Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/72PfpkB7BhAF83apHzIC3yvrrAE.roa
File: 72PfpkB7BhAF83apHzIC3yvrrAE.roa (raw, json)
Hash identifier: aNV/IwJfE9diUtupcYjBE3kXMoNhNBc7qKyZQ/mLi3w=
Subject key identifier: EF:63:DF:A6:40:7B:06:10:05:F3:76:A9:1F:32:02:DF:2B:EB:AC:01
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2157
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/72PfpkB7BhAF83apHzIC3yvrrAE.roa
Signing time: Wed 04 Jun 2025 23:38:43 +0000
ROA not before: Wed 04 Jun 2025 23:38:43 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8535 (0x2157)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 4 23:38:43 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=EF63DFA6407B061005F376A91F3202DF2BEBAC01
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:f7:2c:33:fc:9e:43:08:f9:3b:70:85:59:33:
03:95:f8:8c:6a:de:f1:94:8a:c3:e8:4e:ea:90:87:
d9:f4:41:01:f2:a6:6b:87:f8:7d:7f:6a:00:10:9d:
0a:c8:85:94:c1:27:0a:87:f0:76:2c:d4:83:65:5f:
9a:f3:cb:2b:9f:52:5f:19:01:96:62:10:40:54:6a:
f9:5a:e8:4f:44:03:2d:7e:21:f4:f6:73:4c:4b:92:
24:95:0c:a4:c3:5f:cb:f6:e4:e2:4a:61:60:e4:3e:
ea:f1:75:38:92:68:b8:de:07:4e:13:79:9e:3a:03:
3c:23:67:b8:7f:8e:bb:bc:ad:63:c4:9d:dd:93:81:
be:c4:85:fc:e2:39:28:5e:fd:fb:5f:44:dd:51:ad:
e5:4c:ab:41:1f:da:87:d3:a5:98:d7:18:76:f9:d6:
7b:8f:9d:f8:21:31:c9:e0:c3:20:aa:a1:99:d5:af:
59:51:33:81:1a:2b:2e:2f:ee:18:be:ef:a6:1c:ed:
05:f0:40:c7:78:c4:b3:44:ed:bb:14:61:b9:61:cb:
b2:b3:c0:62:17:7c:03:ee:ea:42:13:bb:f5:1a:c3:
f6:38:b5:a7:35:d6:fb:d5:13:6f:c0:1f:3b:08:d3:
15:28:2e:51:88:fa:db:26:8f:4a:3c:de:46:3e:27:
85:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:63:DF:A6:40:7B:06:10:05:F3:76:A9:1F:32:02:DF:2B:EB:AC:01
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/72PfpkB7BhAF83apHzIC3yvrrAE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
33:e7:70:6e:35:f5:e4:e2:76:d4:87:5e:a6:c0:56:f3:48:32:
5b:b6:66:f3:d5:7d:b6:50:22:4b:3c:05:db:a1:23:35:13:da:
b6:45:ac:02:25:60:e5:91:f5:63:c9:63:24:ef:2f:87:85:69:
85:e9:02:00:c1:13:9a:dc:fd:bc:1c:48:dd:71:61:28:d9:4f:
e0:a4:7e:c1:1d:91:90:96:0e:bc:e1:75:e4:50:0e:a2:25:12:
8b:d1:01:90:ac:9e:e8:b5:ae:64:c8:7b:95:ca:41:85:45:53:
05:57:a8:c3:14:45:5a:a3:38:39:06:1f:3c:3e:57:9e:2b:9d:
de:4c:59:86:cf:71:83:6b:ff:f7:7a:a4:f4:bc:27:91:f7:c7:
23:58:ec:ca:c0:eb:56:7d:fe:b7:fe:d4:11:57:08:8c:e3:3f:
8f:6e:eb:8c:6e:c5:6d:6b:0f:a1:a8:2c:1f:0c:0f:b4:1e:59:
3e:43:aa:38:a3:00:3f:3d:08:8b:5c:3d:30:8b:62:c6:52:7a:
a6:0c:df:58:87:95:d3:a1:97:81:dc:24:7e:07:3b:e4:a2:35:
4a:eb:31:b9:78:31:99:96:cb:30:4a:d2:a4:9b:7c:60:27:97:
a7:b3:3e:9e:70:7f:8c:18:c9:3e:be:06:df:28:ea:ab:98:26:
18:17:14:d6
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIVcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDQy
MzM4NDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEVGNjNERkE2NDA3QjA2
MTAwNUYzNzZBOTFGMzIwMkRGMkJFQkFDMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDL9ywz/J5DCPk7cIVZMwOV+Ixq3vGUisPoTuqQh9n0QQHypmuH
+H1/agAQnQrIhZTBJwqH8HYs1INlX5rzyyufUl8ZAZZiEEBUavla6E9EAy1+IfT2
c0xLkiSVDKTDX8v25OJKYWDkPurxdTiSaLjeB04TeZ46AzwjZ7h/jru8rWPEnd2T
gb7EhfziOShe/ftfRN1RreVMq0Ef2ofTpZjXGHb51nuPnfghMcngwyCqoZnVr1lR
M4EaKy4v7hi+76Yc7QXwQMd4xLNE7bsUYblhy7KzwGIXfAPu6kITu/Uaw/Y4tac1
1vvVE2/AHzsI0xUoLlGI+tsmj0o83kY+J4WvAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU72PfpkB7BhAF83apHzIC3yvrrAEwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvNzJQZnBrQjdCaEFG
ODNhcEh6SUMzeXZyckFFLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBADPncG419eTidtSHXqbAVvNIMlu2
ZvPVfbZQIks8BduhIzUT2rZFrAIlYOWR9WPJYyTvL4eFaYXpAgDBE5rc/bwcSN1x
YSjZT+CkfsEdkZCWDrzhdeRQDqIlEovRAZCsnui1rmTIe5XKQYVFUwVXqMMURVqj
ODkGHzw+V54rnd5MWYbPcYNr//d6pPS8J5H3xyNY7MrA61Z9/rf+1BFXCIzjP49u
64xuxW1rD6GoLB8MD7QeWT5DqjijAD89CItcPTCLYsZSeqYM31iHldOhl4HcJH4H
O+SiNUrrMbl4MZmWyzBK0qSbfGAnl6ezPp5wf4wYyT6+Bt8o6quYJhgXFNY=
-----END CERTIFICATE-----
Generated at Fri Jun 20 11:36:17 2025 by rpki-client