Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/-TO4c4yGDbh_boyXcNGxGb9-K1A.roa
File: -TO4c4yGDbh_boyXcNGxGb9-K1A.roa (raw, json)
Hash identifier: hBoqSnGKfjHvhjhrbykxZxAfqKhxYSFc1bNbNMRA4fw=
Subject key identifier: F9:33:B8:73:8C:86:0D:B8:7F:6E:8C:97:70:D1:B1:19:BF:7E:2B:50
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 26D2
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/-TO4c4yGDbh_boyXcNGxGb9-K1A.roa
Signing time: Sat 14 Jun 2025 17:39:18 +0000
ROA not before: Sat 14 Jun 2025 17:39:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9938 (0x26d2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 14 17:39:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F933B8738C860DB87F6E8C9770D1B119BF7E2B50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:89:b0:73:25:6e:c6:d7:e5:20:b5:db:80:91:
8f:2a:9f:ec:eb:a4:36:dc:b7:86:a7:08:c9:74:28:
6a:d3:3f:24:82:21:1e:27:5a:c6:9d:7d:5f:f6:13:
a8:22:5f:38:80:e9:60:eb:d3:c5:89:cd:c8:ac:f7:
d9:6f:b1:00:78:e5:86:35:5c:28:0b:80:79:c6:10:
51:47:82:ca:a1:17:3e:fd:93:38:7d:2b:e5:41:e0:
15:b9:3a:de:cc:e5:39:c3:68:7f:9b:0b:f9:25:9c:
e3:83:55:37:cd:2b:87:77:33:cc:9f:02:03:d9:e7:
9f:df:c1:86:4a:d1:2d:fd:71:78:d1:61:9e:de:8b:
fc:7e:eb:84:57:a3:0e:5c:a9:bc:e7:70:84:d2:b4:
a3:c0:ea:ec:a8:ec:6e:f2:85:2d:93:ac:c8:be:5d:
48:54:d9:9c:7e:2b:91:a1:27:04:90:c4:ed:8b:0a:
4d:5b:5c:5c:52:d6:35:7b:4f:60:59:40:e1:d0:41:
6b:b1:6b:aa:a2:0a:50:1e:81:fa:83:be:a4:cd:4a:
eb:b8:15:ce:39:12:51:76:9c:32:ed:65:35:6c:97:
65:cd:d7:ba:82:7c:52:39:86:23:fd:83:da:f2:f0:
ff:f7:76:fd:20:61:e4:1f:5d:d0:d2:b9:15:b4:e5:
d2:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:33:B8:73:8C:86:0D:B8:7F:6E:8C:97:70:D1:B1:19:BF:7E:2B:50
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/-TO4c4yGDbh_boyXcNGxGb9-K1A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
c3:88:9d:93:59:a8:41:b8:4f:59:9b:d3:8d:36:9e:4b:19:05:
35:78:02:b5:38:4a:c3:c7:dd:12:2a:78:ef:2d:cf:8c:89:f9:
e9:ae:57:e3:67:07:52:9c:83:8a:22:7a:94:c9:f1:d0:2b:dc:
ad:de:d2:bb:2f:11:fc:80:8c:26:ba:73:7e:2f:79:8a:4d:2f:
bc:aa:be:a0:0f:ee:3c:7c:0d:82:c2:ae:31:0a:35:81:0c:15:
a1:f9:3c:d8:10:77:bc:ee:24:83:e8:a9:43:5a:7b:8a:75:21:
72:91:0e:dd:50:d3:d8:cc:ab:0f:cd:d6:59:0b:82:bd:a4:fb:
41:15:9a:b3:2e:4d:91:21:61:c4:a5:b0:1a:96:ac:9b:3e:19:
fe:62:11:e1:b9:52:59:51:34:d1:d2:41:26:ea:e4:9d:82:3e:
57:c4:49:05:ae:1d:b7:27:66:2d:5e:50:e7:0f:58:46:7d:5f:
0c:26:1d:90:48:cd:5c:8f:7f:6f:b0:69:1e:0a:5a:28:86:18:
a5:a5:dd:1d:1f:97:c2:2b:a2:dc:23:58:54:bc:ac:25:b8:7d:
a5:87:fa:f1:0b:13:b5:31:b6:f5:3c:f4:84:29:5e:64:03:1e:
26:4f:a4:2e:3c:6d:f3:ed:f2:22:af:24:3a:d3:98:23:ee:13:
9c:ae:56:e4
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJtIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTQx
NzM5MThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEY5MzNCODczOEM4NjBE
Qjg3RjZFOEM5NzcwRDFCMTE5QkY3RTJCNTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMibBzJW7G1+UgtduAkY8qn+zrpDbct4anCMl0KGrTPySCIR4n
WsadfV/2E6giXziA6WDr08WJzcis99lvsQB45YY1XCgLgHnGEFFHgsqhFz79kzh9
K+VB4BW5Ot7M5TnDaH+bC/klnOODVTfNK4d3M8yfAgPZ55/fwYZK0S39cXjRYZ7e
i/x+64RXow5cqbzncITStKPA6uyo7G7yhS2TrMi+XUhU2Zx+K5GhJwSQxO2LCk1b
XFxS1jV7T2BZQOHQQWuxa6qiClAegfqDvqTNSuu4Fc45ElF2nDLtZTVsl2XN17qC
fFI5hiP9g9ry8P/3dv0gYeQfXdDSuRW05dINAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU+TO4c4yGDbh/boyXcNGxGb9+K1AwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvLVRPNGM0eUdEYmhf
Ym95WGNOR3hHYjktSzFBLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAMOInZNZqEG4T1mb0402nksZBTV4
ArU4SsPH3RIqeO8tz4yJ+emuV+NnB1Kcg4oiepTJ8dAr3K3e0rsvEfyAjCa6c34v
eYpNL7yqvqAP7jx8DYLCrjEKNYEMFaH5PNgQd7zuJIPoqUNae4p1IXKRDt1Q09jM
qw/N1lkLgr2k+0EVmrMuTZEhYcSlsBqWrJs+Gf5iEeG5UllRNNHSQSbq5J2CPlfE
SQWuHbcnZi1eUOcPWEZ9XwwmHZBIzVyPf2+waR4KWiiGGKWl3R0fl8IrotwjWFS8
rCW4faWH+vELE7UxtvU89IQpXmQDHiZPpC48bfPt8iKvJDrTmCPuE5yuVuQ=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:33:47 2025 by rpki-client