Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/lytTHqJeASNGPUwJh_6nK4_80UQ.roa
File: lytTHqJeASNGPUwJh_6nK4_80UQ.roa (raw, json)
Hash identifier: aL0pc2sq2O2anZvw2PjpFE3hwPMjWa6Ky7LCVp9B+BQ=
Subject key identifier: 97:2B:53:1E:A2:5E:01:23:46:3D:4C:09:87:FE:A7:2B:8F:FC:D1:44
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 256B
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/lytTHqJeASNGPUwJh_6nK4_80UQ.roa
Signing time: Thu 12 Jun 2025 05:39:15 +0000
ROA not before: Thu 12 Jun 2025 05:39:15 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9579 (0x256b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 05:39:15 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=972B531EA25E0123463D4C0987FEA72B8FFCD144
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:ae:4f:f6:a0:17:0f:4e:9c:cf:f9:d4:39:d1:
d1:96:70:fc:9f:21:0f:3d:ff:d6:3d:9b:28:6e:86:
20:d9:d2:b8:65:97:bc:1d:98:08:32:65:4c:df:c7:
6c:39:6d:7f:28:69:da:b5:ce:6c:f3:3a:a1:59:13:
44:0b:20:09:05:2a:d9:92:97:6a:c8:70:47:24:c7:
86:a8:c3:a0:a1:0a:d6:78:70:0d:9b:9f:86:44:f6:
d8:5f:4c:b8:4a:cb:f4:f2:52:18:49:f5:65:84:ad:
fb:32:55:47:f9:cd:e5:b0:35:7f:77:e2:e3:d8:ab:
6a:7b:c3:93:d6:4c:1e:1b:f3:f6:10:a0:f9:b4:3e:
38:5d:d2:ae:d1:e0:c3:0d:d9:19:ef:74:7f:17:6c:
10:35:ba:75:94:88:5f:f1:63:5c:bc:2d:d9:8e:b8:
a0:94:e5:a9:36:da:ae:3c:2a:fa:db:61:e4:f0:05:
85:bd:54:b2:7d:50:fd:5f:f9:3c:aa:81:ff:e7:07:
60:f7:ed:7d:68:44:5d:e4:fc:7e:50:41:a9:b0:96:
da:18:f9:33:d2:58:c7:a8:da:2e:4a:8f:04:79:48:
45:13:1c:d9:21:a5:0f:c0:d1:f0:f8:0e:13:56:c5:
c5:2d:30:8a:9b:a4:ce:1f:6e:13:4b:bd:e1:54:5b:
0c:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:2B:53:1E:A2:5E:01:23:46:3D:4C:09:87:FE:A7:2B:8F:FC:D1:44
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/lytTHqJeASNGPUwJh_6nK4_80UQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
57:36:f8:ad:fc:38:32:a6:f4:c7:e2:c3:16:85:43:55:5f:4f:
35:21:a7:ff:9c:1e:0e:e8:7f:40:07:91:4b:8c:66:90:47:55:
a6:b5:da:84:73:6e:45:21:6e:cc:22:13:cd:af:75:57:cd:3b:
92:39:8c:1a:28:ce:e3:9e:5d:97:63:6c:76:85:81:39:bc:67:
e2:af:a2:52:ab:09:18:21:62:90:70:f4:56:18:aa:bd:94:09:
91:65:03:67:ed:01:8a:1c:5d:4c:20:6e:1c:f7:82:16:6f:56:
c9:f8:70:29:83:37:9e:91:4d:f6:94:2e:0d:a1:8f:fe:9b:d5:
94:30:d3:2e:ea:04:40:8e:9d:b5:23:fa:2a:86:77:cb:c7:a6:
2c:dd:33:ba:3e:66:e6:f2:20:a2:e6:ac:27:f3:8d:2a:87:4a:
6f:e6:2c:b0:64:76:9c:42:23:aa:d7:17:96:16:09:c4:58:91:
2a:84:50:f8:54:76:27:da:e0:ac:6f:50:fe:ff:16:77:61:0d:
f5:ea:b4:fc:8c:f9:11:82:d8:73:c3:3f:9c:f2:5a:6c:fc:d4:
07:56:db:21:c0:59:f9:55:46:c0:4b:b0:73:a4:0e:59:b5:2c:
4c:27:08:3b:da:39:20:40:e0:f4:b4:8c:c8:2b:9f:9c:f8:be:
83:b1:93:14
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJWswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIw
NTM5MTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDk3MkI1MzFFQTI1RTAx
MjM0NjNENEMwOTg3RkVBNzJCOEZGQ0QxNDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2rk/2oBcPTpzP+dQ50dGWcPyfIQ89/9Y9myhuhiDZ0rhll7wd
mAgyZUzfx2w5bX8oadq1zmzzOqFZE0QLIAkFKtmSl2rIcEckx4aow6ChCtZ4cA2b
n4ZE9thfTLhKy/TyUhhJ9WWErfsyVUf5zeWwNX934uPYq2p7w5PWTB4b8/YQoPm0
Pjhd0q7R4MMN2RnvdH8XbBA1unWUiF/xY1y8LdmOuKCU5ak22q48KvrbYeTwBYW9
VLJ9UP1f+Tyqgf/nB2D37X1oRF3k/H5QQamwltoY+TPSWMeo2i5KjwR5SEUTHNkh
pQ/A0fD4DhNWxcUtMIqbpM4fbhNLveFUWwwvAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUlytTHqJeASNGPUwJh/6nK4/80UQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvbHl0VEhxSmVBU05H
UFV3SmhfNm5LNF84MFVRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAFc2+K38ODKm9MfiwxaFQ1VfTzUh
p/+cHg7of0AHkUuMZpBHVaa12oRzbkUhbswiE82vdVfNO5I5jBoozuOeXZdjbHaF
gTm8Z+KvolKrCRghYpBw9FYYqr2UCZFlA2ftAYocXUwgbhz3ghZvVsn4cCmDN56R
TfaULg2hj/6b1ZQw0y7qBECOnbUj+iqGd8vHpizdM7o+ZubyIKLmrCfzjSqHSm/m
LLBkdpxCI6rXF5YWCcRYkSqEUPhUdifa4KxvUP7/FndhDfXqtPyM+RGC2HPDP5zy
Wmz81AdW2yHAWflVRsBLsHOkDlm1LEwnCDvaOSBA4PS0jMgrn5z4voOxkxQ=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:29:57 2025 by rpki-client