Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/zeuD-MZJG8x7SaCq-lZTSbHnhyo.roa
File: zeuD-MZJG8x7SaCq-lZTSbHnhyo.roa (raw, json)
Hash identifier: L9OBTbHzMElh3EYE0ek9vK53noo3pn65fCEnlsU5zOM=
Subject key identifier: CD:EB:83:F8:C6:49:1B:CC:7B:49:A0:AA:FA:56:53:49:B1:E7:87:2A
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 260C
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/zeuD-MZJG8x7SaCq-lZTSbHnhyo.roa
Signing time: Fri 13 Jun 2025 08:39:13 +0000
ROA not before: Fri 13 Jun 2025 08:39:13 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9740 (0x260c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 08:39:13 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CDEB83F8C6491BCC7B49A0AAFA565349B1E7872A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:ca:af:de:22:65:7e:ba:a4:1b:a9:6f:e2:57:
b3:18:66:1b:4b:15:a2:96:96:19:bb:7b:4e:18:1b:
89:80:11:2f:e2:29:25:8c:a7:b6:0e:20:1e:77:ea:
34:2c:d3:10:fb:8b:07:ab:b7:7b:e0:18:f5:08:3d:
f7:1e:68:3a:16:1f:7a:a2:7c:11:70:6a:b1:24:ae:
d5:40:75:a1:e4:ad:54:d3:e4:f2:d7:5a:71:49:e8:
a6:4a:eb:49:b7:22:d8:1c:bb:ef:20:cd:83:a3:26:
19:21:ce:57:9d:bb:75:48:d4:02:4c:5c:47:d8:6d:
26:e4:7d:74:47:38:68:e6:37:2a:89:ee:fa:54:c8:
32:70:d1:7c:50:fe:5c:12:cb:0c:f3:24:32:0c:33:
8b:7b:af:87:96:2b:ba:cb:bd:48:4e:5e:86:51:f7:
f0:8d:2b:57:98:c2:99:36:c4:f2:25:15:7f:4d:47:
62:86:4e:f1:9a:51:6f:07:47:bf:d9:ae:d2:0b:d9:
91:b1:2f:e2:8f:8f:81:a9:4e:2e:23:ca:8d:d9:a1:
aa:63:13:8b:fd:a0:2b:fa:16:f6:d9:de:8d:18:23:
17:2a:6b:95:fe:c6:c7:fc:fb:54:e5:2d:9d:35:14:
66:0f:1b:d0:e9:01:85:d1:c5:73:37:f9:42:4a:82:
c8:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:EB:83:F8:C6:49:1B:CC:7B:49:A0:AA:FA:56:53:49:B1:E7:87:2A
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/zeuD-MZJG8x7SaCq-lZTSbHnhyo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
54:22:27:ef:1c:14:b4:6d:bb:1b:6d:2e:2e:d1:ff:f7:d8:00:
74:a0:3e:07:b4:34:2b:76:62:31:d2:9b:a3:f1:ce:6f:1f:81:
02:b3:12:c1:80:5b:65:b5:b5:1f:2d:df:83:0b:ad:ca:74:f6:
a2:dd:a9:2c:72:62:bd:5a:bc:26:0a:9a:14:9a:77:4c:3f:28:
f9:80:b5:c5:d9:bd:2b:cf:39:08:6e:17:33:c4:1f:4e:ed:c5:
a0:bd:16:97:64:24:fd:72:de:0d:17:7f:e7:f7:d0:a9:8b:92:
aa:47:27:72:fb:b8:bc:12:b4:e7:e2:ac:b6:b2:79:9b:36:8e:
67:1b:5f:39:ab:08:ae:c6:a0:4c:1f:c5:76:eb:dc:4c:70:72:
60:ae:b7:e3:10:f6:77:59:df:36:d8:f5:64:20:9f:12:3a:7f:
59:d4:64:5d:b3:0b:b8:08:c9:14:3d:ac:a8:52:4b:eb:24:d5:
aa:2d:2c:78:cb:f4:b6:86:9a:de:dc:cb:41:73:a1:31:8e:3d:
dd:dc:16:7e:9c:a7:0d:d1:7a:65:1d:6e:d2:33:9d:56:65:ed:
fb:2c:b2:a8:5a:57:92:3a:cf:57:0c:11:e3:6d:99:d3:65:6f:
1a:c0:79:44:bd:64:22:8f:e9:42:f0:c8:99:b7:77:e7:3a:fd:
a5:ee:13:a1
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJgwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMw
ODM5MTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENERUI4M0Y4QzY0OTFC
Q0M3QjQ5QTBBQUZBNTY1MzQ5QjFFNzg3MkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1yq/eImV+uqQbqW/iV7MYZhtLFaKWlhm7e04YG4mAES/iKSWM
p7YOIB536jQs0xD7iwert3vgGPUIPfceaDoWH3qifBFwarEkrtVAdaHkrVTT5PLX
WnFJ6KZK60m3Itgcu+8gzYOjJhkhzledu3VI1AJMXEfYbSbkfXRHOGjmNyqJ7vpU
yDJw0XxQ/lwSywzzJDIMM4t7r4eWK7rLvUhOXoZR9/CNK1eYwpk2xPIlFX9NR2KG
TvGaUW8HR7/ZrtIL2ZGxL+KPj4GpTi4jyo3ZoapjE4v9oCv6FvbZ3o0YIxcqa5X+
xsf8+1TlLZ01FGYPG9DpAYXRxXM3+UJKgsh1AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUzeuD+MZJG8x7SaCq+lZTSbHnhyowHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvemV1RC1NWkpHOHg3
U2FDcS1sWlRTYkhuaHlvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAFQiJ+8cFLRtuxttLi7R//fYAHSg
Pge0NCt2YjHSm6Pxzm8fgQKzEsGAW2W1tR8t34MLrcp09qLdqSxyYr1avCYKmhSa
d0w/KPmAtcXZvSvPOQhuFzPEH07txaC9FpdkJP1y3g0Xf+f30KmLkqpHJ3L7uLwS
tOfirLayeZs2jmcbXzmrCK7GoEwfxXbr3ExwcmCut+MQ9ndZ3zbY9WQgnxI6f1nU
ZF2zC7gIyRQ9rKhSS+sk1aotLHjL9LaGmt7cy0FzoTGOPd3cFn6cpw3RemUdbtIz
nVZl7fsssqhaV5I6z1cMEeNtmdNlbxrAeUS9ZCKP6ULwyJm3d+c6/aXuE6E=
-----END CERTIFICATE-----
Generated at Sat Jun 21 03:27:57 2025 by rpki-client