Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/0cHYtaRyxV6qRsjbNudVpjpur3c.roa
File: 0cHYtaRyxV6qRsjbNudVpjpur3c.roa (raw, json)
Hash identifier: RSiM7MFt+PdxiW68IHwITWEmZKciA1hb+0/QujIsth4=
Subject key identifier: D1:C1:D8:B5:A4:72:C5:5E:AA:46:C8:DB:36:E7:55:A6:3A:6E:AF:77
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2661
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0cHYtaRyxV6qRsjbNudVpjpur3c.roa
Signing time: Fri 13 Jun 2025 22:39:18 +0000
ROA not before: Fri 13 Jun 2025 22:39:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9825 (0x2661)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 22:39:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D1C1D8B5A472C55EAA46C8DB36E755A63A6EAF77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:37:23:c5:f6:a7:55:08:28:ce:fe:2d:f6:5a:
88:5b:e8:49:14:bf:ae:4e:49:80:bd:b3:e3:2b:1b:
03:5e:f0:ac:5b:45:f5:5f:23:77:d9:73:c3:87:6f:
62:95:87:79:c8:b1:9c:fc:12:c1:ff:5f:c1:76:87:
79:46:27:c4:7d:f5:04:66:84:14:97:85:a6:51:63:
58:dd:89:b1:83:41:c5:7b:43:cc:60:ab:d2:79:26:
c9:3b:a5:5d:de:72:aa:95:3b:6c:4c:4b:96:63:36:
57:a5:41:df:5f:9d:8c:fa:34:e5:fd:c8:a0:dc:e9:
47:4a:a5:06:e5:54:4b:7c:01:7c:33:84:91:8c:54:
b9:b2:a0:48:97:0e:1d:d1:39:ee:a0:69:4f:e8:53:
d9:c0:99:31:88:0e:8a:e0:9a:62:97:20:94:4e:9b:
1c:a5:a7:7c:fd:d7:37:7c:c1:92:df:d9:b8:6b:89:
72:b9:7d:45:d6:12:09:d5:97:ca:2c:19:c0:f3:32:
33:ea:34:8d:02:8e:7a:52:de:73:c3:61:73:03:e4:
18:28:42:a3:d5:de:a5:85:39:17:53:e0:c3:b3:36:
9c:58:a4:c6:74:f7:1c:9a:7d:83:45:6b:65:75:f4:
eb:18:25:7c:2a:5e:11:a3:e8:74:56:af:fd:d6:35:
b6:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:C1:D8:B5:A4:72:C5:5E:AA:46:C8:DB:36:E7:55:A6:3A:6E:AF:77
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0cHYtaRyxV6qRsjbNudVpjpur3c.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
b4:3c:c4:11:9a:21:b6:72:e0:a7:5d:aa:45:e8:b9:24:86:18:
e4:8f:a1:03:a1:f4:37:0b:78:c5:4c:b3:34:f8:81:a5:6b:49:
59:ba:c6:37:2b:d5:ca:f3:4c:3f:65:4e:f7:9f:19:c5:53:51:
00:93:a7:fa:18:b2:d8:6d:02:50:c2:fd:41:5b:33:5f:35:18:
9e:fe:95:99:5e:1f:ee:a9:dc:66:07:80:9d:79:6e:c4:c4:61:
f2:76:3b:71:a4:44:47:b4:47:ee:b5:e1:83:86:0c:b4:c9:3f:
5c:a7:61:d0:c2:4a:4c:19:52:fe:22:61:fa:d1:e8:7d:73:c7:
5a:7d:c0:6b:2b:54:31:1f:bc:16:ff:4d:f9:28:8e:ae:83:5c:
70:ea:b8:f1:f5:dd:3c:a9:fd:ce:e3:2b:2a:c2:a0:05:31:9d:
c3:6e:47:c0:1b:18:75:bc:21:ab:29:16:11:64:9d:67:0f:66:
0b:86:2f:4f:5c:a2:e0:59:74:10:1a:53:96:c0:19:0d:56:f5:
c7:2f:fb:b0:93:42:fb:bd:9c:af:b9:ed:e5:c9:ac:82:91:b3:
de:c5:6f:55:19:3b:41:6c:2e:21:f4:18:2a:00:bf:d5:bb:fe:
b4:db:5f:7b:4f:a7:73:da:bb:e0:97:e7:f8:8d:04:cb:61:46:
d2:ad:83:ef
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJmEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMy
MjM5MThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQxQzFEOEI1QTQ3MkM1
NUVBQTQ2QzhEQjM2RTc1NUE2M0E2RUFGNzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDeNyPF9qdVCCjO/i32Wohb6EkUv65OSYC9s+MrGwNe8KxbRfVf
I3fZc8OHb2KVh3nIsZz8EsH/X8F2h3lGJ8R99QRmhBSXhaZRY1jdibGDQcV7Q8xg
q9J5Jsk7pV3ecqqVO2xMS5ZjNlelQd9fnYz6NOX9yKDc6UdKpQblVEt8AXwzhJGM
VLmyoEiXDh3ROe6gaU/oU9nAmTGIDorgmmKXIJROmxylp3z91zd8wZLf2bhriXK5
fUXWEgnVl8osGcDzMjPqNI0CjnpS3nPDYXMD5BgoQqPV3qWFORdT4MOzNpxYpMZ0
9xyafYNFa2V19OsYJXwqXhGj6HRWr/3WNbb9AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU0cHYtaRyxV6qRsjbNudVpjpur3cwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvMGNIWXRhUnl4VjZx
UnNqYk51ZFZwanB1cjNjLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALQ8xBGaIbZy4KddqkXouSSGGOSP
oQOh9DcLeMVMszT4gaVrSVm6xjcr1crzTD9lTvefGcVTUQCTp/oYsthtAlDC/UFb
M181GJ7+lZleH+6p3GYHgJ15bsTEYfJ2O3GkREe0R+614YOGDLTJP1ynYdDCSkwZ
Uv4iYfrR6H1zx1p9wGsrVDEfvBb/Tfkojq6DXHDquPH13Typ/c7jKyrCoAUxncNu
R8AbGHW8IaspFhFknWcPZguGL09couBZdBAaU5bAGQ1W9ccv+7CTQvu9nK+57eXJ
rIKRs97Fb1UZO0FsLiH0GCoAv9W7/rTbX3tPp3Pau+CX5/iNBMthRtKtg+8=
-----END CERTIFICATE-----
Generated at Sat Jun 21 05:52:08 2025 by rpki-client