Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/5awd9PNSkUCRDQ2XhXRvYMpDC9o.roa
File: 5awd9PNSkUCRDQ2XhXRvYMpDC9o.roa (raw, json)
Hash identifier: /qcz3kPZUzc1627roRAzao4eYojXG3mxtHX4MWuDbes=
Subject key identifier: E5:AC:1D:F4:F3:52:91:40:91:0D:0D:97:85:74:6F:60:CA:43:0B:DA
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C3E
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/5awd9PNSkUCRDQ2XhXRvYMpDC9o.roa
Signing time: Mon 26 May 2025 22:08:08 +0000
ROA not before: Mon 26 May 2025 22:08:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7230 (0x1c3e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 26 22:08:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E5AC1DF4F3529140910D0D9785746F60CA430BDA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:5c:16:2e:0b:bb:a2:0d:2d:65:05:ce:4b:8b:
29:8d:bf:0e:09:dd:3f:11:d6:74:35:95:02:7b:9d:
2d:23:53:fa:ca:99:0c:0e:be:95:0e:64:e7:7e:ec:
ed:5f:cb:03:9b:61:eb:e7:6e:89:94:c5:d7:bb:54:
62:7c:c3:85:60:64:0b:ae:2b:81:e5:56:45:c9:4a:
63:f8:6b:7b:72:d3:d8:f3:91:b2:9c:30:99:0e:5c:
08:1f:63:6d:a1:d4:61:c8:8c:36:71:4e:94:c5:83:
ee:c7:55:1f:5a:a5:87:65:30:8c:f0:45:27:3b:13:
ee:eb:d7:7d:1e:67:0b:7f:d8:e8:ee:22:81:c3:05:
ee:d7:5c:e7:86:65:16:f9:b2:ab:ad:78:07:ce:d2:
ef:f4:d0:da:7c:88:27:9f:98:c4:a0:a3:5d:3d:c5:
3f:34:1b:14:6e:9e:c0:f2:3a:17:9d:25:81:4a:f1:
b2:86:4b:87:9b:a7:89:5f:14:42:8b:6d:62:3c:1c:
28:79:9b:6b:7f:83:20:8b:51:53:d4:5b:49:85:b6:
d5:85:47:db:9f:a2:f2:7f:cb:d2:27:81:7c:4c:95:
b3:be:84:c2:4e:7e:7f:dd:48:80:f6:90:d5:cf:06:
2b:5b:86:c7:4a:94:cd:56:0a:72:2f:ce:af:7d:90:
5c:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:AC:1D:F4:F3:52:91:40:91:0D:0D:97:85:74:6F:60:CA:43:0B:DA
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/5awd9PNSkUCRDQ2XhXRvYMpDC9o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
a7:42:29:9e:11:47:4d:28:0a:0a:7a:e6:ec:e2:ce:4c:a1:78:
98:24:90:b9:08:18:0c:05:a0:36:82:a2:d6:ae:0e:73:1a:17:
15:33:bd:07:ad:a5:2a:02:7d:8c:38:ca:b9:f8:36:56:d3:f4:
25:c4:9c:8d:b4:dd:02:63:80:ae:8d:6d:10:6f:dd:4b:bf:b2:
f8:d4:85:c7:1f:f6:eb:d1:ac:fa:fe:97:41:02:77:92:ba:84:
f2:cc:65:0a:00:ce:18:35:38:4e:53:ca:ea:22:54:69:dd:be:
b1:45:fc:38:81:19:c7:79:b1:58:d0:a0:f0:30:45:87:ef:d5:
a7:d0:60:ab:e7:3d:9d:ea:e7:0c:5e:5e:e6:57:a4:42:cd:2a:
84:57:0b:30:6e:5f:1f:8c:56:51:00:d4:77:ed:48:54:db:bf:
8e:76:d5:ce:78:86:72:e2:a0:77:e9:2e:56:f1:51:7d:71:61:
0a:40:2c:cb:47:77:25:56:81:6c:fc:a3:e7:f5:9a:bd:50:2a:
96:4e:71:e8:aa:57:23:22:93:c5:d9:14:23:da:c0:ff:30:2e:
5f:31:25:bb:44:68:f9:ec:af:18:f3:a5:f6:7c:f4:88:d2:96:
c2:22:d8:d0:c1:50:0c:01:a5:ba:26:41:d4:d9:1d:ba:e7:7a:
06:bd:01:14
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHD4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MjYy
MjA4MDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEU1QUMxREY0RjM1Mjkx
NDA5MTBEMEQ5Nzg1NzQ2RjYwQ0E0MzBCREEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCnXBYuC7uiDS1lBc5LiymNvw4J3T8R1nQ1lQJ7nS0jU/rKmQwO
vpUOZOd+7O1fywObYevnbomUxde7VGJ8w4VgZAuuK4HlVkXJSmP4a3ty09jzkbKc
MJkOXAgfY22h1GHIjDZxTpTFg+7HVR9apYdlMIzwRSc7E+7r130eZwt/2OjuIoHD
Be7XXOeGZRb5squteAfO0u/00Np8iCefmMSgo109xT80GxRunsDyOhedJYFK8bKG
S4ebp4lfFEKLbWI8HCh5m2t/gyCLUVPUW0mFttWFR9ufovJ/y9IngXxMlbO+hMJO
fn/dSID2kNXPBitbhsdKlM1WCnIvzq99kFxBAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU5awd9PNSkUCRDQ2XhXRvYMpDC9owHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvNWF3ZDlQTlNrVUNS
RFEyWGhYUnZZTXBEQzlvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAKdCKZ4RR00oCgp65uzizkyheJgk
kLkIGAwFoDaCotauDnMaFxUzvQetpSoCfYw4yrn4NlbT9CXEnI203QJjgK6NbRBv
3Uu/svjUhccf9uvRrPr+l0ECd5K6hPLMZQoAzhg1OE5TyuoiVGndvrFF/DiBGcd5
sVjQoPAwRYfv1afQYKvnPZ3q5wxeXuZXpELNKoRXCzBuXx+MVlEA1HftSFTbv452
1c54hnLioHfpLlbxUX1xYQpALMtHdyVWgWz8o+f1mr1QKpZOceiqVyMik8XZFCPa
wP8wLl8xJbtEaPnsrxjzpfZ89IjSlsIi2NDBUAwBpbomQdTZHbrnega9ARQ=
-----END CERTIFICATE-----
Generated at Sat Jun 21 14:29:04 2025 by rpki-client