Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/8fJmjfjY6danofWi-VeYhYzy8yA.roa
File: 8fJmjfjY6danofWi-VeYhYzy8yA.roa (raw, json)
Hash identifier: WMdTO0IjjoLuWpIzYSF78txTSq40UnzRm7XMFINbuGk=
Subject key identifier: F1:F2:66:8D:F8:D8:E9:D6:A7:A1:F5:A2:F9:57:98:85:8C:F2:F3:20
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 209A
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/8fJmjfjY6danofWi-VeYhYzy8yA.roa
Signing time: Tue 03 Jun 2025 16:08:43 +0000
ROA not before: Tue 03 Jun 2025 16:08:43 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8346 (0x209a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 3 16:08:43 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F1F2668DF8D8E9D6A7A1F5A2F95798858CF2F320
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:93:25:55:da:c9:ae:2a:20:f5:ba:f9:02:9c:
ab:12:06:d4:b3:d9:33:b2:62:c7:01:2a:f9:46:9c:
05:10:5a:3a:2f:08:2a:35:87:40:a0:73:5c:b5:4e:
25:41:2a:f6:3f:05:42:68:05:40:f9:8b:3b:53:b8:
ce:bd:2f:25:d8:11:0d:33:7e:9c:1a:bc:85:7d:51:
df:a8:77:62:35:f3:e4:86:1e:d5:bd:0b:95:cc:f3:
b6:3b:bb:b4:87:6d:fd:ab:18:30:f3:99:de:19:06:
fb:19:18:3d:21:59:50:7f:22:f5:4e:86:da:6a:c4:
9f:ed:a4:7a:26:b1:a0:32:8f:7c:fd:c1:be:81:ce:
f4:7a:c0:dc:95:90:15:cc:ee:56:e3:70:59:d1:fe:
2a:b1:4c:c3:d9:08:38:4d:64:8c:c8:24:a9:df:dc:
e3:d4:37:05:84:69:ee:9e:ea:56:63:47:3d:1d:f2:
f9:e2:f2:f6:d4:30:c9:e4:63:5c:b9:5b:cd:ac:b6:
36:37:03:07:1b:1f:ad:f2:97:e7:a1:1e:55:38:ab:
0f:ab:70:fb:65:e5:eb:57:7a:98:13:a3:e9:09:68:
02:0f:b3:51:2e:d5:29:da:a4:7e:4e:c5:06:8c:60:
03:bf:d0:f7:94:9f:30:ee:93:96:c5:8b:36:62:5b:
99:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:F2:66:8D:F8:D8:E9:D6:A7:A1:F5:A2:F9:57:98:85:8C:F2:F3:20
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/8fJmjfjY6danofWi-VeYhYzy8yA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
b8:94:c8:ee:fe:66:78:db:24:c0:28:26:d0:96:8c:3b:44:c1:
b6:3f:47:78:e8:36:e4:c1:36:8a:71:48:42:b4:76:03:d8:38:
6f:4f:36:3e:fb:7c:aa:59:df:49:d0:b8:bb:d1:cd:57:c9:8e:
36:e7:06:21:63:d7:fc:cc:f6:08:4f:eb:1a:b5:b9:94:7c:47:
39:62:6b:16:06:16:b5:7e:64:64:d4:62:ac:db:68:f5:fd:98:
4a:1a:0d:67:46:77:d9:62:08:d3:30:dd:6d:1b:e1:9a:8a:e2:
04:d2:cd:44:b1:14:fb:74:81:10:31:6e:7c:70:c4:bd:58:b1:
a8:c6:55:e3:b7:73:fd:09:d2:5c:b7:2c:2f:09:08:ce:b5:40:
ff:b1:54:71:96:59:f2:b9:a2:ab:70:09:6a:e8:71:88:42:d7:
8d:c5:a5:06:b6:2d:e3:ab:13:0e:fc:dd:f5:d2:3f:af:bc:8f:
79:11:54:24:46:ec:ab:ad:a9:82:ac:cd:4e:37:f0:06:e4:26:
08:07:0e:a3:2c:d4:f3:8d:e1:30:e3:6e:29:c1:6e:a7:44:47:
ce:e6:b2:a8:a8:b6:5d:94:39:13:e7:3a:6c:d2:96:d9:55:7e:
6a:70:f1:b0:d7:94:71:42:89:f2:8f:07:43:e4:bc:0d:9e:22:
7a:73:bc:f4
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIJowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDMx
NjA4NDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEYxRjI2NjhERjhEOEU5
RDZBN0ExRjVBMkY5NTc5ODg1OENGMkYzMjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDekyVV2smuKiD1uvkCnKsSBtSz2TOyYscBKvlGnAUQWjovCCo1
h0Cgc1y1TiVBKvY/BUJoBUD5iztTuM69LyXYEQ0zfpwavIV9Ud+od2I18+SGHtW9
C5XM87Y7u7SHbf2rGDDzmd4ZBvsZGD0hWVB/IvVOhtpqxJ/tpHomsaAyj3z9wb6B
zvR6wNyVkBXM7lbjcFnR/iqxTMPZCDhNZIzIJKnf3OPUNwWEae6e6lZjRz0d8vni
8vbUMMnkY1y5W82stjY3AwcbH63yl+ehHlU4qw+rcPtl5etXepgTo+kJaAIPs1Eu
1SnapH5OxQaMYAO/0PeUnzDuk5bFizZiW5lBAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU8fJmjfjY6danofWi+VeYhYzy8yAwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvOGZKbWpmalk2ZGFu
b2ZXaS1WZVloWXp5OHlBLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALiUyO7+ZnjbJMAoJtCWjDtEwbY/
R3joNuTBNopxSEK0dgPYOG9PNj77fKpZ30nQuLvRzVfJjjbnBiFj1/zM9ghP6xq1
uZR8RzliaxYGFrV+ZGTUYqzbaPX9mEoaDWdGd9liCNMw3W0b4ZqK4gTSzUSxFPt0
gRAxbnxwxL1YsajGVeO3c/0J0ly3LC8JCM61QP+xVHGWWfK5oqtwCWrocYhC143F
pQa2LeOrEw783fXSP6+8j3kRVCRG7KutqYKszU438AbkJggHDqMs1PON4TDjbinB
bqdER87msqiotl2UORPnOmzSltlVfmpw8bDXlHFCifKPB0PkvA2eInpzvPQ=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:52:11 2025 by rpki-client