Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/4wAAt_rM7rVga2p_1_M36--2YoY.roa
File: 4wAAt_rM7rVga2p_1_M36--2YoY.roa (raw, json)
Hash identifier: KbgFjjyi3cBQkB96eEu/+xFZFUzjkC7xfCpEsaONY1A=
Subject key identifier: E3:00:00:B7:FA:CC:EE:B5:60:6B:6A:7F:D7:F3:37:EB:EF:B6:62:86
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2528
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/4wAAt_rM7rVga2p_1_M36--2YoY.roa
Signing time: Wed 11 Jun 2025 18:39:10 +0000
ROA not before: Wed 11 Jun 2025 18:39:10 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9512 (0x2528)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 11 18:39:10 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E30000B7FACCEEB5606B6A7FD7F337EBEFB66286
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:8c:57:83:47:3b:8a:29:0a:7f:60:0e:8f:fa:
13:cf:8a:5a:61:4a:b2:68:c1:0a:32:c1:09:9d:c6:
58:a2:09:a2:7a:ce:36:aa:6e:88:4a:2a:90:ff:c2:
e5:09:8c:d6:95:76:8c:5f:b2:a7:77:e6:a1:19:bb:
3d:82:64:38:87:05:1d:1e:a4:f6:30:8c:37:21:ec:
d5:f9:06:ec:86:cb:dd:6f:48:a2:e2:e6:86:b9:3f:
8e:6d:fa:6e:8a:7e:a0:12:91:4f:f5:2d:bf:4a:86:
1e:28:a7:00:12:57:50:05:64:58:22:63:17:ea:91:
f8:fb:c0:b6:fa:c6:f4:0b:5a:2b:97:8e:b8:ce:de:
a1:4a:83:da:c1:34:9d:87:4f:02:c5:f5:2e:15:ce:
be:56:89:d6:4e:4b:f2:69:0c:ab:a9:81:08:12:50:
2e:28:e8:9c:63:4c:f0:e2:cc:52:5b:aa:7a:c9:ef:
5d:7f:4b:65:29:4f:d6:3a:ac:41:6b:c5:35:18:b3:
d8:8e:82:48:83:c4:31:6c:f8:d4:1d:b4:b2:46:2b:
94:10:b8:44:ab:3b:7e:54:33:60:59:c7:86:cf:aa:
66:c0:13:12:73:39:4a:5f:0d:81:e5:ee:37:b5:46:
4a:35:c6:cf:8c:2b:8c:eb:df:23:0c:71:9c:a0:95:
b7:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:00:00:B7:FA:CC:EE:B5:60:6B:6A:7F:D7:F3:37:EB:EF:B6:62:86
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/4wAAt_rM7rVga2p_1_M36--2YoY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
18:ad:d6:31:4d:76:aa:13:43:99:58:57:7b:1c:b1:29:51:85:
3c:db:31:8e:ff:11:40:14:d2:4c:5e:bf:d5:d6:ed:52:a6:8e:
92:64:9a:f3:2b:1f:ac:c9:ad:9c:de:61:ab:13:92:c9:80:9d:
ba:98:ee:27:e8:eb:61:1d:72:e3:e8:bc:86:af:9e:30:5e:34:
b5:14:09:1a:ef:81:36:8f:d1:a3:b4:7f:73:81:b0:a8:f2:ed:
cd:fd:26:b2:60:29:4d:88:90:2c:3f:59:8e:84:8f:36:c5:07:
36:5e:f2:7d:64:92:5c:f2:f1:39:38:51:4b:54:c0:3a:3e:52:
47:ee:54:2d:c0:e1:e3:80:9d:13:91:d5:20:57:2a:bb:b5:08:
c0:06:1e:d7:31:23:28:ae:b8:ac:1b:f3:28:e8:18:11:e8:b5:
71:8c:44:10:20:81:29:91:0e:b1:dd:53:c6:fa:11:5e:16:d4:
b9:49:2a:e7:f3:ef:46:bc:11:12:36:95:7f:a0:3a:b8:97:5c:
f9:2f:f0:0f:9f:ed:f5:47:2d:76:97:f8:39:21:82:83:e3:f5:
f5:09:ec:02:4a:cf:18:34:c5:7c:3b:05:0f:1f:20:0b:0c:98:
e1:09:e2:ac:67:d4:48:f6:fe:68:51:26:fb:82:35:11:c0:09:
67:7f:ba:64
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJSgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTEx
ODM5MTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEUzMDAwMEI3RkFDQ0VF
QjU2MDZCNkE3RkQ3RjMzN0VCRUZCNjYyODYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQjFeDRzuKKQp/YA6P+hPPilphSrJowQoywQmdxliiCaJ6zjaq
bohKKpD/wuUJjNaVdoxfsqd35qEZuz2CZDiHBR0epPYwjDch7NX5BuyGy91vSKLi
5oa5P45t+m6KfqASkU/1Lb9Khh4opwASV1AFZFgiYxfqkfj7wLb6xvQLWiuXjrjO
3qFKg9rBNJ2HTwLF9S4Vzr5WidZOS/JpDKupgQgSUC4o6JxjTPDizFJbqnrJ711/
S2UpT9Y6rEFrxTUYs9iOgkiDxDFs+NQdtLJGK5QQuESrO35UM2BZx4bPqmbAExJz
OUpfDYHl7je1Rko1xs+MK4zr3yMMcZyglbfzAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU4wAAt/rM7rVga2p/1/M36++2YoYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvNHdBQXRfck03clZn
YTJwXzFfTTM2LS0yWW9ZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABit1jFNdqoTQ5lYV3scsSlRhTzb
MY7/EUAU0kxev9XW7VKmjpJkmvMrH6zJrZzeYasTksmAnbqY7ifo62EdcuPovIav
njBeNLUUCRrvgTaP0aO0f3OBsKjy7c39JrJgKU2IkCw/WY6EjzbFBzZe8n1kklzy
8Tk4UUtUwDo+UkfuVC3A4eOAnROR1SBXKru1CMAGHtcxIyiuuKwb8yjoGBHotXGM
RBAggSmRDrHdU8b6EV4W1LlJKufz70a8ERI2lX+gOriXXPkv8A+f7fVHLXaX+Dkh
goPj9fUJ7AJKzxg0xXw7BQ8fIAsMmOEJ4qxn1Ej2/mhRJvuCNRHACWd/umQ=
-----END CERTIFICATE-----
Generated at Sat Jun 21 04:16:38 2025 by rpki-client