Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/5b3WGLXKRhtPvZaK1W9LYCbBZVQ.roa
File: 5b3WGLXKRhtPvZaK1W9LYCbBZVQ.roa (raw, json)
Hash identifier: BYsLBHnilLKqr3NqLub76xR2OsBT6u+jFdKsMwQs0aI=
Subject key identifier: E5:BD:D6:18:B5:CA:46:1B:4F:BD:96:8A:D5:6F:4B:60:26:C1:65:54
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2099
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/5b3WGLXKRhtPvZaK1W9LYCbBZVQ.roa
Signing time: Tue 03 Jun 2025 16:08:43 +0000
ROA not before: Tue 03 Jun 2025 16:08:43 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8345 (0x2099)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 3 16:08:43 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E5BDD618B5CA461B4FBD968AD56F4B6026C16554
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:13:11:26:fc:bf:d1:ba:6e:d8:f5:6f:dc:ec:
45:35:89:22:d7:83:31:f6:00:35:f8:3a:ee:49:96:
2c:16:5e:e6:0b:ad:82:cc:d5:f4:bc:92:d9:6d:a2:
68:6d:21:b6:05:d4:e1:86:f4:71:cb:ac:09:2b:7b:
16:1b:52:1b:d3:4a:4a:5f:51:3f:12:d6:f8:65:62:
14:a9:55:56:b1:03:2b:7c:68:40:b8:92:dd:46:05:
b6:e5:58:d3:20:36:ae:73:e2:79:fb:29:d8:53:3c:
16:63:dc:33:eb:bf:41:49:c4:79:a9:de:3f:7b:76:
25:b9:5d:6a:a2:d1:c0:1d:04:01:7d:a5:57:91:ea:
62:c4:49:0a:b6:97:4b:67:52:9c:a7:26:5e:a1:af:
a5:39:e9:0a:06:08:1a:b7:79:27:22:6a:92:dd:59:
3a:19:18:99:19:ff:1b:86:e0:54:7d:2f:bb:77:fe:
09:a6:00:0d:3d:50:27:29:d1:d0:59:d8:06:0d:13:
cd:be:13:c4:7f:68:48:75:1f:d1:bc:5d:8e:93:d1:
e8:0e:81:f9:0d:02:c6:d1:c9:20:17:21:d2:3f:ee:
8f:f0:30:40:17:83:04:2a:9a:9d:c5:71:4f:ae:a0:
0a:35:0b:65:a0:06:70:0d:56:4b:98:2b:57:45:6f:
6f:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:BD:D6:18:B5:CA:46:1B:4F:BD:96:8A:D5:6F:4B:60:26:C1:65:54
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/5b3WGLXKRhtPvZaK1W9LYCbBZVQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
25:35:be:41:98:c3:d8:4b:23:40:30:8a:db:69:5d:a2:2f:bb:
30:c5:0b:26:50:c5:e7:cc:eb:dc:d4:cf:f5:a5:92:e8:5f:1b:
dd:69:44:1d:ca:74:fa:93:e2:73:f5:5d:02:c1:43:f4:97:0a:
a3:36:74:40:71:7e:39:12:cf:42:93:94:d0:68:7e:a4:2b:2c:
f8:e9:c7:a8:e8:2a:07:eb:a4:ae:d0:aa:2b:60:c1:e7:ce:3c:
97:ca:24:ed:b7:79:e4:f5:01:aa:1c:40:8c:c1:80:da:bb:f5:
24:d0:54:c2:4b:2a:45:12:d8:8f:4d:78:d6:47:dc:c1:f9:a8:
85:c3:52:9c:7d:ed:6d:f1:d3:1c:bb:6c:28:96:3c:61:30:6b:
45:d8:89:89:68:f4:bf:bb:c3:e3:e0:21:4d:a0:0b:1d:bc:57:
cc:48:26:23:85:a6:91:ca:72:21:39:7f:9f:e3:fd:75:79:73:
d4:98:e9:5f:1d:95:fc:e0:3e:a5:f7:b8:5f:54:65:86:59:f4:
65:bc:05:2c:87:0c:b4:08:a1:54:be:04:f4:f3:75:a3:fb:1f:
42:27:5c:3b:4e:27:9b:13:1c:fb:a8:65:df:ea:38:9c:2c:10:
36:cb:26:dd:b7:cb:7b:ed:c4:13:dd:32:7b:9c:f6:eb:f4:fe:
c1:53:8d:23
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIJkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDMx
NjA4NDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEU1QkRENjE4QjVDQTQ2
MUI0RkJEOTY4QUQ1NkY0QjYwMjZDMTY1NTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDzExEm/L/Rum7Y9W/c7EU1iSLXgzH2ADX4Ou5JliwWXuYLrYLM
1fS8ktltomhtIbYF1OGG9HHLrAkrexYbUhvTSkpfUT8S1vhlYhSpVVaxAyt8aEC4
kt1GBbblWNMgNq5z4nn7KdhTPBZj3DPrv0FJxHmp3j97diW5XWqi0cAdBAF9pVeR
6mLESQq2l0tnUpynJl6hr6U56QoGCBq3eSciapLdWToZGJkZ/xuG4FR9L7t3/gmm
AA09UCcp0dBZ2AYNE82+E8R/aEh1H9G8XY6T0egOgfkNAsbRySAXIdI/7o/wMEAX
gwQqmp3FcU+uoAo1C2WgBnANVkuYK1dFb2/zAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU5b3WGLXKRhtPvZaK1W9LYCbBZVQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvNWIzV0dMWEtSaHRQ
dlphSzFXOUxZQ2JCWlZRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBACU1vkGYw9hLI0AwittpXaIvuzDF
CyZQxefM69zUz/WlkuhfG91pRB3KdPqT4nP1XQLBQ/SXCqM2dEBxfjkSz0KTlNBo
fqQrLPjpx6joKgfrpK7QqitgwefOPJfKJO23eeT1AaocQIzBgNq79STQVMJLKkUS
2I9NeNZH3MH5qIXDUpx97W3x0xy7bCiWPGEwa0XYiYlo9L+7w+PgIU2gCx28V8xI
JiOFppHKciE5f5/j/XV5c9SY6V8dlfzgPqX3uF9UZYZZ9GW8BSyHDLQIoVS+BPTz
daP7H0InXDtOJ5sTHPuoZd/qOJwsEDbLJt23y3vtxBPdMnuc9uv0/sFTjSM=
-----END CERTIFICATE-----
Generated at Sat Jun 21 12:12:55 2025 by rpki-client