Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/8qgviAtl-qgacYbJBH1BdSHnak0.roa
File: 8qgviAtl-qgacYbJBH1BdSHnak0.roa (raw, json)
Hash identifier: MZTq7MkvQOXabfnhHdmTaZxBAZwUGu7V+YOx7qA34Po=
Subject key identifier: F2:A8:2F:88:0B:65:FA:A8:1A:71:86:C9:04:7D:41:75:21:E7:6A:4D
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C58
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/8qgviAtl-qgacYbJBH1BdSHnak0.roa
Signing time: Tue 27 May 2025 02:38:06 +0000
ROA not before: Tue 27 May 2025 02:38:06 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7256 (0x1c58)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 27 02:38:06 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F2A82F880B65FAA81A7186C9047D417521E76A4D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:cb:77:94:7b:c5:6a:7d:54:5c:6e:66:ee:a2:
9e:c1:20:1c:73:68:bd:6c:b2:f9:20:83:9f:f7:51:
82:4c:0d:18:bf:31:0b:3a:d3:1d:6c:c3:f6:77:52:
cb:08:ce:1f:e8:64:b8:b7:c8:dc:57:66:b1:7c:18:
d3:9a:84:95:72:58:e7:50:e1:6a:fa:b8:4e:e5:11:
95:cd:27:0b:08:53:ec:8d:7e:6e:e5:85:b1:22:77:
75:17:52:26:65:3f:ed:a0:3e:1e:fc:c2:0f:0c:b6:
3b:18:dd:43:4a:c7:27:94:2d:09:0e:8b:84:04:50:
b9:9a:d0:44:92:4b:c0:94:08:77:8b:96:35:eb:0b:
ef:92:44:04:24:90:f1:b5:60:b4:3f:b3:d2:71:a0:
4a:7b:10:cb:fc:51:bb:b6:65:d4:76:98:6f:4b:5d:
a3:90:ed:79:66:25:91:e1:52:46:86:b6:1b:af:f7:
5b:ed:9b:ab:7a:a2:c6:24:b3:c3:97:62:dd:3d:54:
09:45:f0:b1:34:b7:62:4e:98:93:38:17:f7:e8:b3:
cd:2f:da:7a:4b:12:d6:b9:16:65:fd:12:0b:37:04:
b7:d1:d0:63:7d:0a:d4:36:1b:1b:1c:34:5d:d7:a2:
8a:bf:26:1b:8a:81:95:88:94:2a:31:19:a4:96:2b:
56:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:A8:2F:88:0B:65:FA:A8:1A:71:86:C9:04:7D:41:75:21:E7:6A:4D
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/8qgviAtl-qgacYbJBH1BdSHnak0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
11:69:ec:a1:3d:88:38:49:3b:60:7c:49:5e:99:6a:ef:4b:06:
3d:52:da:13:42:43:47:ed:c2:ad:24:7b:d2:7e:23:4b:4f:e6:
34:d5:c6:e1:f0:5f:a9:b7:74:3e:7c:ed:75:be:c7:95:39:68:
45:38:e4:95:3a:7f:ea:78:ec:0b:1f:22:92:6f:eb:32:40:01:
8e:83:07:a7:45:67:82:49:e0:f9:49:77:c3:17:d5:38:e8:71:
f7:7f:1e:88:56:e4:bc:0c:83:91:90:b3:b5:86:9e:3f:f9:1e:
d5:41:de:ed:6e:f4:2c:62:48:6c:7f:bc:55:76:e5:01:7a:18:
d4:c1:a3:79:63:37:c4:87:88:79:8a:5a:6f:98:a5:a8:58:0d:
5b:29:a5:57:bc:47:27:82:17:c4:a9:52:d0:24:0c:fc:c4:81:
2c:d9:75:48:f1:90:29:29:a6:ee:8b:ff:09:ad:07:3e:fc:f7:
15:1f:9e:67:3d:58:d6:7d:b7:dc:92:a7:8a:50:3c:a2:c5:e6:
d9:19:3b:9f:27:43:0a:e7:1c:49:1c:d9:df:d7:00:62:a9:66:
ab:26:d2:08:92:da:d9:5c:92:01:1e:bd:4e:c2:de:11:3c:ee:
8f:a0:68:f0:28:ee:0e:f1:98:0d:7c:0f:27:ce:f8:1b:76:94:
2e:f9:c4:33
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHFgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1Mjcw
MjM4MDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEYyQTgyRjg4MEI2NUZB
QTgxQTcxODZDOTA0N0Q0MTc1MjFFNzZBNEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGy3eUe8VqfVRcbmbuop7BIBxzaL1ssvkgg5/3UYJMDRi/MQs6
0x1sw/Z3UssIzh/oZLi3yNxXZrF8GNOahJVyWOdQ4Wr6uE7lEZXNJwsIU+yNfm7l
hbEid3UXUiZlP+2gPh78wg8MtjsY3UNKxyeULQkOi4QEULma0ESSS8CUCHeLljXr
C++SRAQkkPG1YLQ/s9JxoEp7EMv8Ubu2ZdR2mG9LXaOQ7XlmJZHhUkaGthuv91vt
m6t6osYks8OXYt09VAlF8LE0t2JOmJM4F/fos80v2npLEta5FmX9Egs3BLfR0GN9
CtQ2GxscNF3Xooq/JhuKgZWIlCoxGaSWK1YnAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU8qgviAtl+qgacYbJBH1BdSHnak0wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvOHFndmlBdGwtcWdh
Y1liSkJIMUJkU0huYWswLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABFp7KE9iDhJO2B8SV6Zau9LBj1S
2hNCQ0ftwq0ke9J+I0tP5jTVxuHwX6m3dD587XW+x5U5aEU45JU6f+p47AsfIpJv
6zJAAY6DB6dFZ4JJ4PlJd8MX1Tjocfd/HohW5LwMg5GQs7WGnj/5HtVB3u1u9Cxi
SGx/vFV25QF6GNTBo3ljN8SHiHmKWm+YpahYDVsppVe8RyeCF8SpUtAkDPzEgSzZ
dUjxkCkppu6L/wmtBz789xUfnmc9WNZ9t9ySp4pQPKLF5tkZO58nQwrnHEkc2d/X
AGKpZqsm0giS2tlckgEevU7C3hE87o+gaPAo7g7xmA18DyfO+Bt2lC75xDM=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:57:07 2025 by rpki-client