Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/9Z1ycOnS_Nu6k4fJ2RDCEmg01Ag.roa
File: 9Z1ycOnS_Nu6k4fJ2RDCEmg01Ag.roa (raw, json)
Hash identifier: 3sg1Bxz8e3kAQ6WzNsCga4tdTHlEW+NQSeQ703L1Pmc=
Subject key identifier: F5:9D:72:70:E9:D2:FC:DB:BA:93:87:C9:D9:10:C2:12:68:34:D4:08
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 243C
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/9Z1ycOnS_Nu6k4fJ2RDCEmg01Ag.roa
Signing time: Tue 10 Jun 2025 03:09:03 +0000
ROA not before: Tue 10 Jun 2025 03:09:03 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9276 (0x243c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 10 03:09:03 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F59D7270E9D2FCDBBA9387C9D910C2126834D408
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:d2:ba:58:0d:3b:8d:37:6b:80:df:26:a2:c4:
48:75:5d:1b:10:58:ec:e1:df:13:38:f8:dc:13:07:
b0:65:08:8f:ca:ad:8f:42:78:d7:18:ed:38:e1:83:
df:05:8e:9c:aa:0d:5a:1e:72:c6:e7:c0:ad:bf:b5:
59:52:3f:20:84:c0:fe:dd:a4:23:dc:1f:ab:58:84:
dc:59:be:ee:ec:7e:39:28:45:97:a5:28:44:4a:d2:
48:17:c7:db:b0:d4:77:0f:ea:0c:e4:72:56:d8:cd:
1b:74:e1:c5:d9:10:bb:5c:07:86:21:04:d6:4c:54:
ae:8c:a7:98:c4:f3:8b:f0:50:36:bc:0b:1d:ea:91:
33:45:c4:e2:6d:1c:fc:6b:91:cd:6e:37:8f:36:55:
41:e2:b7:2c:d1:9a:0a:1f:f2:be:ec:db:9c:c8:0e:
98:7f:f6:d8:b4:6c:69:31:4b:f9:bf:70:10:c5:77:
d7:aa:f1:af:0a:eb:11:90:91:1f:37:98:1e:0a:cb:
ce:83:cf:3b:da:73:9b:2a:f5:b9:ef:57:88:63:80:
c6:0f:f6:d9:55:66:fd:29:96:81:13:b6:08:5c:be:
b7:b2:87:2f:d6:a2:a3:e0:0d:73:ec:4f:43:5e:ec:
95:ef:69:75:af:fd:60:0f:b6:95:94:ab:60:98:73:
73:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:9D:72:70:E9:D2:FC:DB:BA:93:87:C9:D9:10:C2:12:68:34:D4:08
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/9Z1ycOnS_Nu6k4fJ2RDCEmg01Ag.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
0e:9c:be:c7:34:a2:ca:03:39:b2:d0:1e:0e:d1:65:02:60:b2:
4f:6f:9a:ce:56:e8:9c:5f:bb:a3:b0:e0:5b:db:70:d9:25:e1:
d4:41:16:03:65:35:da:79:58:f0:19:cb:c3:ef:15:29:4c:4e:
e5:40:cd:d7:83:34:eb:f2:20:03:70:21:3b:9b:a4:dd:df:4f:
bb:bd:4b:8b:9c:3e:41:74:b8:2b:82:38:84:7e:60:f8:73:ca:
ed:74:eb:88:4b:57:99:d9:f5:ed:9e:0a:c5:16:46:77:33:58:
70:3f:14:65:56:e3:55:53:1b:54:09:74:d2:51:7d:6f:05:da:
fc:e7:cc:5e:8d:29:3d:fa:30:5c:21:e7:4d:c9:11:d3:5a:b1:
12:0a:b7:ad:27:bb:93:20:bc:ff:9c:71:a1:09:96:f1:9d:24:
a3:ba:40:86:01:dd:5c:ec:9d:ae:d0:8c:f7:e1:15:d1:15:d8:
69:db:02:3c:a9:89:a2:32:e4:de:2a:c6:75:a9:2f:35:ae:84:
fb:91:cc:4d:66:d8:72:b1:89:ce:d6:ab:d9:b3:cc:15:a0:d4:
b1:ef:ff:97:57:0b:e9:d7:20:a9:f2:34:05:fa:ee:41:a6:dc:
ef:11:53:9f:a6:61:d9:30:1d:85:0c:a8:79:90:21:85:92:3b:
71:cd:5e:90
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJDwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTAw
MzA5MDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEY1OUQ3MjcwRTlEMkZD
REJCQTkzODdDOUQ5MTBDMjEyNjgzNEQ0MDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDn0rpYDTuNN2uA3yaixEh1XRsQWOzh3xM4+NwTB7BlCI/KrY9C
eNcY7Tjhg98FjpyqDVoecsbnwK2/tVlSPyCEwP7dpCPcH6tYhNxZvu7sfjkoRZel
KERK0kgXx9uw1HcP6gzkclbYzRt04cXZELtcB4YhBNZMVK6Mp5jE84vwUDa8Cx3q
kTNFxOJtHPxrkc1uN482VUHityzRmgof8r7s25zIDph/9ti0bGkxS/m/cBDFd9eq
8a8K6xGQkR83mB4Ky86Dzzvac5sq9bnvV4hjgMYP9tlVZv0ploETtghcvreyhy/W
oqPgDXPsT0Ne7JXvaXWv/WAPtpWUq2CYc3PfAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU9Z1ycOnS/Nu6k4fJ2RDCEmg01AgwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvOVoxeWNPblNfTnU2
azRmSjJSRENFbWcwMUFnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAA6cvsc0osoDObLQHg7RZQJgsk9v
ms5W6Jxfu6Ow4FvbcNkl4dRBFgNlNdp5WPAZy8PvFSlMTuVAzdeDNOvyIANwITub
pN3fT7u9S4ucPkF0uCuCOIR+YPhzyu1064hLV5nZ9e2eCsUWRnczWHA/FGVW41VT
G1QJdNJRfW8F2vznzF6NKT36MFwh503JEdNasRIKt60nu5MgvP+ccaEJlvGdJKO6
QIYB3Vzsna7QjPfhFdEV2GnbAjypiaIy5N4qxnWpLzWuhPuRzE1m2HKxic7Wq9mz
zBWg1LHv/5dXC+nXIKnyNAX67kGm3O8RU5+mYdkwHYUMqHmQIYWSO3HNXpA=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:10:09 2025 by rpki-client