Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/9X8wqSPAVi-TvAnC_tP-nd9-0Y0.roa
File: 9X8wqSPAVi-TvAnC_tP-nd9-0Y0.roa (raw, json)
Hash identifier: CVIgnz9Q2OeJyt9g6Fl/I6EIzDc4UHFaZeTwfpPeMZs=
Subject key identifier: F5:7F:30:A9:23:C0:56:2F:93:BC:09:C2:FE:D3:FE:9D:DF:7E:D1:8D
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 25D1
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/9X8wqSPAVi-TvAnC_tP-nd9-0Y0.roa
Signing time: Thu 12 Jun 2025 22:39:17 +0000
ROA not before: Thu 12 Jun 2025 22:39:17 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9681 (0x25d1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 22:39:17 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F57F30A923C0562F93BC09C2FED3FE9DDF7ED18D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:81:bb:51:0f:6b:a7:55:1c:7b:cf:44:e6:43:
90:e7:71:2a:7a:12:fb:e0:98:28:9b:db:81:c9:dd:
39:5a:d0:b7:1b:ab:15:d6:96:d9:64:25:4e:b5:c8:
6a:09:f8:7b:00:37:a6:7d:5b:34:34:a3:52:53:6a:
8a:c5:e3:46:69:2d:c3:e5:90:ed:08:20:d8:56:94:
48:49:39:1d:73:53:81:46:0c:66:3b:6d:99:87:65:
7f:ba:d2:12:68:cc:e7:90:6e:21:20:20:ba:fe:8f:
6c:78:8a:53:8b:cc:25:ac:db:4a:01:22:7b:ed:99:
6f:2a:99:de:72:31:be:1f:d7:7d:5e:22:06:6d:f2:
89:fa:3a:02:53:39:a7:1c:35:fb:3b:51:fc:a0:3c:
ba:b8:ca:61:db:d5:04:4b:fb:62:fe:8c:b6:c9:01:
05:08:eb:30:fa:8f:90:8f:82:f7:22:c5:14:a1:ab:
5a:5d:95:7e:eb:10:1f:94:99:88:e2:04:33:2f:23:
ee:2f:47:d2:8e:05:0d:57:c6:56:7e:44:89:64:b4:
5d:31:0b:e3:21:ef:a0:b0:db:b9:19:69:59:91:1a:
66:9a:db:21:25:05:5c:59:90:94:dd:ce:67:f7:e4:
2b:fe:47:41:f1:53:bf:a4:4f:c1:e1:32:92:2f:79:
f9:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:7F:30:A9:23:C0:56:2F:93:BC:09:C2:FE:D3:FE:9D:DF:7E:D1:8D
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/9X8wqSPAVi-TvAnC_tP-nd9-0Y0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
53:60:d6:a2:55:58:fc:21:70:c7:87:5c:72:0b:71:c6:f4:55:
d1:57:64:60:07:12:48:83:c8:34:58:b4:ed:b5:a6:a1:5b:3f:
9e:b7:76:1f:17:30:47:74:ab:f7:e6:13:16:04:6c:40:66:9a:
b1:d2:99:cc:59:dd:6c:c8:57:1d:54:aa:b3:3f:4e:5f:3a:fc:
91:e5:5b:ba:18:40:2a:08:d8:76:a7:21:f3:ba:50:ac:5b:e2:
90:ce:14:1c:c1:b4:fc:5b:58:8a:62:fe:6a:e1:20:f1:72:46:
64:b1:a4:cd:b4:f7:e3:ef:ef:d6:c3:6c:db:32:e1:2e:2b:81:
3b:de:56:b0:26:a4:0d:32:c1:2a:f6:3a:9a:d8:45:8f:16:98:
e4:f5:8b:9c:1a:89:14:a2:38:2c:f5:cf:3c:a9:43:b2:7b:e5:
48:14:23:06:45:c8:9a:f8:1e:19:5a:be:e1:3a:fc:95:a3:58:
42:cc:6d:30:28:2c:d6:36:fb:f3:f5:a9:f4:01:f6:33:b3:4b:
7e:93:58:32:55:db:ed:77:97:85:87:90:0e:d0:5d:55:19:bb:
e3:1d:c9:6a:2f:13:b0:8b:a3:4e:5f:19:82:53:0e:53:53:65:
1d:46:da:c1:d6:bc:82:46:f1:fc:0c:f5:e2:21:e9:8d:a2:0c:
c7:b5:9f:56
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJdEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIy
MjM5MTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEY1N0YzMEE5MjNDMDU2
MkY5M0JDMDlDMkZFRDNGRTlEREY3RUQxOEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCygbtRD2unVRx7z0TmQ5DncSp6EvvgmCib24HJ3Tla0LcbqxXW
ltlkJU61yGoJ+HsAN6Z9WzQ0o1JTaorF40ZpLcPlkO0IINhWlEhJOR1zU4FGDGY7
bZmHZX+60hJozOeQbiEgILr+j2x4ilOLzCWs20oBInvtmW8qmd5yMb4f131eIgZt
8on6OgJTOaccNfs7UfygPLq4ymHb1QRL+2L+jLbJAQUI6zD6j5CPgvcixRShq1pd
lX7rEB+UmYjiBDMvI+4vR9KOBQ1XxlZ+RIlktF0xC+Mh76Cw27kZaVmRGmaa2yEl
BVxZkJTdzmf35Cv+R0HxU7+kT8HhMpIvefmxAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU9X8wqSPAVi+TvAnC/tP+nd9+0Y0wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvOVg4d3FTUEFWaS1U
dkFuQ190UC1uZDktMFkwLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAFNg1qJVWPwhcMeHXHILccb0VdFX
ZGAHEkiDyDRYtO21pqFbP563dh8XMEd0q/fmExYEbEBmmrHSmcxZ3WzIVx1UqrM/
Tl86/JHlW7oYQCoI2HanIfO6UKxb4pDOFBzBtPxbWIpi/mrhIPFyRmSxpM209+Pv
79bDbNsy4S4rgTveVrAmpA0ywSr2OprYRY8WmOT1i5waiRSiOCz1zzypQ7J75UgU
IwZFyJr4HhlavuE6/JWjWELMbTAoLNY2+/P1qfQB9jOzS36TWDJV2+13l4WHkA7Q
XVUZu+MdyWovE7CLo05fGYJTDlNTZR1G2sHWvIJG8fwM9eIh6Y2iDMe1n1Y=
-----END CERTIFICATE-----
Generated at Sat Jun 21 13:15:33 2025 by rpki-client