3a:4a:fb:e1:a6:e0:59:7e:6d:cf:60:c0:e5:6e:84:94:de:
59:14:5e:f2:28:a7:37:ed:1f:a0:dd:23:4f:3e:f1:ef:35:6e:
7a:21:55:82:cf:3f:f9:46:69:0c:07:e0:63:1b:e9:4e:62:f1:
78:9d:64:0c:b5:31:7b:e5:90:3b:6f:01:fa:85:1b:16:30:27:
6d:ba:be:73
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJQEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTEx
MjA5MDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk2RjA0MkFBOEY2MDRC
REJDQjgxNDkxMDk4MjVCOTU1NkFCNDdCNzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDZ4elxMjMtB5gWZf+i1eYVsnmwA5+35/vOtfH1SOaAbhHNyBAx
+28lCZiMrdC23oitJjiS6LtZklBFwoi/aheqr0Tnfd+G0l1Uq9YXgTIe1yqj0yZa
4cCAhaUjs7dtMH7nOZz5x7iayDhfmWCDhlbLhpZjj0OGWlR5ADzZuOae6MXp/a8Y
yj+Pu9bm079qHKfBZM7lrYNKcXxTRd3XqZzDXqrKErv3XvSuGnY7ruoQyBiyvImI
qY6qymY+9zIT9r9Dxe4t2rnRv892jHRDAHgMREknXY53MSGH1MLPwmtfrH44i5fa
+rNHrb0Zlpj+0K3EALQkZH8b19QaRfMtJiYjAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUlvBCqo9gS9vLgUkQmCW5VWq0e3IwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvbHZCQ3FvOWdTOXZM
Z1VrUW1DVzVWV3EwZTNJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAKr2ouQbpdsfOjGbbo9POJ1Zczti
IbB8RR08jkLaULzeU7qYbFyDaCcLcVHLENanicXPZBSt4vNzaX4rIWpmzaugLAJR
MJ8UsKrzvBj5liM1W9JA1zkuD+slyJFJ4QlfCUABuLCf62alzfPV2XORqo26ve+q
pEauqwwq+tjy+M/qU99zDszgdiqmiNSFUk8sRNs01OUACq2Xs3CealOIEeKuvY/t
gcvm+lPubv3Zn1e0yM6hZo86SvvhpuBZfm3PYMDlboSU3lkUXvIopzftH6DdI08+
8e81bnohVYLPP/lGaQwH4GMb6U5i8XidZAy1MXvlkDtvAfqFGxYwJ226vnM=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:36:54 2025 by rpki-client