Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/5TMlcm6m6GUE8GE7aFaW96SqGbI.roa
File: 5TMlcm6m6GUE8GE7aFaW96SqGbI.roa (raw, json)
Hash identifier: lrFG82iXdE3STscHd//zs1fuIScdDvWse0tlz9A37TM=
Subject key identifier: E5:33:25:72:6E:A6:E8:65:04:F0:61:3B:68:56:96:F7:A4:AA:19:B2
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 26DB
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/5TMlcm6m6GUE8GE7aFaW96SqGbI.roa
Signing time: Sat 14 Jun 2025 19:09:21 +0000
ROA not before: Sat 14 Jun 2025 19:09:21 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9947 (0x26db)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 14 19:09:21 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E53325726EA6E86504F0613B685696F7A4AA19B2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:d8:a0:56:d5:94:55:a1:59:54:22:f8:05:c5:
79:9c:35:67:5c:eb:96:11:dc:bb:66:b5:9a:56:03:
d5:64:de:61:28:dd:04:87:00:72:67:b1:cf:04:04:
f0:04:e4:86:f9:39:70:dd:e3:55:e0:75:2c:6c:4b:
fc:cc:d5:27:68:b9:1d:62:b1:2c:1d:a1:77:e9:dd:
41:84:ba:be:1e:5c:02:f6:9b:bc:63:d9:ad:5c:68:
44:c1:c5:bc:3a:34:4e:fb:de:0d:73:a0:91:b2:fd:
6b:a0:bc:5c:d5:b9:2a:43:e6:a1:cc:58:fc:66:45:
83:52:dd:01:54:de:11:99:e1:f2:fe:9f:94:ea:cd:
36:ed:16:47:25:8e:f8:2c:84:56:f0:ae:60:6c:16:
63:54:fd:9f:de:fb:33:7f:26:a8:8d:64:bc:42:11:
48:94:cb:d4:b4:82:24:1b:87:31:68:58:b6:ff:91:
97:8f:c2:06:d5:a3:5a:4e:77:f4:4b:01:4a:48:66:
9d:ff:8a:4b:62:88:79:93:8f:c2:31:d4:f8:6b:53:
f8:5b:07:ad:36:0a:c5:53:4d:a5:f4:3d:57:51:57:
7f:23:81:50:68:58:a6:75:84:e9:61:b3:e9:ef:fa:
fd:2e:a9:b6:1d:d0:70:ec:cb:c9:19:fc:10:82:5d:
54:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:33:25:72:6E:A6:E8:65:04:F0:61:3B:68:56:96:F7:A4:AA:19:B2
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/5TMlcm6m6GUE8GE7aFaW96SqGbI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
4d:76:39:b6:43:4e:f1:de:de:19:5c:0f:60:d7:91:06:e5:a2:
b3:22:d2:e1:1f:62:a2:09:5b:0d:7f:3a:30:c3:85:ab:54:3d:
c2:6f:41:cf:a6:58:ec:2f:06:25:ba:c0:eb:93:1e:8f:1c:0e:
7f:71:2a:d0:97:d1:36:63:af:8c:fb:64:09:39:0b:25:ac:41:
6f:22:ed:37:98:3d:06:a7:68:00:c6:6b:7e:e5:c2:9c:ef:29:
a2:d2:19:ca:21:c4:cc:89:cf:32:7a:a6:8e:b4:e2:13:9f:5e:
02:c4:d2:bb:96:24:14:f6:71:9b:46:a5:5f:0d:29:41:24:54:
a5:a4:a2:1c:3b:2a:f1:7f:06:85:d6:01:71:44:7e:ac:8f:3a:
37:34:53:b7:32:58:a3:87:1c:37:98:c2:24:b4:a9:a2:c6:cf:
46:27:5c:e3:e0:1e:95:dc:7f:ec:0f:10:06:44:e1:bf:61:23:
9d:af:4e:14:ca:21:11:6e:9a:d9:fe:90:7c:fd:d0:ad:47:df:
0b:42:df:89:5e:02:27:28:e9:71:43:76:89:13:0e:63:76:ad:
0f:31:83:4b:71:bf:d7:7f:59:2a:8a:83:1f:1c:5e:b3:c3:5e:
97:19:2d:2c:67:7c:3e:4c:03:ab:ed:c6:53:e9:bf:c6:70:38:
33:73:88:17
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJtswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTQx
OTA5MjFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEU1MzMyNTcyNkVBNkU4
NjUwNEYwNjEzQjY4NTY5NkY3QTRBQTE5QjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDb2KBW1ZRVoVlUIvgFxXmcNWdc65YR3LtmtZpWA9Vk3mEo3QSH
AHJnsc8EBPAE5Ib5OXDd41XgdSxsS/zM1SdouR1isSwdoXfp3UGEur4eXAL2m7xj
2a1caETBxbw6NE773g1zoJGy/WugvFzVuSpD5qHMWPxmRYNS3QFU3hGZ4fL+n5Tq
zTbtFkcljvgshFbwrmBsFmNU/Z/e+zN/JqiNZLxCEUiUy9S0giQbhzFoWLb/kZeP
wgbVo1pOd/RLAUpIZp3/iktiiHmTj8Ix1PhrU/hbB602CsVTTaX0PVdRV38jgVBo
WKZ1hOlhs+nv+v0uqbYd0HDsy8kZ/BCCXVThAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU5TMlcm6m6GUE8GE7aFaW96SqGbIwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvNVRNbGNtNm02R1VF
OEdFN2FGYVc5NlNxR2JJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAE12ObZDTvHe3hlcD2DXkQblorMi
0uEfYqIJWw1/OjDDhatUPcJvQc+mWOwvBiW6wOuTHo8cDn9xKtCX0TZjr4z7ZAk5
CyWsQW8i7TeYPQanaADGa37lwpzvKaLSGcohxMyJzzJ6po604hOfXgLE0ruWJBT2
cZtGpV8NKUEkVKWkohw7KvF/BoXWAXFEfqyPOjc0U7cyWKOHHDeYwiS0qaLGz0Yn
XOPgHpXcf+wPEAZE4b9hI52vThTKIRFumtn+kHz90K1H3wtC34leAico6XFDdokT
DmN2rQ8xg0txv9d/WSqKgx8cXrPDXpcZLSxnfD5MA6vtxlPpv8ZwODNziBc=
-----END CERTIFICATE-----
Generated at Fri Jun 20 22:50:52 2025 by rpki-client