Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/93BzQMzxGw6TSA7UduX2Ff1YnvA.roa
File: 93BzQMzxGw6TSA7UduX2Ff1YnvA.roa (raw, json)
Hash identifier: Zk7Jp6SZHoLaTjAf8QJoVCyj7jxp0nBrNkRhctSv5lA=
Subject key identifier: F7:70:73:40:CC:F1:1B:0E:93:48:0E:D4:76:E5:F6:15:FD:58:9E:F0
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C1A
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/93BzQMzxGw6TSA7UduX2Ff1YnvA.roa
Signing time: Mon 26 May 2025 16:08:14 +0000
ROA not before: Mon 26 May 2025 16:08:14 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7194 (0x1c1a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 26 16:08:14 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F7707340CCF11B0E93480ED476E5F615FD589EF0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:c5:ff:49:31:d9:3d:02:1f:9e:91:71:43:37:
c5:85:da:be:d7:1a:e8:d8:d1:a1:03:dd:e9:f0:f7:
65:ac:7a:d0:58:6b:ae:fa:07:6e:83:b7:b7:ec:a0:
2b:d3:3f:47:5b:7f:22:3a:f0:c3:12:5a:1d:5f:7a:
d3:78:ae:a7:db:10:f7:10:56:25:6b:92:56:06:71:
cf:82:e5:79:60:29:1d:92:ba:dd:7d:c6:3d:0a:ea:
af:90:bf:4b:b3:27:9a:f8:b1:63:58:7d:6d:17:2b:
46:f7:a1:68:09:b4:2a:76:4c:9a:a3:ff:e1:21:f4:
30:59:7a:2d:de:b3:03:2b:24:8b:0e:99:74:c5:b7:
df:71:20:01:87:f2:83:80:f8:62:ba:7e:3f:00:4a:
6c:fe:f5:17:81:bc:a0:f5:89:f5:9d:fa:c2:59:6d:
e3:db:54:6d:10:93:2b:05:ae:93:ce:54:2e:1b:39:
38:5b:8d:e1:94:85:f5:74:34:43:1e:dd:af:90:2a:
12:eb:2b:84:35:28:91:49:62:56:b9:72:df:77:2f:
c0:df:1c:6b:5b:9f:c7:c6:eb:e4:06:52:a4:dc:4c:
48:df:e2:a9:fd:a8:76:c7:1a:1b:13:77:fb:80:e0:
12:5c:37:b9:68:f6:0b:9c:a7:9e:83:2f:db:55:4f:
c6:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:70:73:40:CC:F1:1B:0E:93:48:0E:D4:76:E5:F6:15:FD:58:9E:F0
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/93BzQMzxGw6TSA7UduX2Ff1YnvA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
29:de:ce:d0:fa:76:31:df:7b:15:14:66:51:32:cd:f5:37:1e:
9b:77:4f:4c:28:ff:1c:ff:a2:64:b0:32:b8:ce:0c:33:fd:5c:
8a:fd:d9:6c:fd:97:5f:55:f6:50:2d:aa:3d:69:28:f4:c1:50:
0e:84:41:92:d9:78:20:7c:d8:d9:98:6d:fd:13:22:52:c1:22:
1d:b9:4e:f8:00:e6:b6:9b:a3:22:a2:eb:fb:9a:73:63:6d:8c:
3a:59:ff:8d:04:7f:cb:2a:b2:45:08:82:3a:90:83:a3:62:88:
65:a0:ba:cb:bf:e8:9d:63:7a:67:c4:ec:4c:a9:da:b7:eb:79:
e1:05:df:d3:4b:8d:db:d5:c9:22:4c:07:67:f4:3b:2c:93:ef:
06:14:e4:98:71:d6:aa:6d:5b:b0:d3:0b:ff:a5:a9:5e:b8:f1:
f3:3a:fd:dd:84:a4:96:5d:24:f7:b7:9f:53:67:4a:3c:33:39:
e4:e7:75:80:a4:38:d9:a2:81:7b:42:e4:5a:a8:d7:b6:a7:09:
1c:97:5b:a5:61:4b:c6:37:5d:4f:0e:78:88:46:b2:3a:ef:ce:
93:a2:f7:b4:63:7e:10:5d:bf:c7:a4:c3:18:a1:a3:50:f2:97:
54:47:c1:50:39:6f:3c:52:9e:1c:d8:72:9d:c1:c4:53:62:e2:
fb:86:21:ae
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHBowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MjYx
NjA4MTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEY3NzA3MzQwQ0NGMTFC
MEU5MzQ4MEVENDc2RTVGNjE1RkQ1ODlFRjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0xf9JMdk9Ah+ekXFDN8WF2r7XGujY0aED3enw92WsetBYa676
B26Dt7fsoCvTP0dbfyI68MMSWh1fetN4rqfbEPcQViVrklYGcc+C5XlgKR2Sut19
xj0K6q+Qv0uzJ5r4sWNYfW0XK0b3oWgJtCp2TJqj/+Eh9DBZei3eswMrJIsOmXTF
t99xIAGH8oOA+GK6fj8ASmz+9ReBvKD1ifWd+sJZbePbVG0QkysFrpPOVC4bOThb
jeGUhfV0NEMe3a+QKhLrK4Q1KJFJYla5ct93L8DfHGtbn8fG6+QGUqTcTEjf4qn9
qHbHGhsTd/uA4BJcN7lo9gucp56DL9tVT8ZJAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU93BzQMzxGw6TSA7UduX2Ff1YnvAwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvOTNCelFNenhHdzZU
U0E3VWR1WDJGZjFZbnZBLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBACneztD6djHfexUUZlEyzfU3Hpt3
T0wo/xz/omSwMrjODDP9XIr92Wz9l19V9lAtqj1pKPTBUA6EQZLZeCB82NmYbf0T
IlLBIh25TvgA5raboyKi6/uac2NtjDpZ/40Ef8sqskUIgjqQg6NiiGWgusu/6J1j
emfE7Eyp2rfreeEF39NLjdvVySJMB2f0OyyT7wYU5Jhx1qptW7DTC/+lqV648fM6
/d2EpJZdJPe3n1NnSjwzOeTndYCkONmigXtC5Fqo17anCRyXW6VhS8Y3XU8OeIhG
sjrvzpOi97RjfhBdv8ekwxiho1Dyl1RHwVA5bzxSnhzYcp3BxFNi4vuGIa4=
-----END CERTIFICATE-----
Generated at Sat Jun 21 11:22:40 2025 by rpki-client