Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/ppLv-1lX2dvpAsy15vWXhsWig3o.roa
File: ppLv-1lX2dvpAsy15vWXhsWig3o.roa (raw, json)
Hash identifier: KqcFjN6DLfKSroihdETRi/tN+OHVnBjoV+AsS6PqG9g=
Subject key identifier: A6:92:EF:FB:59:57:D9:DB:E9:02:CC:B5:E6:F5:97:86:C5:A2:83:7A
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2571
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ppLv-1lX2dvpAsy15vWXhsWig3o.roa
Signing time: Thu 12 Jun 2025 06:39:13 +0000
ROA not before: Thu 12 Jun 2025 06:39:13 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9585 (0x2571)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 06:39:13 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A692EFFB5957D9DBE902CCB5E6F59786C5A2837A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:44:6f:10:46:7a:28:8b:0d:30:7b:df:1c:56:
26:65:aa:c9:cd:ee:0a:6e:dc:a0:ae:e6:99:29:79:
dd:b6:73:40:bc:6d:13:53:e9:98:9b:ef:53:19:89:
85:0d:00:ff:a2:a4:08:7d:e7:44:82:58:16:a5:16:
33:a3:db:a9:d8:a3:f2:74:5a:c9:52:12:91:43:67:
dc:c9:d1:64:1b:92:02:70:b0:02:64:92:37:9e:ab:
dd:5c:b9:32:39:b8:30:a2:d9:d7:75:4e:74:4d:91:
ae:f9:1b:9d:36:a3:1e:8f:f3:30:0f:5a:ad:d2:8f:
cf:27:86:d2:74:0c:9c:12:e9:6f:a1:37:d5:04:29:
bf:80:f7:de:24:65:21:f0:75:cd:a9:0c:f1:7c:cb:
b1:cf:6b:68:6f:67:0f:b9:53:f2:3a:36:4b:c5:16:
99:21:82:26:f4:8e:38:a3:ac:71:8f:e4:f9:80:f4:
d1:ed:15:c5:d2:72:74:75:72:14:f0:c9:9f:cc:85:
1e:d4:2c:ea:5d:7d:56:22:40:55:33:bd:fc:42:0f:
a5:54:40:ec:4a:8a:81:3b:81:7d:35:c4:c7:dd:c1:
6e:8e:cc:59:53:8a:c1:c9:c9:de:c7:c8:74:d9:52:
c5:a5:7f:26:17:2c:bf:a8:e6:fe:f9:8e:e5:02:2c:
56:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:92:EF:FB:59:57:D9:DB:E9:02:CC:B5:E6:F5:97:86:C5:A2:83:7A
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ppLv-1lX2dvpAsy15vWXhsWig3o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
b6:14:27:c9:db:27:2e:d7:a7:5d:e4:ad:1a:43:5e:c2:1a:7a:
06:6d:3f:4b:68:85:1f:e6:12:63:a1:65:bf:c8:c6:c6:21:19:
5a:aa:44:df:f5:f6:a2:b5:51:d3:ce:3f:15:25:0e:ed:ad:b9:
ed:da:dc:85:3a:00:50:69:ed:8b:76:62:64:06:ea:89:ce:ad:
d8:bb:41:ab:e7:9a:64:5d:fc:1a:1b:4d:59:87:e0:bf:9c:a0:
69:87:a8:95:bf:7a:e3:00:a4:e8:6e:d6:a0:d0:03:a3:e6:11:
21:cf:19:26:f1:d0:53:f0:bb:d1:00:dd:16:98:50:82:e9:5b:
3c:d1:a5:42:a5:b5:de:b3:2c:95:97:ce:f5:81:4e:ec:55:c6:
86:0d:15:66:61:c9:d6:95:db:9d:38:af:74:8d:57:54:c5:32:
43:dc:66:7a:22:b8:3a:69:31:74:7a:08:e4:d4:90:48:20:9e:
64:36:1a:de:3f:43:15:66:0d:ca:64:dd:89:a3:b7:16:9f:77:
de:8c:55:36:b1:0b:f1:7b:ea:5f:83:8a:7d:54:62:42:92:fe:
99:ae:c9:f7:cc:31:79:e1:dd:38:c5:c4:4d:d3:69:10:f6:db:
f2:53:f6:62:ae:9a:07:02:66:de:66:f5:9c:e9:7e:b5:cc:b8:
01:06:7e:ff
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJXEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIw
NjM5MTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEE2OTJFRkZCNTk1N0Q5
REJFOTAyQ0NCNUU2RjU5Nzg2QzVBMjgzN0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSRG8QRnooiw0we98cViZlqsnN7gpu3KCu5pkped22c0C8bRNT
6Zib71MZiYUNAP+ipAh950SCWBalFjOj26nYo/J0WslSEpFDZ9zJ0WQbkgJwsAJk
kjeeq91cuTI5uDCi2dd1TnRNka75G502ox6P8zAPWq3Sj88nhtJ0DJwS6W+hN9UE
Kb+A994kZSHwdc2pDPF8y7HPa2hvZw+5U/I6NkvFFpkhgib0jjijrHGP5PmA9NHt
FcXScnR1chTwyZ/MhR7ULOpdfVYiQFUzvfxCD6VUQOxKioE7gX01xMfdwW6OzFlT
isHJyd7HyHTZUsWlfyYXLL+o5v75juUCLFavAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUppLv+1lX2dvpAsy15vWXhsWig3owHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvcHBMdi0xbFgyZHZw
QXN5MTV2V1hoc1dpZzNvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALYUJ8nbJy7Xp13krRpDXsIaegZt
P0tohR/mEmOhZb/IxsYhGVqqRN/19qK1UdPOPxUlDu2tue3a3IU6AFBp7Yt2YmQG
6onOrdi7QavnmmRd/BobTVmH4L+coGmHqJW/euMApOhu1qDQA6PmESHPGSbx0FPw
u9EA3RaYUILpWzzRpUKltd6zLJWXzvWBTuxVxoYNFWZhydaV2504r3SNV1TFMkPc
ZnoiuDppMXR6COTUkEggnmQ2Gt4/QxVmDcpk3Ymjtxafd96MVTaxC/F76l+Din1U
YkKS/pmuyffMMXnh3TjFxE3TaRD22/JT9mKumgcCZt5m9ZzpfrXMuAEGfv8=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:48:13 2025 by rpki-client