Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/66GzII95oxMkDSufOQCv9q6utAg.roa
File: 66GzII95oxMkDSufOQCv9q6utAg.roa (raw, json)
Hash identifier: ut8eZML93EM5GEYU6OftrNQgsE+vuQ3ZvUUsM2dhG2c=
Subject key identifier: EB:A1:B3:20:8F:79:A3:13:24:0D:2B:9F:39:00:AF:F6:AE:AE:B4:08
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 20BD
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/66GzII95oxMkDSufOQCv9q6utAg.roa
Signing time: Tue 03 Jun 2025 22:08:39 +0000
ROA not before: Tue 03 Jun 2025 22:08:39 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8381 (0x20bd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 3 22:08:39 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=EBA1B3208F79A313240D2B9F3900AFF6AEAEB408
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:fc:96:ce:2c:f5:d8:dc:90:c5:02:a7:97:ad:
d0:0a:f0:62:26:f1:04:de:5a:4d:f1:89:2d:2f:b5:
a8:fa:10:af:1e:b9:0e:5f:ce:2d:55:40:5d:cb:f1:
6b:9f:83:41:38:7d:a8:06:49:97:4d:0f:66:be:1e:
98:16:6e:8e:e7:a4:f3:e4:38:99:ef:a4:a7:b4:d3:
a1:1a:84:4f:c0:80:08:4b:3d:95:07:10:15:a0:0b:
a1:4c:8f:ef:96:88:7e:d5:2e:6a:48:97:0a:83:9c:
93:0f:98:77:c5:06:aa:7f:00:31:1c:61:d4:17:50:
ac:fb:0d:b1:e2:c5:69:a7:92:8c:f9:43:74:97:e0:
74:48:21:be:e3:bb:1c:3a:2b:27:78:5a:5d:0e:4a:
67:a0:b7:b1:69:bc:aa:21:9f:4f:6e:34:4e:11:e7:
6a:c5:2d:f8:32:bb:01:4b:ee:1e:14:a7:70:0b:fc:
ed:78:0e:88:e3:6d:52:e5:0b:a6:f8:e0:d1:01:f8:
7a:e9:95:d7:56:02:ff:9f:cb:bf:c5:f0:8c:81:d0:
0e:41:fa:f4:d0:e1:1e:68:ed:4c:c3:50:74:16:7a:
c1:0c:66:cc:2b:50:98:03:99:1d:49:a7:34:e6:e5:
7b:5f:4a:9a:eb:db:e3:9f:94:5d:76:12:cc:15:d1:
72:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:A1:B3:20:8F:79:A3:13:24:0D:2B:9F:39:00:AF:F6:AE:AE:B4:08
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/66GzII95oxMkDSufOQCv9q6utAg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
ad:c6:13:e4:9b:c4:75:c3:dd:9f:31:bc:be:db:d7:3d:6b:0f:
c5:6e:56:e8:17:27:3f:9f:97:95:72:66:57:77:09:d2:71:0b:
25:66:38:9a:66:a1:3f:49:97:4e:2e:9d:c8:8e:f6:e2:47:fd:
5f:e3:7a:e4:bc:6e:04:91:c6:ff:d9:40:91:8e:47:7d:05:a8:
f2:99:7d:fc:2b:4f:f4:b5:bd:01:57:37:81:f7:38:a7:9f:c2:
a0:e0:2e:42:10:f3:19:90:56:47:2e:ff:92:04:38:86:5e:12:
83:ce:97:5a:de:8f:a7:0b:4b:40:ba:6e:15:26:fe:f1:a9:62:
6b:c9:b0:67:73:8b:e3:f8:a2:ff:19:25:59:bb:88:03:6f:24:
c9:cd:ba:37:db:13:cd:2d:ab:a4:57:38:42:ef:b3:ab:96:ef:
54:3b:95:0b:4c:2d:d0:e9:f9:07:1b:e8:a4:a4:32:3d:4b:b5:
ed:03:84:5e:b1:a7:8a:84:81:73:c5:6b:f2:af:af:54:ce:31:
27:a2:90:2c:77:b6:8e:43:c3:7f:44:6a:b2:e3:ae:c8:1c:9e:
e7:dc:88:ac:3f:d2:75:92:7d:c8:0b:08:1a:35:3f:ec:15:b7:
ba:b3:1f:65:20:9a:60:c1:b0:5d:c8:94:3a:00:46:18:9d:54:
d5:96:12:b8
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIL0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDMy
MjA4MzlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEVCQTFCMzIwOEY3OUEz
MTMyNDBEMkI5RjM5MDBBRkY2QUVBRUI0MDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7/JbOLPXY3JDFAqeXrdAK8GIm8QTeWk3xiS0vtaj6EK8euQ5f
zi1VQF3L8Wufg0E4fagGSZdND2a+HpgWbo7npPPkOJnvpKe006EahE/AgAhLPZUH
EBWgC6FMj++WiH7VLmpIlwqDnJMPmHfFBqp/ADEcYdQXUKz7DbHixWmnkoz5Q3SX
4HRIIb7juxw6Kyd4Wl0OSmegt7FpvKohn09uNE4R52rFLfgyuwFL7h4Up3AL/O14
DojjbVLlC6b44NEB+HrplddWAv+fy7/F8IyB0A5B+vTQ4R5o7UzDUHQWesEMZswr
UJgDmR1JpzTm5XtfSprr2+OflF12EswV0XINAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU66GzII95oxMkDSufOQCv9q6utAgwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvNjZHeklJOTVveE1r
RFN1Zk9RQ3Y5cTZ1dEFnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAK3GE+SbxHXD3Z8xvL7b1z1rD8Vu
VugXJz+fl5VyZld3CdJxCyVmOJpmoT9Jl04unciO9uJH/V/jeuS8bgSRxv/ZQJGO
R30FqPKZffwrT/S1vQFXN4H3OKefwqDgLkIQ8xmQVkcu/5IEOIZeEoPOl1rej6cL
S0C6bhUm/vGpYmvJsGdzi+P4ov8ZJVm7iANvJMnNujfbE80tq6RXOELvs6uW71Q7
lQtMLdDp+Qcb6KSkMj1Lte0DhF6xp4qEgXPFa/Kvr1TOMSeikCx3to5Dw39EarLj
rsgcnufciKw/0nWSfcgLCBo1P+wVt7qzH2UgmmDBsF3IlDoARhidVNWWErg=
-----END CERTIFICATE-----
Generated at Sat Jun 21 00:46:53 2025 by rpki-client