Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/-m-xHJspEXj1fAiAQR4P6WJT-oY.roa
File: -m-xHJspEXj1fAiAQR4P6WJT-oY.roa (raw, json)
Hash identifier: kaBBOxcNA27EBaOqDh5sf7fEz74K47PgYHD9mhlrNKE=
Subject key identifier: FA:6F:B1:1C:9B:29:11:78:F5:7C:08:80:41:1E:0F:E9:62:53:FA:86
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2418
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/-m-xHJspEXj1fAiAQR4P6WJT-oY.roa
Signing time: Mon 09 Jun 2025 21:09:05 +0000
ROA not before: Mon 09 Jun 2025 21:09:05 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9240 (0x2418)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 9 21:09:05 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FA6FB11C9B291178F57C0880411E0FE96253FA86
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:0a:97:63:07:49:00:80:93:b2:dd:e4:57:e3:
c9:4d:c2:e3:d7:44:1b:85:3f:24:d7:3a:f3:6e:35:
6d:9b:57:14:c6:c2:43:fa:75:cc:20:f8:fc:b1:69:
13:fb:fa:c0:29:07:0f:4e:ca:19:f0:17:c9:12:6d:
69:42:2d:5a:24:51:fa:62:4a:80:5b:5d:6f:08:02:
41:bc:4c:7e:f2:22:05:5a:f3:6a:de:b8:ab:3a:a3:
91:ad:1c:67:51:94:b7:d0:02:cf:f8:ad:82:6a:9b:
80:9a:d2:df:fc:bc:22:95:82:ed:fb:2f:db:db:af:
a0:6c:5f:31:74:da:57:9d:f8:c2:42:6e:37:40:76:
88:98:22:a0:5f:aa:d6:bf:f8:3b:29:d5:50:2a:17:
1b:ab:6d:ec:6a:98:60:f7:e9:f7:d0:0b:67:77:cf:
2c:6c:04:9c:2b:1f:df:98:d8:2e:9d:a8:e5:ef:9b:
d3:c4:9e:93:d2:c9:e5:dd:21:0e:cd:3f:a0:ce:49:
b2:15:7e:07:59:56:af:6e:d5:4f:c0:29:e9:6d:1c:
a8:c0:9e:33:40:ba:c0:03:8d:50:d3:5e:f9:6d:dc:
db:96:8a:c3:52:8c:98:ee:94:fa:89:dc:08:43:2c:
fe:6e:98:59:4c:8e:86:a6:ee:92:f9:d2:85:c6:44:
84:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:6F:B1:1C:9B:29:11:78:F5:7C:08:80:41:1E:0F:E9:62:53:FA:86
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/-m-xHJspEXj1fAiAQR4P6WJT-oY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
8c:36:42:97:5e:8c:42:a7:80:8f:4b:91:50:a0:14:9c:47:7a:
dd:7d:59:0b:11:8f:d9:d7:65:9c:92:79:a8:18:16:fd:1b:bd:
93:7d:ca:88:b3:13:a0:39:61:e0:ed:99:4d:91:dd:28:c8:1c:
ab:1d:83:cd:03:59:01:74:47:f2:d7:61:dd:c7:bc:48:0f:9d:
70:9f:8f:91:82:c2:30:16:52:a2:24:c3:fe:bd:70:e8:c3:4e:
df:9b:94:65:83:af:7a:aa:5f:21:a4:37:a2:0e:a8:9a:97:03:
be:8a:4b:a6:66:a2:f7:b4:b4:79:bd:37:f5:12:35:54:6d:8f:
e6:0d:6a:0e:fa:3f:b0:b1:4e:4e:33:86:f8:ed:77:ea:1a:c1:
de:10:66:fc:cd:8f:39:3f:3d:e1:19:0d:ba:cb:21:24:df:1c:
a2:bc:3a:a0:e5:cf:87:7b:18:6b:74:bb:24:12:34:2b:fe:f3:
0a:0d:8d:cb:e9:d6:58:66:c9:15:dc:ac:03:a3:6a:d1:ce:31:
fb:b4:9a:e8:a9:cc:43:eb:e3:69:9f:0d:00:32:8e:da:73:b0:
71:07:7f:71:d5:ce:14:42:ff:90:78:40:67:c8:7a:9b:90:39:
3d:f3:70:3c:7e:71:9e:d0:a3:9c:b6:58:00:f5:30:85:37:f4:
7b:4c:88:69
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJBgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDky
MTA5MDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZBNkZCMTFDOUIyOTEx
NzhGNTdDMDg4MDQxMUUwRkU5NjI1M0ZBODYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCoCpdjB0kAgJOy3eRX48lNwuPXRBuFPyTXOvNuNW2bVxTGwkP6
dcwg+PyxaRP7+sApBw9OyhnwF8kSbWlCLVokUfpiSoBbXW8IAkG8TH7yIgVa82re
uKs6o5GtHGdRlLfQAs/4rYJqm4Ca0t/8vCKVgu37L9vbr6BsXzF02led+MJCbjdA
doiYIqBfqta/+Dsp1VAqFxurbexqmGD36ffQC2d3zyxsBJwrH9+Y2C6dqOXvm9PE
npPSyeXdIQ7NP6DOSbIVfgdZVq9u1U/AKeltHKjAnjNAusADjVDTXvlt3NuWisNS
jJjulPqJ3AhDLP5umFlMjoam7pL50oXGRITLAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU+m+xHJspEXj1fAiAQR4P6WJT+oYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvLW0teEhKc3BFWGox
ZkFpQVFSNFA2V0pULW9ZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAIw2QpdejEKngI9LkVCgFJxHet19
WQsRj9nXZZySeagYFv0bvZN9yoizE6A5YeDtmU2R3SjIHKsdg80DWQF0R/LXYd3H
vEgPnXCfj5GCwjAWUqIkw/69cOjDTt+blGWDr3qqXyGkN6IOqJqXA76KS6Zmove0
tHm9N/USNVRtj+YNag76P7CxTk4zhvjtd+oawd4QZvzNjzk/PeEZDbrLISTfHKK8
OqDlz4d7GGt0uyQSNCv+8woNjcvp1lhmyRXcrAOjatHOMfu0muipzEPr42mfDQAy
jtpzsHEHf3HVzhRC/5B4QGfIepuQOT3zcDx+cZ7Qo5y2WAD1MIU39HtMiGk=
-----END CERTIFICATE-----
Generated at Sat Jun 21 03:23:45 2025 by rpki-client