Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/-yRYcQKB-MrZYqpPAvdAfN-U-y0.roa
File: -yRYcQKB-MrZYqpPAvdAfN-U-y0.roa (raw, json)
Hash identifier: lzeY3QO4+iAIjHy6dKC1nas8v6bOfSzRd0zRKtK/yEU=
Subject key identifier: FB:24:58:71:02:81:F8:CA:D9:62:AA:4F:02:F7:40:7C:DF:94:FB:2D
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 20D9
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/-yRYcQKB-MrZYqpPAvdAfN-U-y0.roa
Signing time: Wed 04 Jun 2025 02:38:41 +0000
ROA not before: Wed 04 Jun 2025 02:38:41 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8409 (0x20d9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 4 02:38:41 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FB2458710281F8CAD962AA4F02F7407CDF94FB2D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:b0:9e:a7:7b:c1:c2:2d:86:6d:13:67:17:ec:
e8:89:6e:6d:a4:94:5b:21:d7:5a:04:6e:71:bf:bf:
a2:f6:69:2c:86:05:0a:04:e8:40:88:48:f1:e1:fb:
f5:7b:33:49:1e:95:2a:af:f6:b0:7f:8c:99:de:c6:
b7:8e:3a:90:94:71:70:05:db:0e:33:39:94:c4:4d:
bb:53:f7:4c:a0:84:2d:25:7c:a6:f7:bc:30:2c:a2:
b3:7d:8b:ab:c1:0a:42:66:ae:55:df:3f:56:a9:ff:
0e:2d:0b:74:e4:2f:0f:d0:0f:75:64:86:64:37:f1:
ef:bb:d2:6f:aa:75:fa:11:51:94:01:6d:c2:77:cb:
a1:38:51:d2:fc:aa:21:cc:d1:13:40:59:d5:e0:ec:
4f:13:54:93:f3:65:71:14:d8:fc:54:18:82:f1:9d:
54:a5:e7:ec:c7:5a:b9:b2:ad:5b:10:d7:bc:b6:73:
22:cf:29:31:e9:b0:27:bd:4d:94:71:43:85:f0:09:
69:b6:d9:10:69:be:26:47:6d:bb:6a:4e:06:e0:87:
ea:82:60:9a:3d:98:f5:11:dc:1d:f0:6f:f3:5a:87:
73:e2:2e:dd:cc:54:a5:15:5c:17:af:e5:88:31:32:
17:7a:a8:2a:6a:56:ca:83:f0:5f:cc:1e:f3:79:43:
09:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:24:58:71:02:81:F8:CA:D9:62:AA:4F:02:F7:40:7C:DF:94:FB:2D
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/-yRYcQKB-MrZYqpPAvdAfN-U-y0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
4e:4d:89:aa:df:ac:7e:b4:59:ab:49:60:a8:2a:f7:db:bc:e9:
ce:2a:95:3a:f4:ce:de:df:7f:73:f9:84:5d:6f:33:33:5e:36:
27:32:dc:ba:b7:47:b9:c6:df:60:e7:91:56:06:1d:43:91:91:
ae:1e:8c:60:bc:4c:45:89:ee:60:0d:fb:79:f6:2c:7f:9e:94:
91:29:f2:f8:0f:eb:7e:07:90:92:9a:bb:79:98:85:7f:73:5c:
64:df:44:35:0e:f0:41:0d:fd:b7:8f:ae:96:79:1d:3a:5b:58:
9d:ab:8a:89:d6:e0:d6:9a:dd:6d:04:8b:88:b1:f2:18:15:19:
e6:d1:ff:14:b2:4f:78:ea:48:ff:5b:32:95:09:52:19:55:52:
00:d9:07:be:df:85:f9:da:b2:77:d8:18:1e:f9:6e:06:ca:19:
30:fc:e9:14:1d:d0:02:1b:6c:4e:74:0f:42:38:91:61:ed:13:
32:8b:4c:3b:4b:c7:d1:0b:03:79:5c:ff:08:53:c0:81:9d:8e:
2c:09:59:d5:8e:9a:b8:83:80:81:01:88:be:68:37:5f:33:2a:
2c:eb:50:ba:87:9c:ef:a4:70:1d:9a:76:d8:d0:95:16:d1:77:
ee:94:37:d5:51:1a:b5:eb:ce:2a:e9:48:a3:71:16:eb:62:c6:
a1:4f:bc:b3
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICINkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDQw
MjM4NDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZCMjQ1ODcxMDI4MUY4
Q0FEOTYyQUE0RjAyRjc0MDdDREY5NEZCMkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYsJ6ne8HCLYZtE2cX7OiJbm2klFsh11oEbnG/v6L2aSyGBQoE
6ECISPHh+/V7M0kelSqv9rB/jJnexreOOpCUcXAF2w4zOZTETbtT90yghC0lfKb3
vDAsorN9i6vBCkJmrlXfP1ap/w4tC3TkLw/QD3VkhmQ38e+70m+qdfoRUZQBbcJ3
y6E4UdL8qiHM0RNAWdXg7E8TVJPzZXEU2PxUGILxnVSl5+zHWrmyrVsQ17y2cyLP
KTHpsCe9TZRxQ4XwCWm22RBpviZHbbtqTgbgh+qCYJo9mPUR3B3wb/Nah3PiLt3M
VKUVXBev5YgxMhd6qCpqVsqD8F/MHvN5QwkJAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU+yRYcQKB+MrZYqpPAvdAfN+U+y0wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvLXlSWWNRS0ItTXJa
WXFwUEF2ZEFmTi1VLXkwLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAE5NiarfrH60WatJYKgq99u86c4q
lTr0zt7ff3P5hF1vMzNeNicy3Lq3R7nG32DnkVYGHUORka4ejGC8TEWJ7mAN+3n2
LH+elJEp8vgP634HkJKau3mYhX9zXGTfRDUO8EEN/bePrpZ5HTpbWJ2rionW4Naa
3W0Ei4ix8hgVGebR/xSyT3jqSP9bMpUJUhlVUgDZB77fhfnasnfYGB75bgbKGTD8
6RQd0AIbbE50D0I4kWHtEzKLTDtLx9ELA3lc/whTwIGdjiwJWdWOmriDgIEBiL5o
N18zKizrULqHnO+kcB2adtjQlRbRd+6UN9VRGrXrzirpSKNxFutixqFPvLM=
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:11:47 2025 by rpki-client