Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/4saNq-P5Olpo-KOWxJIJYRgXfqM.roa
File: 4saNq-P5Olpo-KOWxJIJYRgXfqM.roa (raw, json)
Hash identifier: ETi43fvNeOk46hDXTDRyvQV3von6AttiEmcMbdMcgQc=
Subject key identifier: E2:C6:8D:AB:E3:F9:3A:5A:68:F8:A3:96:C4:92:09:61:18:17:7E:A3
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 203A
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/4saNq-P5Olpo-KOWxJIJYRgXfqM.roa
Signing time: Tue 03 Jun 2025 00:08:46 +0000
ROA not before: Tue 03 Jun 2025 00:08:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8250 (0x203a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 3 00:08:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E2C68DABE3F93A5A68F8A396C492096118177EA3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:f5:9b:57:c5:76:7d:49:91:d2:cd:d6:7d:3f:
fe:70:29:9a:33:73:fe:dd:a9:ec:b5:12:0e:7f:5e:
b7:dc:10:67:e4:72:91:6f:f1:f1:45:03:a6:3b:3c:
a4:63:59:a7:5e:10:0e:be:a7:01:b6:6f:0b:fb:ab:
73:78:0d:95:17:17:4c:51:b0:d9:7b:18:61:8d:b2:
71:7c:9a:ea:34:12:b7:99:b4:97:45:ae:e6:fe:6e:
28:72:f7:c1:36:fd:d4:6b:db:35:db:54:85:13:7e:
ab:21:e2:dc:3d:d9:9a:a8:2a:9f:64:c5:bb:a6:7d:
9e:96:95:04:9f:2c:90:5d:07:46:84:3d:34:a5:23:
83:e5:02:57:74:00:05:82:c7:b2:48:6d:f0:41:7a:
c9:21:9e:a7:a2:d6:c8:56:73:47:48:90:43:09:a0:
70:e2:0d:90:b5:12:6c:3a:c7:cb:13:82:52:b2:e6:
27:05:a5:22:e8:68:2d:6b:3a:7b:17:2e:c1:87:48:
42:e1:e5:1a:a4:c2:2b:4f:85:6b:c8:54:f1:ce:91:
e5:e3:c7:b9:18:e1:50:f6:93:84:8e:5e:6e:50:a1:
60:8a:78:af:61:76:30:67:a2:25:e5:70:cf:f8:0c:
f1:c4:0a:4a:d2:c7:02:e0:34:f1:6b:af:f5:e2:d9:
0f:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:C6:8D:AB:E3:F9:3A:5A:68:F8:A3:96:C4:92:09:61:18:17:7E:A3
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/4saNq-P5Olpo-KOWxJIJYRgXfqM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
6c:5a:d0:20:8c:4c:33:62:9b:7b:d0:ca:dc:bf:53:99:44:37:
24:e2:c3:18:5c:06:94:8c:86:71:f6:aa:18:ac:e7:20:25:d3:
9a:15:fe:c6:ba:ea:a8:17:8a:e6:28:63:7e:e3:8f:d1:4f:37:
27:2a:3c:75:97:23:db:67:29:79:52:89:8c:ae:90:1b:79:08:
66:ce:89:4b:91:95:cb:52:db:9d:9c:2c:97:8a:4a:bb:21:6d:
96:fd:e5:b3:07:84:62:e1:22:c8:09:85:b6:66:2c:ac:c2:fa:
72:30:9d:7d:20:21:46:2d:b0:02:d2:d5:e7:b0:a5:d1:b3:88:
8e:8b:17:e9:1a:03:ad:6e:ed:05:ec:31:25:35:26:62:80:d5:
0d:20:f0:b1:bd:a4:0b:43:26:f0:ef:de:a0:0a:9f:04:2f:c7:
b1:d2:87:fa:7e:1d:27:07:13:3c:99:9d:45:71:10:2a:56:34:
94:64:64:39:69:ff:f2:34:f5:ca:ce:aa:5f:ca:6d:c5:7b:50:
ef:56:46:c1:d6:bb:a9:4e:67:fc:7f:5f:22:9c:aa:f1:87:f4:
1e:3a:0f:b3:17:cf:eb:1c:17:e5:58:38:6c:33:19:90:ae:70:
70:2a:cc:20:bc:f1:37:f1:ca:8c:bf:96:68:12:0b:07:77:a6:
1f:7a:fd:9e
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIDowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDMw
MDA4NDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEUyQzY4REFCRTNGOTNB
NUE2OEY4QTM5NkM0OTIwOTYxMTgxNzdFQTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC49ZtXxXZ9SZHSzdZ9P/5wKZozc/7dqey1Eg5/XrfcEGfkcpFv
8fFFA6Y7PKRjWadeEA6+pwG2bwv7q3N4DZUXF0xRsNl7GGGNsnF8muo0EreZtJdF
rub+bihy98E2/dRr2zXbVIUTfqsh4tw92ZqoKp9kxbumfZ6WlQSfLJBdB0aEPTSl
I4PlAld0AAWCx7JIbfBBeskhnqei1shWc0dIkEMJoHDiDZC1Emw6x8sTglKy5icF
pSLoaC1rOnsXLsGHSELh5RqkwitPhWvIVPHOkeXjx7kY4VD2k4SOXm5QoWCKeK9h
djBnoiXlcM/4DPHECkrSxwLgNPFrr/Xi2Q8hAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU4saNq+P5Olpo+KOWxJIJYRgXfqMwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvNHNhTnEtUDVPbHBv
LUtPV3hKSUpZUmdYZnFNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGxa0CCMTDNim3vQyty/U5lENyTi
wxhcBpSMhnH2qhis5yAl05oV/sa66qgXiuYoY37jj9FPNycqPHWXI9tnKXlSiYyu
kBt5CGbOiUuRlctS252cLJeKSrshbZb95bMHhGLhIsgJhbZmLKzC+nIwnX0gIUYt
sALS1eewpdGziI6LF+kaA61u7QXsMSU1JmKA1Q0g8LG9pAtDJvDv3qAKnwQvx7HS
h/p+HScHEzyZnUVxECpWNJRkZDlp//I09crOql/KbcV7UO9WRsHWu6lOZ/x/XyKc
qvGH9B46D7MXz+scF+VYOGwzGZCucHAqzCC88Tfxyoy/lmgSCwd3ph96/Z4=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:06:06 2025 by rpki-client