Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/9IZh0JGtLqy5qXyjonnld2EJK6I.roa
File: 9IZh0JGtLqy5qXyjonnld2EJK6I.roa (raw, json)
Hash identifier: cI3yeBfL2xQDxF0SJrsYfbXyL1Iy8xlsz5MeOrSRzpg=
Subject key identifier: F4:86:61:D0:91:AD:2E:AC:B9:A9:7C:A3:A2:79:E5:77:61:09:2B:A2
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 229D
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/9IZh0JGtLqy5qXyjonnld2EJK6I.roa
Signing time: Sat 07 Jun 2025 06:08:52 +0000
ROA not before: Sat 07 Jun 2025 06:08:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8861 (0x229d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 7 06:08:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F48661D091AD2EACB9A97CA3A279E57761092BA2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:b9:8a:5b:79:35:c3:4a:bf:48:83:ac:e2:b9:
20:75:aa:c7:a8:2b:8e:5a:49:c3:6b:34:60:c4:72:
fa:22:80:73:11:40:92:95:ae:53:6d:33:0f:fc:75:
40:35:75:db:76:29:a2:80:59:84:f9:81:b8:b4:f5:
4b:92:ef:12:e5:aa:27:8f:8a:a7:d0:dd:86:5b:78:
c3:e0:0e:01:a4:59:c6:40:7d:db:81:7e:6b:a5:b7:
de:7e:a5:cb:9b:db:81:11:69:4d:d5:f3:fe:78:c9:
ac:97:5a:67:c1:74:5a:95:0f:10:e4:20:de:d7:97:
2b:ec:55:04:26:2f:0e:40:52:71:f2:8b:d0:ed:29:
a3:cf:8d:af:ea:ab:37:b3:f6:5c:c8:69:98:af:e1:
2a:01:2f:98:42:e7:28:08:b4:d0:1c:d2:2d:37:5c:
df:e8:42:45:09:d5:33:8c:f0:4e:15:68:da:e9:8c:
8d:90:90:48:ad:fa:94:04:38:4d:e3:fd:72:d4:ae:
c6:79:7a:5f:60:ba:de:37:5e:27:83:87:4e:f0:b5:
91:86:3d:53:bb:cf:dc:26:88:d1:40:74:35:76:62:
57:01:8a:dc:c4:54:d9:3d:e1:1a:b1:55:23:13:f2:
49:ca:4f:9d:18:ef:37:e7:8f:e6:e7:2a:ab:8d:31:
56:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:86:61:D0:91:AD:2E:AC:B9:A9:7C:A3:A2:79:E5:77:61:09:2B:A2
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/9IZh0JGtLqy5qXyjonnld2EJK6I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
63:b7:c2:fa:4a:b3:83:ec:44:7b:e1:a0:a2:d9:78:97:63:da:
fd:2b:86:3f:c8:70:da:ab:ca:3b:50:57:88:d1:c6:d1:2f:54:
fb:f4:7a:84:0c:20:ee:1f:93:92:3f:db:91:76:da:19:57:05:
bf:66:90:c9:ba:e5:19:29:fa:1b:c7:af:05:33:aa:b5:37:a8:
8b:f0:cd:79:77:88:03:f3:19:f6:31:aa:ed:ec:77:27:ec:cd:
a0:db:81:00:a6:dc:89:b0:6f:72:e2:33:f1:0d:43:30:0e:d4:
52:67:3b:0c:0b:29:44:f8:d4:4a:42:de:34:3d:e2:be:74:9d:
0f:10:6e:0c:05:4f:90:ea:6a:34:b4:79:68:db:28:54:2b:98:
19:41:03:8b:5f:03:a1:be:71:fb:13:5d:af:b3:05:fb:84:19:
2d:23:9b:79:ee:4d:81:a9:a3:a7:7a:3a:26:d9:bc:b7:aa:e6:
ff:39:6f:b4:c6:81:81:31:91:5c:9a:dc:42:09:8e:17:36:7e:
c4:18:32:4e:74:b8:af:7d:9b:5e:e2:ee:61:24:70:02:6e:56:
51:2c:e8:1e:6f:88:d4:e3:29:2a:7c:b3:68:9f:9d:d1:bd:8b:
6c:52:1d:30:c0:eb:3e:b7:df:d3:2e:22:7c:86:c7:18:b4:f1:
73:1d:0d:d3
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIp0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDcw
NjA4NTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEY0ODY2MUQwOTFBRDJF
QUNCOUE5N0NBM0EyNzlFNTc3NjEwOTJCQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2uYpbeTXDSr9Ig6ziuSB1qseoK45aScNrNGDEcvoigHMRQJKV
rlNtMw/8dUA1ddt2KaKAWYT5gbi09UuS7xLlqiePiqfQ3YZbeMPgDgGkWcZAfduB
fmult95+pcub24ERaU3V8/54yayXWmfBdFqVDxDkIN7XlyvsVQQmLw5AUnHyi9Dt
KaPPja/qqzez9lzIaZiv4SoBL5hC5ygItNAc0i03XN/oQkUJ1TOM8E4VaNrpjI2Q
kEit+pQEOE3j/XLUrsZ5el9gut43XieDh07wtZGGPVO7z9wmiNFAdDV2YlcBitzE
VNk94RqxVSMT8knKT50Y7zfnj+bnKquNMVa7AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU9IZh0JGtLqy5qXyjonnld2EJK6IwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvOUlaaDBKR3RMcXk1
cVh5am9ubmxkMkVKSzZJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGO3wvpKs4PsRHvhoKLZeJdj2v0r
hj/IcNqryjtQV4jRxtEvVPv0eoQMIO4fk5I/25F22hlXBb9mkMm65Rkp+hvHrwUz
qrU3qIvwzXl3iAPzGfYxqu3sdyfszaDbgQCm3Imwb3LiM/ENQzAO1FJnOwwLKUT4
1EpC3jQ94r50nQ8QbgwFT5DqajS0eWjbKFQrmBlBA4tfA6G+cfsTXa+zBfuEGS0j
m3nuTYGpo6d6OibZvLeq5v85b7TGgYExkVya3EIJjhc2fsQYMk50uK99m17i7mEk
cAJuVlEs6B5viNTjKSp8s2ifndG9i2xSHTDA6z6339MuInyGxxi08XMdDdM=
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:53:17 2025 by rpki-client