Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/S1b1QC-7Gd1YelgXPO2pZ0tIwnI.roa
File: S1b1QC-7Gd1YelgXPO2pZ0tIwnI.roa (raw, json)
Hash identifier: Lh14zV1oLfHMD4mzXC3dalPPWZ3FBceh1noY6QxG4GU=
Subject key identifier: 4B:56:F5:40:2F:BB:19:DD:58:7A:58:17:3C:ED:A9:67:4B:48:C2:72
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 4E2F
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/S1b1QC-7Gd1YelgXPO2pZ0tIwnI.roa
Signing time: Sun 24 Aug 2025 05:02:12 +0000
ROA not before: Sun 24 Aug 2025 05:02:12 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20015 (0x4e2f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Aug 24 05:02:12 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=4B56F5402FBB19DD587A58173CEDA9674B48C272
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:23:0e:0b:29:e5:d6:b6:aa:e0:40:f5:0e:2d:
1b:9c:c9:c2:b2:92:cd:18:de:cd:2b:63:f2:b0:f5:
7f:d2:27:97:8e:2f:11:85:21:60:03:b7:40:7a:b5:
5a:3a:99:82:c6:63:16:43:79:d9:1c:7d:2d:b6:5e:
ed:6a:4d:e1:03:60:6d:f7:54:aa:ff:07:a1:a3:f3:
39:86:c1:7a:2e:20:c4:b0:4b:bb:46:b5:e2:ab:f8:
c0:f2:1e:ec:8a:34:0e:15:dc:55:91:63:e3:2e:63:
18:4e:26:f3:fc:fb:62:ff:a0:bf:11:7d:e3:52:b9:
1e:56:8b:0c:d3:b8:c9:e4:95:2a:72:2f:11:e4:e0:
b9:3b:36:24:8b:8b:76:4b:06:21:7f:e9:ca:aa:a0:
3b:3c:53:7f:54:43:39:86:97:fb:31:0e:59:22:ef:
39:32:30:0b:7b:0b:d5:d1:16:27:ac:47:e8:b9:87:
fd:b7:bf:11:1b:02:46:e2:70:7e:c4:dc:54:e2:dd:
5a:fa:cf:21:2d:00:0b:8e:ec:4b:0e:8d:57:e6:eb:
13:4c:75:e9:c2:b7:e4:34:c7:30:b2:dd:db:e0:26:
c7:95:64:3c:ef:01:aa:89:8f:8d:3c:ed:d1:5e:b6:
bf:a8:87:7c:dd:e8:56:a7:3e:d4:fb:50:8a:c1:5c:
6b:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:56:F5:40:2F:BB:19:DD:58:7A:58:17:3C:ED:A9:67:4B:48:C2:72
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/S1b1QC-7Gd1YelgXPO2pZ0tIwnI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
23:60:d7:16:c9:0b:55:9f:fb:bd:03:45:96:5f:02:3d:9b:0b:
94:70:d8:0c:bb:0d:9a:40:50:4a:7a:e0:a9:66:75:a1:0e:6d:
8f:87:9b:8a:65:c1:d0:77:46:40:86:92:d4:c9:cc:cd:0e:b5:
19:cf:0a:3c:d5:20:41:4f:79:3b:b3:04:f8:5c:e9:e6:63:d5:
80:5d:ac:4d:60:25:85:f8:24:47:99:d5:30:a4:37:11:7c:35:
c2:ab:49:0d:f1:50:08:bc:b0:e3:2d:4f:67:ac:d4:a9:c0:e9:
ab:24:a5:28:87:49:58:8b:9b:10:d1:cc:23:66:04:ab:06:9a:
ba:48:f8:18:c3:da:53:98:d1:a6:74:de:f6:e9:ad:18:b7:fe:
88:82:cf:f1:08:75:64:2e:f7:2d:5b:7c:dc:0b:a4:a2:b4:e0:
0d:c7:9f:3f:bf:5d:98:b8:ec:c8:4b:30:35:78:d8:57:e0:f1:
ab:98:66:db:fd:d1:7b:f5:2a:e3:50:51:c8:77:1d:be:85:45:
30:15:30:81:cd:67:70:c1:f6:63:b3:4d:5f:6f:ba:cd:93:5d:
64:53:10:f5:87:39:08:3a:dc:6e:80:e3:5a:42:67:4d:e6:5a:
10:14:53:c0:70:11:76:91:98:54:37:20:23:5b:96:c6:7a:c0:
cc:e1:5d:64
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICTi8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA4MjQw
NTAyMTJaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDRCNTZGNTQwMkZCQjE5
REQ1ODdBNTgxNzNDRURBOTY3NEI0OEMyNzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5Iw4LKeXWtqrgQPUOLRucycKyks0Y3s0rY/Kw9X/SJ5eOLxGF
IWADt0B6tVo6mYLGYxZDedkcfS22Xu1qTeEDYG33VKr/B6Gj8zmGwXouIMSwS7tG
teKr+MDyHuyKNA4V3FWRY+MuYxhOJvP8+2L/oL8RfeNSuR5WiwzTuMnklSpyLxHk
4Lk7NiSLi3ZLBiF/6cqqoDs8U39UQzmGl/sxDlki7zkyMAt7C9XRFiesR+i5h/23
vxEbAkbicH7E3FTi3Vr6zyEtAAuO7EsOjVfm6xNMdenCt+Q0xzCy3dvgJseVZDzv
AaqJj4087dFetr+oh3zd6FanPtT7UIrBXGvRAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUS1b1QC+7Gd1YelgXPO2pZ0tIwnIwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvUzFiMVFDLTdHZDFZ
ZWxnWFBPMnBaMHRJd25JLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBACNg1xbJC1Wf+70DRZZfAj2bC5Rw
2Ay7DZpAUEp64KlmdaEObY+Hm4plwdB3RkCGktTJzM0OtRnPCjzVIEFPeTuzBPhc
6eZj1YBdrE1gJYX4JEeZ1TCkNxF8NcKrSQ3xUAi8sOMtT2es1KnA6askpSiHSViL
mxDRzCNmBKsGmrpI+BjD2lOY0aZ03vbprRi3/oiCz/EIdWQu9y1bfNwLpKK04A3H
nz+/XZi47MhLMDV42Ffg8auYZtv90Xv1KuNQUch3Hb6FRTAVMIHNZ3DB9mOzTV9v
us2TXWRTEPWHOQg63G6A41pCZ03mWhAUU8BwEXaRmFQ3ICNblsZ6wMzhXWQ=
-----END CERTIFICATE-----
Generated at Sun Aug 24 11:37:43 2025 by rpki-client