Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/nnRc1cKRq03eq9f1tsrUmPk_1fc.roa
File: nnRc1cKRq03eq9f1tsrUmPk_1fc.roa (raw, json)
Hash identifier: +nkWI6BoaLuZbpfUgFiglZn0EzK74sPBhPgP8GhHy7k=
Subject key identifier: 9E:74:5C:D5:C2:91:AB:4D:DE:AB:D7:F5:B6:CA:D4:98:F9:3F:D5:F7
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2364
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/nnRc1cKRq03eq9f1tsrUmPk_1fc.roa
Signing time: Sun 08 Jun 2025 15:08:56 +0000
ROA not before: Sun 08 Jun 2025 15:08:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9060 (0x2364)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 8 15:08:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9E745CD5C291AB4DDEABD7F5B6CAD498F93FD5F7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:96:66:49:ca:7c:1e:35:4e:08:2f:38:c1:14:
e0:b2:d9:e8:d9:3f:55:63:3b:ee:30:fe:0f:5b:84:
6c:5e:6c:7b:72:1e:6e:a5:dc:00:47:1b:aa:34:a8:
28:87:99:5e:ee:93:6a:d9:17:86:b3:c8:30:53:cc:
be:b6:19:78:a1:db:83:41:b6:3f:db:14:71:e5:3d:
82:f7:4d:80:59:1e:f8:cd:de:da:e5:5e:e6:61:d9:
cb:a2:ff:af:40:75:6f:ac:70:75:e4:b2:aa:5e:a9:
5f:fe:0c:4e:7f:35:f0:9f:32:98:7f:b9:c0:d5:72:
7a:3e:d6:86:66:18:99:2d:5e:b0:a0:1a:e1:77:fb:
22:9c:34:6e:e2:bb:17:da:6a:cd:a2:26:f6:b3:44:
e0:17:64:ff:23:3d:b6:eb:13:e7:0e:a0:9d:20:9b:
b4:ee:16:97:1c:7a:d1:49:73:08:b5:c5:3a:16:f9:
ff:6c:5c:eb:b4:7a:8e:b9:9b:6d:0a:04:74:8f:7c:
e2:60:42:d2:6b:d0:85:08:2a:4c:1a:66:e9:00:a3:
22:c3:41:5c:cc:9c:d5:9d:dd:c3:b6:dc:c4:46:f9:
fd:79:fb:45:9d:a2:74:1b:2b:e8:20:49:aa:ca:41:
ca:e5:0c:ff:24:c1:95:ea:8a:ff:12:d0:84:c1:e8:
e1:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:74:5C:D5:C2:91:AB:4D:DE:AB:D7:F5:B6:CA:D4:98:F9:3F:D5:F7
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/nnRc1cKRq03eq9f1tsrUmPk_1fc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
62:53:ea:79:ef:08:9d:19:5c:f2:d8:ee:6e:cb:29:a1:c3:81:
70:fd:7d:a8:89:08:6b:74:98:49:37:f1:97:e0:84:be:77:fd:
8f:d6:af:98:de:27:38:b2:b9:f9:52:47:69:73:fb:73:4e:b9:
7f:21:17:bd:af:85:6e:47:d1:fa:e0:a1:c4:2a:d6:53:e2:81:
fd:5b:8e:97:2d:43:c3:e6:23:53:0a:b2:3e:34:35:9f:2e:27:
d5:8f:63:74:4e:1e:52:54:f6:60:cf:98:7c:8b:90:0e:0f:60:
4d:7a:26:09:02:61:b4:35:fd:e8:7d:1e:60:8a:c7:b3:ce:24:
31:42:c4:b6:f2:38:f7:5d:ed:bd:f9:c8:78:fa:77:b1:e1:c2:
51:6a:04:df:31:30:3b:6e:9a:13:f0:dd:2d:54:2f:d3:9a:75:
a9:eb:55:81:0e:86:9e:c8:f0:4e:59:42:bf:0e:ab:93:b5:f3:
7a:5a:13:2f:5e:2d:ef:bc:be:ea:81:c6:06:c8:3a:13:66:06:
dd:40:a8:5d:bb:b7:2e:27:82:d7:5e:b6:b1:45:63:4f:b9:da:
ea:68:e1:1c:42:89:d3:2b:62:cd:c7:85:8b:9e:e9:ac:b6:77:
e4:f5:59:8a:61:ef:63:1e:0b:ec:f9:80:fa:09:44:4c:3d:cd:
78:53:36:cb
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICI2QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDgx
NTA4NTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDlFNzQ1Q0Q1QzI5MUFC
NERERUFCRDdGNUI2Q0FENDk4RjkzRkQ1RjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGlmZJynweNU4ILzjBFOCy2ejZP1VjO+4w/g9bhGxebHtyHm6l
3ABHG6o0qCiHmV7uk2rZF4azyDBTzL62GXih24NBtj/bFHHlPYL3TYBZHvjN3trl
XuZh2cui/69AdW+scHXksqpeqV/+DE5/NfCfMph/ucDVcno+1oZmGJktXrCgGuF3
+yKcNG7iuxfaas2iJvazROAXZP8jPbbrE+cOoJ0gm7TuFpccetFJcwi1xToW+f9s
XOu0eo65m20KBHSPfOJgQtJr0IUIKkwaZukAoyLDQVzMnNWd3cO23MRG+f15+0Wd
onQbK+ggSarKQcrlDP8kwZXqiv8S0ITB6OH1AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUnnRc1cKRq03eq9f1tsrUmPk/1fcwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvbm5SYzFjS1JxMDNl
cTlmMXRzclVtUGtfMWZjLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGJT6nnvCJ0ZXPLY7m7LKaHDgXD9
faiJCGt0mEk38ZfghL53/Y/Wr5jeJziyuflSR2lz+3NOuX8hF72vhW5H0frgocQq
1lPigf1bjpctQ8PmI1MKsj40NZ8uJ9WPY3ROHlJU9mDPmHyLkA4PYE16JgkCYbQ1
/eh9HmCKx7POJDFCxLbyOPdd7b35yHj6d7HhwlFqBN8xMDtumhPw3S1UL9Oadanr
VYEOhp7I8E5ZQr8Oq5O183paEy9eLe+8vuqBxgbIOhNmBt1AqF27ty4ngtdetrFF
Y0+52upo4RxCidMrYs3HhYue6ay2d+T1WYph72MeC+z5gPoJREw9zXhTNss=
-----END CERTIFICATE-----
Generated at Sat Jun 21 12:57:08 2025 by rpki-client