Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/5s9bAlu8fRjgowzQ1oMJYwfO_SE.roa
File: 5s9bAlu8fRjgowzQ1oMJYwfO_SE.roa (raw, json)
Hash identifier: M+QdelENxS2sKa0L+ob3pA1aaWanLx7j/lm3Gw4rtkI=
Subject key identifier: E6:CF:5B:02:5B:BC:7D:18:E0:A3:0C:D0:D6:83:09:63:07:CE:FD:21
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 20BE
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/5s9bAlu8fRjgowzQ1oMJYwfO_SE.roa
Signing time: Tue 03 Jun 2025 22:08:39 +0000
ROA not before: Tue 03 Jun 2025 22:08:39 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8382 (0x20be)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 3 22:08:39 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E6CF5B025BBC7D18E0A30CD0D683096307CEFD21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:91:6c:13:d6:3b:b8:62:0f:bc:56:e1:da:03:
32:14:25:77:40:22:cf:6c:33:36:e7:e8:5d:68:c6:
9a:a0:3f:7c:32:4c:8a:28:9c:b8:56:8c:c5:cc:2a:
56:08:f9:40:f6:17:6e:52:2f:30:32:16:ca:80:5a:
97:13:f1:52:b6:f5:3e:8b:af:9c:e6:bd:94:77:60:
23:25:30:f0:8d:9d:e8:cf:df:e7:e0:42:b0:aa:44:
f7:35:da:c9:f8:c9:af:e1:27:c9:af:21:70:a7:a9:
b0:1e:b7:29:c4:a9:18:24:43:3a:e9:18:23:9e:c7:
a2:fb:f8:d3:2e:3c:98:14:18:3b:f4:f8:8c:a0:94:
e0:94:b1:5c:7c:2d:68:e0:2d:b6:2c:87:92:fe:29:
59:6b:16:11:77:0a:c5:b0:36:b2:d0:9c:0e:3d:36:
04:ef:42:60:ee:64:8a:9a:8f:00:eb:f9:05:65:28:
df:84:35:f7:68:89:56:64:37:fe:c6:08:05:ee:65:
b1:48:08:d0:3d:39:c0:48:a4:e4:a7:26:32:7c:b9:
20:30:25:4b:b8:d3:5c:ae:e8:fb:4c:c2:98:88:05:
b3:3e:d4:f8:9e:1c:f3:9b:9a:ef:a0:cf:9a:e9:ea:
61:4b:d4:e4:ea:12:7c:2f:6e:ca:6f:03:b1:59:53:
90:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:CF:5B:02:5B:BC:7D:18:E0:A3:0C:D0:D6:83:09:63:07:CE:FD:21
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/5s9bAlu8fRjgowzQ1oMJYwfO_SE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
21:24:42:5d:86:02:b5:ac:23:a6:b1:95:18:95:ea:50:90:dc:
fc:dd:24:39:8c:2a:33:43:44:34:de:2a:30:8d:33:8f:45:1b:
f0:93:eb:75:53:4c:2f:73:cc:97:d1:dd:24:90:21:14:36:67:
16:80:c2:35:e9:79:95:3b:f7:94:30:94:ff:1c:88:7e:19:6b:
eb:db:1a:0b:98:d1:d0:7e:58:f5:14:d5:c5:22:2b:d2:25:b0:
b7:ef:83:3f:14:b0:59:70:6f:a7:2c:67:c4:59:f4:e5:e9:65:
2c:e7:70:be:37:62:76:3f:16:04:b2:50:04:51:5b:fa:85:d1:
b6:7b:03:5a:8a:24:f0:50:18:f4:00:f9:3b:41:e8:88:00:be:
52:c8:dc:2f:a0:2f:5d:e6:37:e6:97:00:97:77:db:60:0b:30:
c0:f7:39:bd:8e:6d:e9:42:d2:2e:49:dc:45:93:ee:59:89:33:
67:65:76:37:f4:5f:55:a4:02:d8:af:d0:0c:3d:c9:f7:87:bc:
d4:db:b1:b6:6c:c5:1e:dd:dd:07:92:58:c5:c7:18:1e:5b:34:
59:3a:9f:db:04:32:8a:6c:09:ed:5a:95:09:a0:cb:d5:ce:96:
ec:6d:08:ce:64:2b:b6:7f:f9:bc:11:57:4d:1a:30:10:82:77:
76:7b:25:94
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIL4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDMy
MjA4MzlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEU2Q0Y1QjAyNUJCQzdE
MThFMEEzMENEMEQ2ODMwOTYzMDdDRUZEMjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+kWwT1ju4Yg+8VuHaAzIUJXdAIs9sMzbn6F1oxpqgP3wyTIoo
nLhWjMXMKlYI+UD2F25SLzAyFsqAWpcT8VK29T6Lr5zmvZR3YCMlMPCNnejP3+fg
QrCqRPc12sn4ya/hJ8mvIXCnqbAetynEqRgkQzrpGCOex6L7+NMuPJgUGDv0+Iyg
lOCUsVx8LWjgLbYsh5L+KVlrFhF3CsWwNrLQnA49NgTvQmDuZIqajwDr+QVlKN+E
NfdoiVZkN/7GCAXuZbFICNA9OcBIpOSnJjJ8uSAwJUu401yu6PtMwpiIBbM+1Pie
HPObmu+gz5rp6mFL1OTqEnwvbspvA7FZU5A/AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU5s9bAlu8fRjgowzQ1oMJYwfO/SEwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvNXM5YkFsdThmUmpn
b3d6UTFvTUpZd2ZPX1NFLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBACEkQl2GArWsI6axlRiV6lCQ3Pzd
JDmMKjNDRDTeKjCNM49FG/CT63VTTC9zzJfR3SSQIRQ2ZxaAwjXpeZU795QwlP8c
iH4Za+vbGguY0dB+WPUU1cUiK9IlsLfvgz8UsFlwb6csZ8RZ9OXpZSzncL43YnY/
FgSyUARRW/qF0bZ7A1qKJPBQGPQA+TtB6IgAvlLI3C+gL13mN+aXAJd322ALMMD3
Ob2ObelC0i5J3EWT7lmJM2dldjf0X1WkAtiv0Aw9yfeHvNTbsbZsxR7d3QeSWMXH
GB5bNFk6n9sEMopsCe1alQmgy9XOluxtCM5kK7Z/+bwRV00aMBCCd3Z7JZQ=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:57:35 2025 by rpki-client