Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/6F1Xw-VRd4GHXfzs849FqaISnDI.roa
File: 6F1Xw-VRd4GHXfzs849FqaISnDI.roa (raw, json)
Hash identifier: Nl0nM8FRraNDUfJLGOMwZ31xHhTe4YbtGu3KqkvOo08=
Subject key identifier: E8:5D:57:C3:E5:51:77:81:87:5D:FC:EC:F3:8F:45:A9:A2:12:9C:32
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 248A
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/6F1Xw-VRd4GHXfzs849FqaISnDI.roa
Signing time: Tue 10 Jun 2025 16:09:07 +0000
ROA not before: Tue 10 Jun 2025 16:09:07 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9354 (0x248a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 10 16:09:07 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E85D57C3E5517781875DFCECF38F45A9A2129C32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:fb:fc:a1:0f:9d:76:d9:ad:b3:55:3b:6d:45:
f0:12:35:00:ff:70:d4:ce:cc:86:3f:93:ec:db:57:
1a:f8:6c:57:d1:ba:1b:f2:87:a9:fd:71:02:e6:82:
1a:86:a7:96:c0:f3:05:d4:f9:15:7b:0d:3c:ec:ae:
8e:8e:3a:d1:b6:59:29:c9:6d:b1:43:da:f0:b3:e4:
24:96:04:66:2e:d1:66:33:a9:63:1c:62:ec:5d:e5:
a6:7f:85:f2:bc:52:45:38:af:5b:fc:f7:3f:d3:6e:
5f:fc:d3:f4:7b:6e:48:da:eb:d5:4d:79:7f:d6:e7:
b0:00:22:0f:d0:e4:28:9a:e9:a4:17:e7:1c:6e:f2:
5e:81:c8:63:d6:4b:d0:20:a8:43:a6:bc:8d:ca:0a:
d3:b4:98:f3:2b:15:a4:76:10:8b:66:9c:74:cb:21:
d3:ec:40:10:8c:02:cc:f0:27:bf:0f:bf:3e:18:16:
00:71:08:6a:c2:21:0b:04:8e:36:cf:e4:06:c8:30:
54:21:a1:13:a0:27:9b:40:52:85:b0:ee:d7:92:6d:
51:1e:a9:6e:97:2a:45:61:94:bd:d6:c6:31:91:47:
44:a8:1d:3c:6a:43:a9:ef:8e:33:d0:a0:58:3e:3c:
6d:a2:b7:4e:47:0d:66:98:a4:3f:18:d6:35:30:22:
01:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:5D:57:C3:E5:51:77:81:87:5D:FC:EC:F3:8F:45:A9:A2:12:9C:32
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/6F1Xw-VRd4GHXfzs849FqaISnDI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
ab:c6:74:c7:25:ce:81:9c:44:e7:30:b1:6b:54:be:32:49:55:
5d:fc:4b:4d:0c:4d:47:01:51:f8:73:87:a7:6f:3b:f8:46:1c:
92:0f:52:db:84:c3:57:91:2b:17:87:51:25:68:95:9b:b3:b4:
fa:de:4c:c4:6d:37:90:6a:da:b3:f3:36:fd:05:15:0a:fe:a4:
7b:b1:8e:34:8b:9c:c1:84:c3:c9:bb:82:3b:fd:c5:a4:6b:2e:
cf:33:5b:dc:a9:7a:63:28:12:5e:c2:23:f9:0d:df:11:06:34:
ba:ea:57:5b:6f:3c:4d:a5:e1:5e:3b:e5:a9:89:6b:28:db:41:
b8:e8:9a:44:75:cd:38:61:a3:75:93:f8:00:8f:3f:56:6d:74:
81:66:19:24:36:10:dd:2f:3b:58:66:7e:77:2e:13:2c:7f:13:
46:2c:be:39:a6:f4:ea:3b:4d:f8:7f:7b:bb:84:d1:c1:22:81:
b2:4f:f7:b4:f4:64:33:c6:36:40:cb:29:54:62:1d:7a:c1:94:
42:4a:9f:c9:6d:28:2f:ac:7f:a5:32:10:17:6c:2e:59:15:06:
07:ba:9d:f7:56:ba:1a:a7:7a:6f:81:43:b4:41:e8:bb:38:f8:
e6:2b:50:76:0d:ab:a7:de:d3:94:c3:b9:3f:c9:34:76:6a:6b:
b2:14:87:0c
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJIowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTAx
NjA5MDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEU4NUQ1N0MzRTU1MTc3
ODE4NzVERkNFQ0YzOEY0NUE5QTIxMjlDMzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDA+/yhD5122a2zVTttRfASNQD/cNTOzIY/k+zbVxr4bFfRuhvy
h6n9cQLmghqGp5bA8wXU+RV7DTzsro6OOtG2WSnJbbFD2vCz5CSWBGYu0WYzqWMc
Yuxd5aZ/hfK8UkU4r1v89z/Tbl/80/R7bkja69VNeX/W57AAIg/Q5Cia6aQX5xxu
8l6ByGPWS9AgqEOmvI3KCtO0mPMrFaR2EItmnHTLIdPsQBCMAszwJ78Pvz4YFgBx
CGrCIQsEjjbP5AbIMFQhoROgJ5tAUoWw7teSbVEeqW6XKkVhlL3WxjGRR0SoHTxq
Q6nvjjPQoFg+PG2it05HDWaYpD8Y1jUwIgHRAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU6F1Xw+VRd4GHXfzs849FqaISnDIwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvNkYxWHctVlJkNEdI
WGZ6czg0OUZxYUlTbkRJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAKvGdMclzoGcROcwsWtUvjJJVV38
S00MTUcBUfhzh6dvO/hGHJIPUtuEw1eRKxeHUSVolZuztPreTMRtN5Bq2rPzNv0F
FQr+pHuxjjSLnMGEw8m7gjv9xaRrLs8zW9ypemMoEl7CI/kN3xEGNLrqV1tvPE2l
4V475amJayjbQbjomkR1zThho3WT+ACPP1ZtdIFmGSQ2EN0vO1hmfncuEyx/E0Ys
vjmm9Oo7Tfh/e7uE0cEigbJP97T0ZDPGNkDLKVRiHXrBlEJKn8ltKC+sf6UyEBds
LlkVBge6nfdWuhqnem+BQ7RB6Ls4+OYrUHYNq6fe05TDuT/JNHZqa7IUhww=
-----END CERTIFICATE-----
Generated at Fri Jun 20 21:34:50 2025 by rpki-client