Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/-2erwtbhxuDEupXw0dGne6MJgcc.roa
File: -2erwtbhxuDEupXw0dGne6MJgcc.roa (raw, json)
Hash identifier: JFFqWnc5LKxtZjUBUv0rdx9AUCaDK9wwl5HJQr36Yqc=
Subject key identifier: FB:67:AB:C2:D6:E1:C6:E0:C4:BA:95:F0:D1:D1:A7:7B:A3:09:81:C7
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 24D1
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/-2erwtbhxuDEupXw0dGne6MJgcc.roa
Signing time: Wed 11 Jun 2025 04:09:11 +0000
ROA not before: Wed 11 Jun 2025 04:09:11 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9425 (0x24d1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 11 04:09:11 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FB67ABC2D6E1C6E0C4BA95F0D1D1A77BA30981C7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:97:20:59:67:c1:52:19:be:d5:61:c3:19:6a:
80:03:11:dc:21:86:4f:8c:a1:2d:55:13:4e:2d:fb:
00:3a:64:be:06:ac:c7:73:57:56:2a:12:d2:1c:e8:
a8:4c:25:28:67:77:71:6b:5c:e6:eb:1a:3c:c0:ee:
64:6c:41:58:19:cc:e3:8e:86:98:90:c3:e4:a8:a1:
dd:73:26:9e:31:d5:9c:e3:13:4e:85:e7:6d:c5:85:
97:58:81:5b:cc:8e:1e:93:63:67:80:3a:31:c5:58:
dc:2d:a0:5f:2d:94:27:f6:e4:40:ce:1f:ec:82:e6:
d4:0c:e6:96:1f:c3:2d:77:f7:0c:e8:f5:94:7b:0b:
40:9f:fb:ec:11:c4:39:f1:64:ac:c8:cb:ad:05:81:
e0:d2:28:d8:e1:64:66:ed:e0:88:35:27:21:08:82:
c7:1e:f4:d6:c1:7e:5a:64:9a:42:23:b9:3b:62:38:
96:28:7d:ff:bf:a0:18:2e:97:40:4b:ff:68:13:42:
c9:08:6f:44:36:a9:d5:17:fe:48:fc:69:51:fb:30:
1a:0d:7d:c7:d0:f9:90:02:7e:68:dc:6e:ba:b1:cc:
25:58:d2:8c:07:88:c1:31:7c:28:3c:b9:b0:61:34:
8f:83:57:ea:39:d6:40:e9:e5:f6:ca:8b:af:26:54:
6a:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:67:AB:C2:D6:E1:C6:E0:C4:BA:95:F0:D1:D1:A7:7B:A3:09:81:C7
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/-2erwtbhxuDEupXw0dGne6MJgcc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
bd:e5:26:4e:1e:66:8b:f8:f9:41:f8:da:9c:9b:74:ec:be:80:
5b:89:f5:df:ba:e6:3a:8b:5b:11:97:16:6b:dd:96:e3:63:07:
64:7c:d4:ad:f6:ef:f2:c1:bc:b0:98:60:56:a1:d6:52:9d:d1:
2e:80:a1:ae:9d:76:f4:85:5b:e5:8a:e6:91:34:fb:cd:09:c6:
26:19:05:fc:d9:85:aa:2c:77:2c:8e:a8:6b:c4:5c:1c:91:95:
05:9a:04:70:36:e2:80:5a:89:fe:83:c2:0d:ca:7d:ad:aa:40:
04:bf:25:13:55:e7:df:27:35:a1:02:1f:8a:69:38:9c:f3:3a:
ca:46:bc:43:65:f6:af:67:bc:b5:52:4c:01:16:60:c5:9b:88:
8f:08:c4:fa:b4:2c:2f:14:c0:01:53:be:df:05:d7:76:61:77:
74:de:65:2e:d7:03:69:0f:a0:3f:14:c2:cf:e1:62:fe:85:d8:
e8:1a:aa:99:4c:f0:5f:25:8e:c5:db:0c:d2:83:84:fe:e9:38:
a2:e9:12:1b:83:bc:06:02:05:28:95:5c:9e:1c:8b:f8:19:bc:
ad:ee:d0:28:23:2d:24:4d:72:58:1b:40:12:5d:2c:9a:f9:a6:
bf:83:6f:2d:6b:a9:e8:e0:ff:7b:b2:4a:2a:b7:fe:03:4b:43:
e2:cd:ff:12
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJNEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTEw
NDA5MTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZCNjdBQkMyRDZFMUM2
RTBDNEJBOTVGMEQxRDFBNzdCQTMwOTgxQzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtlyBZZ8FSGb7VYcMZaoADEdwhhk+MoS1VE04t+wA6ZL4GrMdz
V1YqEtIc6KhMJShnd3FrXObrGjzA7mRsQVgZzOOOhpiQw+Sood1zJp4x1ZzjE06F
523FhZdYgVvMjh6TY2eAOjHFWNwtoF8tlCf25EDOH+yC5tQM5pYfwy139wzo9ZR7
C0Cf++wRxDnxZKzIy60FgeDSKNjhZGbt4Ig1JyEIgsce9NbBflpkmkIjuTtiOJYo
ff+/oBgul0BL/2gTQskIb0Q2qdUX/kj8aVH7MBoNfcfQ+ZACfmjcbrqxzCVY0owH
iMExfCg8ubBhNI+DV+o51kDp5fbKi68mVGohAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU+2erwtbhxuDEupXw0dGne6MJgccwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvLTJlcnd0Ymh4dURF
dXBYdzBkR25lNk1KZ2NjLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAL3lJk4eZov4+UH42pybdOy+gFuJ
9d+65jqLWxGXFmvdluNjB2R81K327/LBvLCYYFah1lKd0S6Aoa6ddvSFW+WK5pE0
+80JxiYZBfzZhaosdyyOqGvEXByRlQWaBHA24oBaif6Dwg3Kfa2qQAS/JRNV598n
NaECH4ppOJzzOspGvENl9q9nvLVSTAEWYMWbiI8IxPq0LC8UwAFTvt8F13Zhd3Te
ZS7XA2kPoD8Uws/hYv6F2OgaqplM8F8ljsXbDNKDhP7pOKLpEhuDvAYCBSiVXJ4c
i/gZvK3u0CgjLSRNclgbQBJdLJr5pr+Dby1rqejg/3uySiq3/gNLQ+LN/xI=
-----END CERTIFICATE-----
Generated at Sun Jun 15 08:53:11 2025 by rpki-client