Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/6IczwYK8VhauPK-4nYiIjxMyadc.roa
File: 6IczwYK8VhauPK-4nYiIjxMyadc.roa (raw, json)
Hash identifier: LVEJ/LoaRA8FuAwx2wR+py6TWh9eC0tYQVJXreADxRo=
Subject key identifier: E8:87:33:C1:82:BC:56:16:AE:3C:AF:B8:9D:88:88:8F:13:32:69:D7
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 254A
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/6IczwYK8VhauPK-4nYiIjxMyadc.roa
Signing time: Thu 12 Jun 2025 00:09:11 +0000
ROA not before: Thu 12 Jun 2025 00:09:11 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9546 (0x254a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 00:09:11 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E88733C182BC5616AE3CAFB89D88888F133269D7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:c3:23:00:a2:c5:5f:68:3f:c5:46:cb:14:b6:
92:96:fe:bd:1d:92:40:d8:1d:b5:5a:54:71:52:24:
f4:d0:1b:8d:2a:20:2a:63:87:e0:ae:cd:e6:08:0c:
e9:ed:6f:e7:8f:33:20:f0:20:60:70:67:ee:9f:4c:
c1:13:96:94:f5:c1:29:e4:10:ad:a4:0b:1c:cd:09:
84:1e:0b:94:13:18:82:b6:13:b9:d3:eb:e0:fe:ce:
c8:8a:12:b8:d0:84:b4:d3:e0:2c:09:4c:74:45:85:
e9:e5:94:78:77:32:74:6e:87:65:55:c9:78:d1:e5:
44:28:7a:b3:6e:81:2f:72:09:11:71:c6:50:95:42:
2b:dc:b3:b6:1f:1b:17:76:b7:72:08:0c:34:a7:e4:
96:b1:d6:c1:86:ab:4d:4c:cb:82:3b:79:52:f1:36:
35:a9:86:a6:35:8d:0e:cd:84:82:b4:cc:7c:16:30:
6c:c7:c7:8b:32:da:05:6d:a1:eb:31:c2:92:76:76:
06:43:c3:e6:0b:6b:84:e9:2d:ae:8a:c8:b6:62:b2:
03:e6:20:40:e4:c2:68:1f:86:50:fa:08:17:7b:56:
a8:f6:7e:dd:d3:74:63:77:97:a0:4e:24:b0:8f:97:
e6:f2:1a:22:97:8e:5a:f8:0d:15:6c:41:b7:fd:8f:
f3:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:87:33:C1:82:BC:56:16:AE:3C:AF:B8:9D:88:88:8F:13:32:69:D7
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/6IczwYK8VhauPK-4nYiIjxMyadc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
42:e7:49:2d:d5:10:f9:e1:4b:f9:bb:7c:f2:3f:a8:a1:eb:4d:
ed:ea:2e:79:20:b6:73:13:9d:33:36:83:3b:2d:34:e8:b7:43:
cf:d8:f8:54:99:d7:9b:b4:fe:a3:91:d3:73:4b:80:be:ab:04:
6e:93:51:76:25:ab:46:f5:85:42:c4:dc:f3:9b:29:33:cc:84:
9e:30:b8:19:b9:1d:9b:fa:83:e3:f6:61:96:5a:98:4e:6f:67:
7b:fb:e5:fd:05:25:83:12:9e:60:fa:db:2e:40:e2:a9:a7:d3:
ec:d7:49:4b:81:4b:5a:99:91:d4:d4:08:c7:f6:24:e5:de:f1:
a6:01:7e:17:96:e8:23:82:2f:e1:5e:b4:44:15:0e:28:ad:f4:
8c:ad:59:2e:d2:7d:95:c5:08:15:9c:24:6c:fe:1c:fd:1a:6b:
ef:fc:6c:c2:65:cd:f2:e1:0a:c8:63:59:a7:e6:df:4e:26:48:
a5:19:d0:bf:a1:68:6d:6a:31:aa:c3:2c:ca:fb:df:78:6c:91:
02:52:52:77:6f:d1:fe:ad:b1:ab:b4:f7:dc:e0:d2:b9:fb:8c:
72:aa:2d:43:2d:7d:e9:8f:ba:9b:4e:79:a6:e0:d0:ba:fb:63:
25:07:4e:59:d9:30:f3:ed:3e:5f:b4:2b:e2:c0:57:ba:8c:8c:
e8:77:54:0c
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJUowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIw
MDA5MTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEU4ODczM0MxODJCQzU2
MTZBRTNDQUZCODlEODg4ODhGMTMzMjY5RDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwwyMAosVfaD/FRssUtpKW/r0dkkDYHbVaVHFSJPTQG40qICpj
h+CuzeYIDOntb+ePMyDwIGBwZ+6fTMETlpT1wSnkEK2kCxzNCYQeC5QTGIK2E7nT
6+D+zsiKErjQhLTT4CwJTHRFhenllHh3MnRuh2VVyXjR5UQoerNugS9yCRFxxlCV
Qivcs7YfGxd2t3IIDDSn5Jax1sGGq01My4I7eVLxNjWphqY1jQ7NhIK0zHwWMGzH
x4sy2gVtoesxwpJ2dgZDw+YLa4TpLa6KyLZisgPmIEDkwmgfhlD6CBd7Vqj2ft3T
dGN3l6BOJLCPl+byGiKXjlr4DRVsQbf9j/NFAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU6IczwYK8VhauPK+4nYiIjxMyadcwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvNkljendZSzhWaGF1
UEstNG5ZaUlqeE15YWRjLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAELnSS3VEPnhS/m7fPI/qKHrTe3q
LnkgtnMTnTM2gzstNOi3Q8/Y+FSZ15u0/qOR03NLgL6rBG6TUXYlq0b1hULE3POb
KTPMhJ4wuBm5HZv6g+P2YZZamE5vZ3v75f0FJYMSnmD62y5A4qmn0+zXSUuBS1qZ
kdTUCMf2JOXe8aYBfheW6COCL+FetEQVDiit9IytWS7SfZXFCBWcJGz+HP0aa+/8
bMJlzfLhCshjWafm304mSKUZ0L+haG1qMarDLMr733hskQJSUndv0f6tsau099zg
0rn7jHKqLUMtfemPuptOeabg0Lr7YyUHTlnZMPPtPl+0K+LAV7qMjOh3VAw=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:15:25 2025 by rpki-client