Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/4uejnLXuxDcE07y8_EKJxEDUJXg.roa
File: 4uejnLXuxDcE07y8_EKJxEDUJXg.roa (raw, json)
Hash identifier: 0emL6HjV2rI4WjMZFTrRsh+2o9Cfl6khyOiwouoYuoQ=
Subject key identifier: E2:E7:A3:9C:B5:EE:C4:37:04:D3:BC:BC:FC:42:89:C4:40:D4:25:78
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1BFF
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/4uejnLXuxDcE07y8_EKJxEDUJXg.roa
Signing time: Mon 26 May 2025 11:38:13 +0000
ROA not before: Mon 26 May 2025 11:38:13 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7167 (0x1bff)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 26 11:38:13 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E2E7A39CB5EEC43704D3BCBCFC4289C440D42578
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:b9:70:30:29:6b:03:d4:10:c7:39:25:ab:2a:
8b:4a:38:df:7a:c7:7b:45:5f:2e:e2:02:de:62:41:
7e:3c:a0:eb:cc:72:a6:08:2a:20:9f:03:41:1e:0e:
75:2b:9f:f6:af:fa:e9:a7:87:b2:b1:23:40:e4:0e:
da:e9:8b:aa:69:f3:97:dc:08:7a:f5:f0:ed:3a:8c:
00:06:a4:ca:a9:de:2d:70:75:82:48:3c:58:00:ff:
93:a8:e8:8a:6e:c1:69:71:f6:10:47:33:73:f9:20:
54:2b:2c:2f:93:ee:81:13:3c:07:48:65:ed:e4:cc:
8d:58:b4:81:c9:88:ac:c8:db:1c:7c:28:6c:79:9a:
8b:2f:c7:ba:db:97:26:e2:4a:89:27:b0:92:9d:67:
7e:dc:2c:63:1d:ad:2b:b4:ce:76:c0:7d:9f:b0:01:
dd:76:6e:97:b8:bf:81:eb:d0:a0:3b:ea:b1:3b:c4:
e3:3a:00:3c:77:a5:98:43:97:57:76:ae:3b:86:b6:
08:f5:c5:53:5b:a3:88:0e:3e:d3:e2:3e:02:32:5b:
15:20:9c:f3:2c:e5:f8:85:3b:d8:8b:bd:b9:82:ba:
9e:3e:45:5d:34:b3:3f:2f:03:25:07:21:7a:f6:4a:
f1:41:c6:0f:eb:42:06:19:cf:b4:84:8b:72:82:0c:
9b:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:E7:A3:9C:B5:EE:C4:37:04:D3:BC:BC:FC:42:89:C4:40:D4:25:78
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/4uejnLXuxDcE07y8_EKJxEDUJXg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
2d:a2:b9:85:dc:4e:a3:fd:1e:0c:ba:50:aa:cd:e2:95:c9:91:
b0:a4:f6:45:17:21:c0:3e:11:09:fb:ae:f1:57:ab:ac:76:a5:
8a:fb:ed:dc:3c:f7:b6:88:73:cf:f5:03:32:33:43:2d:6f:08:
4f:eb:a8:81:0e:d4:4e:e9:20:ca:6b:04:09:f0:c0:50:1d:af:
3d:da:a5:09:82:4c:2d:36:42:f5:8a:51:d1:ef:73:6f:20:9d:
03:c0:b2:fa:ad:85:68:58:6c:c8:51:db:03:1e:93:62:01:3c:
2b:43:fb:57:1b:90:92:b8:af:4e:ee:12:f3:b1:4e:86:54:b7:
24:27:b2:e5:d4:61:4c:84:29:5f:8a:2f:3a:53:c1:cb:33:d5:
c8:ae:61:c6:68:1b:f1:da:3a:26:32:b8:db:ab:5b:e9:17:b8:
cd:34:b0:82:e6:2f:9b:79:51:7c:d9:13:a1:2b:91:24:a5:c5:
73:7e:c8:2f:69:ac:dd:8b:88:08:16:53:ec:65:ed:b4:62:8c:
89:19:35:26:cb:ba:8e:cb:fd:b4:b3:f2:78:c2:a0:35:fa:e9:
36:b3:40:64:31:9f:0a:eb:2c:47:75:df:90:34:42:ba:25:59:
0e:a9:20:84:e5:40:b8:42:c9:3a:66:5b:fd:34:0c:a9:1b:85:
6b:4a:e4:0f
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICG/8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MjYx
MTM4MTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEUyRTdBMzlDQjVFRUM0
MzcwNEQzQkNCQ0ZDNDI4OUM0NDBENDI1NzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMuXAwKWsD1BDHOSWrKotKON96x3tFXy7iAt5iQX48oOvMcqYI
KiCfA0EeDnUrn/av+umnh7KxI0DkDtrpi6pp85fcCHr18O06jAAGpMqp3i1wdYJI
PFgA/5Oo6IpuwWlx9hBHM3P5IFQrLC+T7oETPAdIZe3kzI1YtIHJiKzI2xx8KGx5
mosvx7rblybiSoknsJKdZ37cLGMdrSu0znbAfZ+wAd12bpe4v4Hr0KA76rE7xOM6
ADx3pZhDl1d2rjuGtgj1xVNbo4gOPtPiPgIyWxUgnPMs5fiFO9iLvbmCup4+RV00
sz8vAyUHIXr2SvFBxg/rQgYZz7SEi3KCDJufAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU4uejnLXuxDcE07y8/EKJxEDUJXgwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvNHVlam5MWHV4RGNF
MDd5OF9FS0p4RURVSlhnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAC2iuYXcTqP9Hgy6UKrN4pXJkbCk
9kUXIcA+EQn7rvFXq6x2pYr77dw897aIc8/1AzIzQy1vCE/rqIEO1E7pIMprBAnw
wFAdrz3apQmCTC02QvWKUdHvc28gnQPAsvqthWhYbMhR2wMek2IBPCtD+1cbkJK4
r07uEvOxToZUtyQnsuXUYUyEKV+KLzpTwcsz1ciuYcZoG/HaOiYyuNurW+kXuM00
sILmL5t5UXzZE6ErkSSlxXN+yC9prN2LiAgWU+xl7bRijIkZNSbLuo7L/bSz8njC
oDX66TazQGQxnwrrLEd135A0QrolWQ6pIITlQLhCyTpmW/00DKkbhWtK5A8=
-----END CERTIFICATE-----
Generated at Sat Jun 21 23:11:30 2025 by rpki-client