Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/nTZ-ldFQ0hILGqx6k4xLaxBU6kk.roa
File: nTZ-ldFQ0hILGqx6k4xLaxBU6kk.roa (raw, json)
Hash identifier: Ya+IZwuI7kqztyFBTm0CnWrRC8aBXiD2BAnPtFpcBFk=
Subject key identifier: 9D:36:7E:95:D1:50:D2:12:0B:1A:AC:7A:93:8C:4B:6B:10:54:EA:49
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 25E9
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/nTZ-ldFQ0hILGqx6k4xLaxBU6kk.roa
Signing time: Fri 13 Jun 2025 02:45:47 +0000
ROA not before: Fri 13 Jun 2025 02:45:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9705 (0x25e9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 02:45:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9D367E95D150D2120B1AAC7A938C4B6B1054EA49
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:f3:16:70:b7:9f:91:9b:1c:90:3e:65:9a:b0:
c4:f7:8b:27:4f:28:e1:b3:67:77:09:b0:94:08:09:
3c:ba:91:bf:a3:42:73:08:3e:eb:d1:5f:44:a2:d6:
2f:e0:ec:11:83:ad:6b:52:78:d8:b1:91:0f:09:a9:
a1:cc:e1:8d:60:8e:4d:a3:7c:82:ea:35:2a:63:d2:
ec:a6:74:6c:b5:e5:d9:a8:f9:b0:b0:b0:ba:d9:44:
fb:51:9e:c6:d3:8c:d3:ed:eb:57:8a:71:97:e1:00:
49:47:10:6e:3a:79:c8:3b:e8:38:ff:ad:e5:25:cc:
3c:2f:66:4e:12:55:b5:d2:c7:66:be:02:19:87:ab:
68:a6:b0:55:83:76:72:93:6c:1d:57:b6:33:96:fa:
18:e4:c6:3f:f9:2e:6d:e1:f1:d7:a9:3c:18:fe:6f:
3b:e2:b3:8f:ea:3a:e6:21:73:b5:85:26:0c:4a:33:
7b:11:21:59:c9:f9:5f:7f:ac:5f:d5:e0:e0:c9:97:
23:9c:2f:ab:cc:e9:4f:ff:f6:d8:72:6a:b3:6f:a2:
80:bc:58:b8:ba:50:66:74:7e:87:3a:4a:2a:44:5e:
71:be:83:44:ad:8c:16:5f:f4:2a:49:75:b7:35:62:
54:1b:dc:36:6b:4e:56:77:18:0d:71:d7:d5:e3:4b:
67:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:36:7E:95:D1:50:D2:12:0B:1A:AC:7A:93:8C:4B:6B:10:54:EA:49
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/nTZ-ldFQ0hILGqx6k4xLaxBU6kk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
74:be:9a:c0:8c:89:26:1b:82:0f:1c:47:71:ee:c9:c4:92:f9:
89:b4:85:6a:b4:83:ef:50:8d:80:93:a6:22:eb:1b:45:de:fd:
c4:78:7e:15:27:15:30:2a:31:f4:7a:e3:20:89:4b:8b:04:b8:
a5:ec:33:fd:5e:1e:c7:2c:c9:a2:29:c8:ff:01:66:01:91:2c:
88:dc:a9:fd:31:a7:24:09:60:74:eb:31:4d:cc:e1:00:56:ec:
f9:00:0f:76:c2:f0:b8:b2:09:cd:5b:03:27:2e:d3:58:56:9e:
5f:25:9f:e5:da:e5:c7:f1:a7:26:8a:f3:e6:45:50:01:2f:da:
21:43:2e:83:59:a0:8f:02:d1:29:31:4e:33:a3:2d:ea:26:ef:
98:da:d7:49:0f:f4:ff:e4:c5:a1:70:3e:5c:c4:7a:fd:7a:26:
7a:42:58:3a:5a:de:40:b2:4f:2d:cc:91:21:2c:76:08:9f:9a:
2d:1e:fd:66:04:5c:20:29:4a:bd:e9:c1:4c:a7:0d:58:ec:8f:
4c:b0:c0:a1:8f:f9:b2:63:bd:e8:0e:2e:c8:2a:77:42:0c:e0:
0c:e5:84:cc:03:8e:1f:a1:0c:5d:ec:7e:d3:ec:9f:90:70:11:
2a:70:1b:a9:45:ea:48:b3:a6:58:d3:58:8b:cd:a6:84:62:69:
e0:a4:aa:b7
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJekwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMw
MjQ1NDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDlEMzY3RTk1RDE1MEQy
MTIwQjFBQUM3QTkzOEM0QjZCMTA1NEVBNDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC58xZwt5+RmxyQPmWasMT3iydPKOGzZ3cJsJQICTy6kb+jQnMI
PuvRX0Si1i/g7BGDrWtSeNixkQ8JqaHM4Y1gjk2jfILqNSpj0uymdGy15dmo+bCw
sLrZRPtRnsbTjNPt61eKcZfhAElHEG46ecg76Dj/reUlzDwvZk4SVbXSx2a+AhmH
q2imsFWDdnKTbB1XtjOW+hjkxj/5Lm3h8depPBj+bzvis4/qOuYhc7WFJgxKM3sR
IVnJ+V9/rF/V4ODJlyOcL6vM6U//9thyarNvooC8WLi6UGZ0foc6SipEXnG+g0St
jBZf9CpJdbc1YlQb3DZrTlZ3GA1x19XjS2ffAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUnTZ+ldFQ0hILGqx6k4xLaxBU6kkwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvblRaLWxkRlEwaElM
R3F4Nms0eExheEJVNmtrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAHS+msCMiSYbgg8cR3HuycSS+Ym0
hWq0g+9QjYCTpiLrG0Xe/cR4fhUnFTAqMfR64yCJS4sEuKXsM/1eHscsyaIpyP8B
ZgGRLIjcqf0xpyQJYHTrMU3M4QBW7PkAD3bC8LiyCc1bAycu01hWnl8ln+Xa5cfx
pyaK8+ZFUAEv2iFDLoNZoI8C0SkxTjOjLeom75ja10kP9P/kxaFwPlzEev16JnpC
WDpa3kCyTy3MkSEsdgifmi0e/WYEXCApSr3pwUynDVjsj0ywwKGP+bJjvegOLsgq
d0IM4AzlhMwDjh+hDF3sftPsn5BwESpwG6lF6kizpljTWIvNpoRiaeCkqrc=
-----END CERTIFICATE-----
Generated at Sat Jun 21 00:51:09 2025 by rpki-client