Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/7RA1MPTfKy0Y3M6wyOZczACLLak.roa
File: 7RA1MPTfKy0Y3M6wyOZczACLLak.roa (raw, json)
Hash identifier: aq5frvjNHnryPHwDJ8UeQhHCx2EdNK22LpuC4tAKoCs=
Subject key identifier: ED:10:35:30:F4:DF:2B:2D:18:DC:CE:B0:C8:E6:5C:CC:00:8B:2D:A9
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 46F4
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/7RA1MPTfKy0Y3M6wyOZczACLLak.roa
Signing time: Mon 11 Aug 2025 08:31:15 +0000
ROA not before: Mon 11 Aug 2025 08:31:15 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18164 (0x46f4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Aug 11 08:31:15 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=ED103530F4DF2B2D18DCCEB0C8E65CCC008B2DA9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:ba:1c:ff:b3:41:e5:ed:ca:5e:ed:bb:d0:40:
d9:7e:40:c8:07:7a:a5:29:80:b2:23:68:29:74:0b:
41:c1:5d:02:dd:e3:c8:92:c9:04:26:5d:83:72:1f:
05:be:b9:00:4b:85:d0:51:92:51:2e:24:75:5c:ee:
2b:a5:c3:9e:28:3f:b2:7b:f0:50:9b:21:86:3d:7f:
97:b3:ed:fa:c6:58:78:65:74:68:ee:58:82:dc:9b:
d4:3d:77:db:ab:b6:4d:28:00:c0:ec:e7:70:5a:fc:
95:c2:84:c1:ef:ed:7f:bd:f7:73:87:9a:ec:f4:12:
ed:ab:f6:19:ca:71:07:8a:07:cf:c4:82:68:e4:e8:
46:46:fb:6f:be:45:59:61:ec:0b:e9:56:7a:42:91:
18:c8:71:38:ce:0b:56:0e:21:16:99:54:65:b0:ac:
fd:f4:6a:96:a9:f1:5e:17:47:38:26:22:b3:0e:b8:
b8:2a:1c:d3:56:ae:d2:11:19:2f:46:75:0f:63:ed:
ff:5f:4d:a7:d9:7c:fc:27:d1:1b:b8:4d:8b:b5:7d:
19:1d:08:b8:9d:77:42:f1:9a:08:1b:7a:bc:e5:e8:
98:11:54:67:40:ea:72:e6:9d:fe:27:9f:36:27:1c:
80:ad:fc:84:70:b5:5e:7b:66:76:91:10:c9:e2:7a:
f6:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:10:35:30:F4:DF:2B:2D:18:DC:CE:B0:C8:E6:5C:CC:00:8B:2D:A9
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/7RA1MPTfKy0Y3M6wyOZczACLLak.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
98:31:da:98:44:be:06:65:0a:a1:40:34:71:25:30:56:b9:cb:
1a:89:74:8b:04:20:1a:85:7b:54:14:1a:63:d6:99:55:78:7b:
4c:bd:60:27:33:9e:d1:c9:4e:04:68:69:d8:1c:c5:b1:2c:82:
0f:49:03:f2:cc:fd:f2:0c:77:f6:58:96:87:7d:73:94:0f:8f:
70:25:be:92:6b:ff:d2:29:f2:cf:76:31:11:3f:35:5b:b2:b2:
e7:2f:4e:8e:03:d6:14:89:9a:2b:08:73:56:fb:3f:25:8b:08:
b0:ad:dc:c4:79:b9:eb:5f:d7:2b:31:ee:3d:9b:05:ff:a3:00:
e7:c2:1b:2f:96:7c:60:7b:d2:0e:ef:5a:d3:7f:13:7e:04:24:
e1:d3:2e:83:fa:eb:42:0a:55:e8:03:54:7a:27:94:aa:83:d9:
1b:2a:60:7a:b9:e5:e1:0b:82:ba:e8:80:61:e2:29:27:3d:80:
7c:0d:e2:27:28:fd:54:d2:46:62:00:4e:b7:6c:f1:58:89:7e:
fc:9e:55:df:48:09:21:2a:c4:29:7a:49:23:a7:c6:a7:dc:6e:
5a:a6:3b:db:e6:66:d0:53:26:3d:b9:cf:af:0f:6a:34:81:80:
53:09:9a:90:a0:0a:0e:78:bf:a6:d0:11:74:86:f5:0f:f5:08:
43:22:5f:08
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICRvQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA4MTEw
ODMxMTVaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEVEMTAzNTMwRjRERjJC
MkQxOERDQ0VCMEM4RTY1Q0NDMDA4QjJEQTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAuhz/s0Hl7cpe7bvQQNl+QMgHeqUpgLIjaCl0C0HBXQLd48iS
yQQmXYNyHwW+uQBLhdBRklEuJHVc7iulw54oP7J78FCbIYY9f5ez7frGWHhldGju
WILcm9Q9d9urtk0oAMDs53Ba/JXChMHv7X+993OHmuz0Eu2r9hnKcQeKB8/Egmjk
6EZG+2++RVlh7AvpVnpCkRjIcTjOC1YOIRaZVGWwrP30apap8V4XRzgmIrMOuLgq
HNNWrtIRGS9GdQ9j7f9fTafZfPwn0Ru4TYu1fRkdCLidd0Lxmggberzl6JgRVGdA
6nLmnf4nnzYnHICt/IRwtV57ZnaREMnievZPAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU7RA1MPTfKy0Y3M6wyOZczACLLakwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvN1JBMU1QVGZLeTBZ
M002d3lPWmN6QUNMTGFrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAJgx2phEvgZlCqFANHElMFa5yxqJ
dIsEIBqFe1QUGmPWmVV4e0y9YCczntHJTgRoadgcxbEsgg9JA/LM/fIMd/ZYlod9
c5QPj3AlvpJr/9Ip8s92MRE/NVuysucvTo4D1hSJmisIc1b7PyWLCLCt3MR5uetf
1ysx7j2bBf+jAOfCGy+WfGB70g7vWtN/E34EJOHTLoP660IKVegDVHonlKqD2Rsq
YHq55eELgrrogGHiKSc9gHwN4ico/VTSRmIATrds8ViJfvyeVd9ICSEqxCl6SSOn
xqfcblqmO9vmZtBTJj25z68PajSBgFMJmpCgCg54v6bQEXSG9Q/1CEMiXwg=
-----END CERTIFICATE-----
Generated at Mon Aug 11 13:11:34 2025 by rpki-client