Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/uLIzXVG4POV8fSfn_a2Cw8Mgk9I.roa
File: uLIzXVG4POV8fSfn_a2Cw8Mgk9I.roa (raw, json)
Hash identifier: lxtbyVUZGLYmOIL8jUz8GXRgQx35ihxmMq4nI6aLdHU=
Subject key identifier: B8:B2:33:5D:51:B8:3C:E5:7C:7D:27:E7:FD:AD:82:C3:C3:20:93:D2
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1F68
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/uLIzXVG4POV8fSfn_a2Cw8Mgk9I.roa
Signing time: Sun 01 Jun 2025 13:08:43 +0000
ROA not before: Sun 01 Jun 2025 13:08:43 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8040 (0x1f68)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 1 13:08:43 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B8B2335D51B83CE57C7D27E7FDAD82C3C32093D2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:29:a6:96:0a:83:ea:c0:5a:30:49:ed:fb:51:
53:7b:7a:56:7b:c6:7a:36:1e:c3:61:49:0d:30:1f:
6b:ec:98:47:ef:ee:e6:95:81:3e:8e:b1:c8:71:7b:
4d:39:13:4d:26:e4:5d:32:5b:1f:a3:ea:7d:96:2b:
10:6c:fb:d0:a8:41:2a:45:21:e1:49:a8:f4:5a:37:
7d:21:77:f4:f6:b4:3c:1d:2c:d9:d7:b7:2b:7f:7a:
37:ad:7b:29:ac:5b:03:6f:85:1f:6c:1c:d6:37:3a:
af:36:01:71:6f:8f:80:78:12:43:e4:d4:c2:24:78:
a7:86:27:69:af:47:28:88:67:20:4e:22:4a:38:62:
0f:69:65:7b:ec:c3:69:32:28:80:6b:11:0c:ad:15:
50:d3:ad:b8:ee:32:54:29:d7:87:ba:da:c4:3e:cd:
4d:cc:86:79:42:f3:1a:7b:14:79:d5:99:47:b0:a7:
91:be:1b:79:7d:b1:29:e4:d9:5a:64:d0:fd:66:78:
31:53:4a:bd:c0:cd:6c:37:80:4f:90:d2:6d:96:e0:
0f:a3:78:43:6d:7e:bf:d8:9b:f0:79:ed:c9:b2:d8:
2b:7d:6d:d3:f0:12:9b:a1:b4:50:6c:05:b0:59:1d:
94:96:b7:b8:a8:d7:d5:86:e9:45:42:85:ec:b2:e3:
30:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:B2:33:5D:51:B8:3C:E5:7C:7D:27:E7:FD:AD:82:C3:C3:20:93:D2
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/uLIzXVG4POV8fSfn_a2Cw8Mgk9I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
89:03:9c:9f:df:dd:83:17:69:00:9a:27:da:ee:21:b9:dd:90:
70:af:b9:a1:cd:75:7f:ea:08:9b:49:8f:4b:d0:ff:1b:f0:c1:
d5:df:cc:d5:1c:b4:45:eb:fa:07:1d:f1:e2:f1:94:01:19:a2:
41:49:29:37:24:d6:05:cc:f2:b1:0f:76:48:ea:5b:09:f9:fa:
4a:f2:98:62:41:1e:55:17:79:2a:fa:49:33:5f:b9:d4:08:19:
b8:ff:41:61:8f:d6:6b:43:3d:be:f9:08:bc:24:d0:3a:de:af:
02:67:37:62:7d:1e:f1:db:f9:36:43:1b:1e:e5:88:d9:47:09:
c8:eb:29:25:36:4f:f1:f6:a0:33:75:a8:ed:d2:ba:ed:4f:a3:
86:04:0f:7e:10:0c:5d:e0:14:9f:ed:7d:e1:2b:a2:21:83:f9:
42:4c:2d:dd:f5:cb:8a:f9:71:b0:da:31:0a:4a:be:e8:28:4c:
ee:51:ed:86:96:4d:da:4f:a7:36:b1:62:ea:f3:ba:8f:93:8c:
8d:9e:62:f7:6e:2f:90:02:e7:8e:26:87:a7:df:64:9c:e6:50:
4f:1e:d3:69:85:08:3c:17:c7:de:10:d8:0c:b6:96:6e:13:36:
3e:93:be:c5:a3:0a:57:0f:9b:53:d5:68:2b:21:da:98:ae:25:
7c:69:2a:66
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICH2gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDEx
MzA4NDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI4QjIzMzVENTFCODND
RTU3QzdEMjdFN0ZEQUQ4MkMzQzMyMDkzRDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhKaaWCoPqwFowSe37UVN7elZ7xno2HsNhSQ0wH2vsmEfv7uaV
gT6Oschxe005E00m5F0yWx+j6n2WKxBs+9CoQSpFIeFJqPRaN30hd/T2tDwdLNnX
tyt/ejeteymsWwNvhR9sHNY3Oq82AXFvj4B4EkPk1MIkeKeGJ2mvRyiIZyBOIko4
Yg9pZXvsw2kyKIBrEQytFVDTrbjuMlQp14e62sQ+zU3MhnlC8xp7FHnVmUewp5G+
G3l9sSnk2Vpk0P1meDFTSr3AzWw3gE+Q0m2W4A+jeENtfr/Ym/B57cmy2Ct9bdPw
EpuhtFBsBbBZHZSWt7io19WG6UVCheyy4zAhAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUuLIzXVG4POV8fSfn/a2Cw8Mgk9IwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvdUxJelhWRzRQT1Y4
ZlNmbl9hMkN3OE1nazlJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAIkDnJ/f3YMXaQCaJ9ruIbndkHCv
uaHNdX/qCJtJj0vQ/xvwwdXfzNUctEXr+gcd8eLxlAEZokFJKTck1gXM8rEPdkjq
Wwn5+krymGJBHlUXeSr6STNfudQIGbj/QWGP1mtDPb75CLwk0DrerwJnN2J9HvHb
+TZDGx7liNlHCcjrKSU2T/H2oDN1qO3Suu1Po4YED34QDF3gFJ/tfeEroiGD+UJM
Ld31y4r5cbDaMQpKvugoTO5R7YaWTdpPpzaxYurzuo+TjI2eYvduL5AC544mh6ff
ZJzmUE8e02mFCDwXx94Q2Ay2lm4TNj6TvsWjClcPm1PVaCsh2piuJXxpKmY=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:54:32 2025 by rpki-client