Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/0-Ky8mPk8QvvXWnpElzEZ5KA6JE.roa
File: 0-Ky8mPk8QvvXWnpElzEZ5KA6JE.roa (raw, json)
Hash identifier: S8B/1fBP46T2RyFai8Hf9ds+ERcwXCyKJRckNBwZ+XM=
Subject key identifier: D3:E2:B2:F2:63:E4:F1:0B:EF:5D:69:E9:12:5C:C4:67:92:80:E8:91
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 23CC
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0-Ky8mPk8QvvXWnpElzEZ5KA6JE.roa
Signing time: Mon 09 Jun 2025 08:38:59 +0000
ROA not before: Mon 09 Jun 2025 08:38:59 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9164 (0x23cc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 9 08:38:59 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D3E2B2F263E4F10BEF5D69E9125CC4679280E891
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:22:f5:05:6e:56:bc:84:d8:4c:f5:39:88:3e:
d7:ce:10:79:28:d8:ec:1b:ef:5a:8c:1d:92:7c:13:
bb:b5:67:00:2a:dd:95:af:e1:20:2f:27:34:3c:77:
56:70:f7:22:19:e1:bf:dc:fe:08:0e:c2:5b:17:4e:
de:af:79:72:da:38:f2:06:8e:08:3e:3c:4d:d5:7c:
b5:0a:10:82:89:7d:0d:81:af:31:cf:e9:23:04:b9:
b0:71:aa:c9:a2:79:ae:ab:e7:b0:27:87:75:43:a9:
9f:27:ba:4c:aa:cf:a9:45:64:86:d7:68:72:f3:85:
e9:3f:07:94:89:75:78:6b:50:f6:91:2b:2c:1a:bc:
7f:a4:db:e4:7f:60:2f:87:a7:98:44:a0:b2:36:38:
e7:7e:e8:96:83:87:9e:e2:b4:90:ef:0a:15:8c:a0:
dd:fb:87:ab:83:0c:50:ca:ed:50:07:44:40:1c:bb:
20:ac:45:97:d8:e0:0d:b4:86:56:cc:68:b4:d7:d3:
fa:2e:be:30:9a:94:f9:e9:74:c2:d1:e3:47:a9:ed:
60:4b:4a:50:1f:8f:70:a1:7f:51:7a:8f:6d:0d:64:
63:36:4a:43:eb:89:0e:b4:3c:e9:ea:5b:96:11:b8:
56:1d:31:02:6e:c5:1b:1d:9a:73:64:a8:84:83:73:
62:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:E2:B2:F2:63:E4:F1:0B:EF:5D:69:E9:12:5C:C4:67:92:80:E8:91
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0-Ky8mPk8QvvXWnpElzEZ5KA6JE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
14:34:65:7d:88:46:59:8b:1a:9e:2e:4f:9f:2d:cf:8a:5b:7d:
b0:8e:99:88:07:e2:ce:21:7f:89:b7:52:c1:29:f1:a4:0e:d1:
2e:b0:38:6b:fd:ef:f7:58:7d:7e:6f:7d:b3:48:f6:91:48:67:
72:b1:d7:ea:bf:ad:7d:bb:86:d9:73:4a:f0:a2:5b:6d:bb:88:
d6:9b:6d:ff:fe:e0:b1:44:83:d0:d2:80:ff:34:ac:36:2e:15:
71:3c:fa:17:8a:b2:d0:73:4a:5c:ef:0e:35:66:a4:d0:9a:2c:
a4:6f:a5:19:11:78:23:82:88:5a:12:9b:5b:93:ad:fe:74:01:
7e:64:cd:f2:80:69:25:c8:ad:ae:bc:51:c7:d1:f9:45:ec:10:
9b:8e:e8:66:4c:a8:c6:5b:34:25:bc:83:3d:ba:f4:2d:35:30:
cb:93:80:7a:64:23:7c:4f:93:4b:b6:2f:57:93:6b:50:e7:06:
47:ff:10:8d:93:b5:c7:4c:3e:a1:a3:ca:e5:26:27:11:de:5f:
5e:b5:ca:0e:1d:7b:70:b7:4d:55:b8:36:d7:a6:ca:87:8c:5e:
ad:81:38:c4:3c:31:cb:d5:3d:65:ae:11:3b:f2:93:c3:69:34:
cd:3d:ac:7f:b4:16:d3:28:2c:35:51:87:82:84:d0:88:28:c3:
d6:b7:49:9a
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICI8wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDkw
ODM4NTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQzRTJCMkYyNjNFNEYx
MEJFRjVENjlFOTEyNUNDNDY3OTI4MEU4OTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2IvUFbla8hNhM9TmIPtfOEHko2Owb71qMHZJ8E7u1ZwAq3ZWv
4SAvJzQ8d1Zw9yIZ4b/c/ggOwlsXTt6veXLaOPIGjgg+PE3VfLUKEIKJfQ2BrzHP
6SMEubBxqsmiea6r57Anh3VDqZ8nukyqz6lFZIbXaHLzhek/B5SJdXhrUPaRKywa
vH+k2+R/YC+Hp5hEoLI2OOd+6JaDh57itJDvChWMoN37h6uDDFDK7VAHREAcuyCs
RZfY4A20hlbMaLTX0/ouvjCalPnpdMLR40ep7WBLSlAfj3Chf1F6j20NZGM2SkPr
iQ60POnqW5YRuFYdMQJuxRsdmnNkqISDc2J7AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU0+Ky8mPk8QvvXWnpElzEZ5KA6JEwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvMC1LeThtUGs4UXZ2
WFducEVsekVaNUtBNkpFLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABQ0ZX2IRlmLGp4uT58tz4pbfbCO
mYgH4s4hf4m3UsEp8aQO0S6wOGv97/dYfX5vfbNI9pFIZ3Kx1+q/rX27htlzSvCi
W227iNabbf/+4LFEg9DSgP80rDYuFXE8+heKstBzSlzvDjVmpNCaLKRvpRkReCOC
iFoSm1uTrf50AX5kzfKAaSXIra68UcfR+UXsEJuO6GZMqMZbNCW8gz269C01MMuT
gHpkI3xPk0u2L1eTa1DnBkf/EI2TtcdMPqGjyuUmJxHeX161yg4de3C3TVW4Ntem
yoeMXq2BOMQ8McvVPWWuETvyk8NpNM09rH+0FtMoLDVRh4KE0Igow9a3SZo=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:36:17 2025 by rpki-client