Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/9GerMU3flW-fynZ9Y3XX6CH3U4Q.roa
File: 9GerMU3flW-fynZ9Y3XX6CH3U4Q.roa (raw, json)
Hash identifier: bF5zZ1ebIS8oDc8Yyr9C/LoyEOMxv6LArFuEn/GI4MU=
Subject key identifier: F4:67:AB:31:4D:DF:95:6F:9F:CA:76:7D:63:75:D7:E8:21:F7:53:84
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 25C1
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/9GerMU3flW-fynZ9Y3XX6CH3U4Q.roa
Signing time: Thu 12 Jun 2025 20:09:12 +0000
ROA not before: Thu 12 Jun 2025 20:09:12 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9665 (0x25c1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 20:09:12 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F467AB314DDF956F9FCA767D6375D7E821F75384
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:d7:a0:75:72:1c:f8:90:8d:52:25:be:79:12:
f8:21:b7:e6:d3:ff:0b:0a:d8:af:72:16:da:ec:d6:
66:88:00:3e:cf:9a:1e:50:bc:6b:9f:ef:27:b0:4e:
d1:bd:87:f2:f6:19:be:2b:20:05:ce:06:09:eb:f8:
d4:b3:0f:3a:6b:1d:c6:2d:e6:b9:6c:90:76:9c:0e:
d0:73:6b:f4:e4:af:22:39:72:bd:83:a5:cb:0a:df:
be:89:06:88:35:63:37:c2:ba:22:c8:eb:65:29:b0:
a3:da:b2:a5:14:0d:03:82:d3:62:9a:9f:eb:bc:d2:
6b:16:8c:c1:00:eb:26:67:d8:a6:8b:8e:4a:9e:ab:
45:cb:8f:84:66:55:8c:96:3b:4a:07:c7:db:4b:ea:
2c:c9:98:44:2f:2f:b5:a1:00:e1:0a:db:95:be:eb:
3b:d1:a8:89:88:09:a6:16:83:09:74:5c:ac:af:77:
4d:8c:0f:6f:72:d8:14:7a:60:b9:8d:c1:f7:00:c9:
9c:c4:51:eb:c5:a4:1c:be:1e:c1:80:92:ae:b6:37:
37:59:31:0e:95:9c:86:90:47:2e:11:c2:d2:9b:8c:
2d:fe:45:a8:89:1a:6d:3b:ff:c8:e9:9a:df:00:d1:
46:c7:be:e1:77:8e:b1:ba:1e:38:97:8e:e1:cb:e2:
7c:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:67:AB:31:4D:DF:95:6F:9F:CA:76:7D:63:75:D7:E8:21:F7:53:84
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/9GerMU3flW-fynZ9Y3XX6CH3U4Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
8b:55:28:30:7c:3b:4f:70:1d:59:c4:8c:2a:b2:67:a7:4e:8a:
c5:80:be:74:e5:66:34:f9:1a:70:3d:58:4b:fb:97:6a:8f:e2:
dd:86:37:13:92:43:53:e1:6d:e7:cf:9c:ab:4c:8d:ec:86:92:
3a:e9:92:36:45:2a:d7:50:91:4e:48:11:19:be:26:18:fc:9c:
bd:a9:23:16:a6:aa:0d:d2:02:63:26:96:d3:d4:ed:a3:40:88:
5f:a8:b2:70:5c:41:90:5f:22:2b:f7:88:74:76:3e:56:5c:32:
b4:97:5c:09:05:6e:73:5b:4d:0b:fd:4e:6d:9d:c2:8e:dd:a1:
66:e2:e4:a4:e3:23:e7:67:9c:06:ef:37:09:5a:c8:68:f6:e5:
12:56:51:19:dd:ed:53:ab:e2:a3:d3:8a:aa:c8:0c:af:20:5c:
83:48:54:2c:3a:2c:93:7b:b8:68:2b:cd:be:88:e1:ac:1e:52:
f2:11:82:fb:de:fe:62:b4:23:32:8a:99:7d:16:ac:47:90:10:
7c:de:10:2d:d6:81:65:95:86:ad:29:4e:53:f7:4a:5f:19:ef:
4a:d1:4f:38:45:f2:3f:d1:a6:4d:64:7d:0d:3f:d2:ee:0f:80:
99:3b:bb:12:00:ff:0b:70:4d:1a:ea:e4:de:c8:66:7d:56:8e:
ab:03:c6:4f
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJcEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIy
MDA5MTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEY0NjdBQjMxNERERjk1
NkY5RkNBNzY3RDYzNzVEN0U4MjFGNzUzODQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC516B1chz4kI1SJb55Evght+bT/wsK2K9yFtrs1maIAD7Pmh5Q
vGuf7yewTtG9h/L2Gb4rIAXOBgnr+NSzDzprHcYt5rlskHacDtBza/TkryI5cr2D
pcsK376JBog1YzfCuiLI62UpsKPasqUUDQOC02Kan+u80msWjMEA6yZn2KaLjkqe
q0XLj4RmVYyWO0oHx9tL6izJmEQvL7WhAOEK25W+6zvRqImICaYWgwl0XKyvd02M
D29y2BR6YLmNwfcAyZzEUevFpBy+HsGAkq62NzdZMQ6VnIaQRy4RwtKbjC3+RaiJ
Gm07/8jpmt8A0UbHvuF3jrG6HjiXjuHL4nyFAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU9GerMU3flW+fynZ9Y3XX6CH3U4QwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvOUdlck1VM2ZsVy1m
eW5aOVkzWFg2Q0gzVTRRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAItVKDB8O09wHVnEjCqyZ6dOisWA
vnTlZjT5GnA9WEv7l2qP4t2GNxOSQ1PhbefPnKtMjeyGkjrpkjZFKtdQkU5IERm+
Jhj8nL2pIxamqg3SAmMmltPU7aNAiF+osnBcQZBfIiv3iHR2PlZcMrSXXAkFbnNb
TQv9Tm2dwo7doWbi5KTjI+dnnAbvNwlayGj25RJWURnd7VOr4qPTiqrIDK8gXINI
VCw6LJN7uGgrzb6I4aweUvIRgvve/mK0IzKKmX0WrEeQEHzeEC3WgWWVhq0pTlP3
Sl8Z70rRTzhF8j/Rpk1kfQ0/0u4PgJk7uxIA/wtwTRrq5N7IZn1WjqsDxk8=
-----END CERTIFICATE-----
Generated at Sun Jun 22 06:22:43 2025 by rpki-client