Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/RLYRzx1P6LysfrpwWj6bS6_sekc.roa
File: RLYRzx1P6LysfrpwWj6bS6_sekc.roa (raw, json)
Hash identifier: z2LmGFaVHXVG3pDXoz4GFWFDF4DxdbEyCxGrr9znN5c=
Subject key identifier: 44:B6:11:CF:1D:4F:E8:BC:AC:7E:BA:70:5A:3E:9B:4B:AF:EC:7A:47
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 569D
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/RLYRzx1P6LysfrpwWj6bS6_sekc.roa
Signing time: Mon 08 Sep 2025 04:32:37 +0000
ROA not before: Mon 08 Sep 2025 04:32:37 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22173 (0x569d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Sep 8 04:32:37 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=44B611CF1D4FE8BCAC7EBA705A3E9B4BAFEC7A47
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:9d:e2:cd:7a:01:4c:ee:2c:73:1a:73:3b:e1:
16:1a:17:e3:d8:89:1c:18:64:e4:c4:80:90:ba:a2:
63:02:0e:c4:6b:92:52:4c:a5:a7:82:77:99:6d:c7:
52:3b:89:65:a7:96:ca:51:90:da:32:18:9d:88:7f:
39:45:a8:69:b9:fe:76:87:db:57:05:e5:7f:21:58:
2b:45:d8:26:af:1f:8d:1d:f1:47:a0:75:9b:a1:fe:
ab:ac:64:31:9d:39:61:ff:37:44:05:fd:40:49:2f:
9a:62:97:5a:20:06:d0:80:af:4d:93:00:20:19:5c:
6f:9c:58:c7:bc:5c:cc:00:dd:7b:d4:90:9d:e6:b1:
11:ad:0e:1a:ec:af:d3:6a:ad:ef:6a:41:67:64:d6:
ed:2b:b5:03:85:2b:44:c5:a8:59:5a:7a:bb:a5:d8:
c5:9f:db:b3:df:bb:b0:02:a5:e4:5d:85:f0:7e:fd:
27:8f:9c:21:ca:82:d1:e2:01:a1:f0:e8:3a:e6:f5:
ac:76:44:5e:37:f3:a5:bf:f3:55:5d:cd:d2:5a:a5:
9c:7c:ef:70:c0:93:61:a3:2f:9e:41:53:cf:7f:5a:
66:42:2a:ae:b8:e7:1d:b1:4c:d3:ae:30:7f:ad:63:
20:29:a0:33:39:0c:ea:ff:ad:16:54:87:2c:2c:79:
7d:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:B6:11:CF:1D:4F:E8:BC:AC:7E:BA:70:5A:3E:9B:4B:AF:EC:7A:47
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/RLYRzx1P6LysfrpwWj6bS6_sekc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
04:14:0f:cd:0f:f9:6d:83:3b:f3:5e:1b:b7:6c:d4:01:16:96:
1a:87:7e:1d:38:b8:85:0f:b8:27:ef:54:72:56:09:1e:b8:f4:
54:91:00:f6:53:5a:0c:1a:83:8f:02:e7:f9:88:ad:b4:18:e0:
75:87:f2:ec:61:e0:de:bf:3f:6d:ce:f6:b9:91:fa:b5:8d:b9:
fb:f0:eb:c6:2c:92:f3:e4:54:ad:8a:d8:00:03:75:fa:6f:d8:
66:dd:78:2f:06:ed:76:fa:96:1c:15:83:84:5d:5d:42:1a:db:
88:b4:bc:75:9e:ef:5d:1d:cd:35:97:3c:d9:e8:7b:9a:38:af:
43:e8:0f:33:09:3e:46:8d:cc:8e:c9:d7:43:cc:81:ad:4f:1a:
5f:73:eb:5c:b0:ea:c4:58:f3:cd:82:54:cf:b2:1d:3b:fa:cd:
ef:23:a4:32:7a:d5:00:bf:73:42:69:ff:d9:1f:57:5b:7d:b3:
55:60:95:f1:4e:c1:21:bb:f3:b6:73:f7:01:25:38:78:1e:bf:
59:d8:00:0a:9e:9b:a7:f3:5b:40:54:a5:a8:3e:7a:c8:72:4a:
89:37:b1:44:5d:67:80:6b:5e:90:c3:99:74:ab:3e:e5:3c:9b:
f3:55:92:67:e0:a3:71:ec:22:2a:a8:d5:d1:dc:b1:08:8b:9b:
2f:17:70:4f
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICVp0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA5MDgw
NDMyMzdaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDQ0QjYxMUNGMUQ0RkU4
QkNBQzdFQkE3MDVBM0U5QjRCQUZFQzdBNDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKneLNegFM7ixzGnM74RYaF+PYiRwYZOTEgJC6omMCDsRrklJM
paeCd5ltx1I7iWWnlspRkNoyGJ2IfzlFqGm5/naH21cF5X8hWCtF2CavH40d8Ueg
dZuh/qusZDGdOWH/N0QF/UBJL5pil1ogBtCAr02TACAZXG+cWMe8XMwA3XvUkJ3m
sRGtDhrsr9Nqre9qQWdk1u0rtQOFK0TFqFlaerul2MWf27Pfu7ACpeRdhfB+/SeP
nCHKgtHiAaHw6Drm9ax2RF4386W/81VdzdJapZx873DAk2GjL55BU89/WmZCKq64
5x2xTNOuMH+tYyApoDM5DOr/rRZUhywseX17AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQURLYRzx1P6LysfrpwWj6bS6/sekcwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvUkxZUnp4MVA2THlz
ZnJwd1dqNmJTNl9zZWtjLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAAQUD80P+W2DO/NeG7ds1AEWlhqH
fh04uIUPuCfvVHJWCR649FSRAPZTWgwag48C5/mIrbQY4HWH8uxh4N6/P23O9rmR
+rWNufvw68YskvPkVK2K2AADdfpv2GbdeC8G7Xb6lhwVg4RdXUIa24i0vHWe710d
zTWXPNnoe5o4r0PoDzMJPkaNzI7J10PMga1PGl9z61yw6sRY882CVM+yHTv6ze8j
pDJ61QC/c0Jp/9kfV1t9s1VglfFOwSG787Zz9wElOHgev1nYAAqem6fzW0BUpag+
eshySok3sURdZ4BrXpDDmXSrPuU8m/NVkmfgo3HsIiqo1dHcsQiLmy8XcE8=
-----END CERTIFICATE-----
Generated at Tue Sep 9 03:40:11 2025 by rpki-client