Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/9hmBL1Bdv3osAml2S8qEhbcIqFA.roa
File: 9hmBL1Bdv3osAml2S8qEhbcIqFA.roa (raw, json)
Hash identifier: 2mdbXEUI20SFG6jCjy+21ZXjnVaRej53GgxCPNTa4V4=
Subject key identifier: F6:19:81:2F:50:5D:BF:7A:2C:02:69:76:4B:CA:84:85:B7:08:A8:50
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 24C8
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/9hmBL1Bdv3osAml2S8qEhbcIqFA.roa
Signing time: Wed 11 Jun 2025 02:39:09 +0000
ROA not before: Wed 11 Jun 2025 02:39:09 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9416 (0x24c8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 11 02:39:09 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F619812F505DBF7A2C0269764BCA8485B708A850
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:23:69:9f:6d:fa:cf:52:c3:01:14:2d:7b:b6:
92:84:63:da:0f:51:de:68:ae:8c:cc:0b:98:43:7d:
9c:b1:ce:0b:d5:1a:63:be:c1:b1:a7:32:b1:f3:7d:
9c:d3:85:77:df:62:a6:23:f3:a0:9e:f3:36:da:a4:
b6:ab:6b:2f:cc:ca:a4:72:e8:fc:ed:32:8c:be:e8:
14:f8:81:ec:7b:53:c1:fe:98:4c:f1:93:0e:a7:90:
3d:13:2c:cd:55:20:cf:7c:20:cc:03:f0:05:58:93:
56:5b:0a:49:66:b5:d8:ed:76:76:f9:1f:e9:71:2d:
e6:b0:f7:fb:d5:65:bf:c6:f5:18:5e:99:f8:7a:c1:
7c:e9:77:7e:ab:3e:6e:f6:06:67:df:65:ee:08:33:
df:d8:5a:6c:60:75:d9:cc:43:6f:73:bc:41:ec:1c:
e1:9b:95:f2:03:7b:62:06:3c:a5:5d:dd:41:46:8a:
30:20:52:d1:ec:94:23:32:53:fa:32:58:b8:60:33:
19:43:1f:9a:b4:03:0a:f9:47:64:df:2a:31:be:da:
c7:0e:13:62:97:41:46:5d:8e:db:37:b7:cc:d8:24:
84:52:aa:56:e2:07:02:fe:5a:71:ac:23:cc:79:fd:
66:ea:09:cd:50:ff:3a:9e:19:e9:c7:c3:1c:e7:3b:
c5:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:19:81:2F:50:5D:BF:7A:2C:02:69:76:4B:CA:84:85:B7:08:A8:50
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/9hmBL1Bdv3osAml2S8qEhbcIqFA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
a7:a3:bf:d1:86:8e:ba:a1:ba:ec:20:2d:11:df:1d:f2:80:e9:
dc:ce:3a:06:b8:bb:7e:8d:a9:bd:93:29:02:a7:a9:9a:79:bc:
14:16:74:e6:b6:1e:18:f6:1c:9b:67:6d:95:a8:e8:02:cd:74:
34:d2:be:4d:20:dc:96:66:26:78:07:a9:3e:e2:fa:60:8c:dd:
2b:5f:60:93:81:7f:83:02:48:de:ad:24:a1:68:6b:28:62:21:
6f:a9:d6:8e:c9:8d:c3:be:13:e4:d2:65:f5:ba:ac:8d:4c:b1:
09:6d:c5:43:e4:e3:4a:3b:c1:93:64:60:ce:4c:2f:95:e1:23:
c2:d1:d5:63:93:fe:4c:4a:56:ac:03:2b:13:e7:e7:0f:40:ea:
49:7c:95:21:75:18:68:c1:5e:57:6d:c1:8e:01:f7:d1:0e:9f:
03:dc:7c:f8:03:d0:94:e1:b7:b2:a3:37:b1:95:cb:15:13:26:
92:c4:25:04:00:23:00:27:6c:68:c2:25:92:05:04:ae:74:d8:
5c:8e:39:40:15:f6:72:cd:89:03:27:9a:20:bc:98:a9:5b:b8:
6f:5b:f8:80:91:93:6d:ae:d3:9e:ba:48:80:28:b1:52:70:88:
d7:55:7c:28:5d:17:12:f7:06:45:99:b6:dd:fc:2c:28:3c:d4:
53:c0:e5:73
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJMgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTEw
MjM5MDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEY2MTk4MTJGNTA1REJG
N0EyQzAyNjk3NjRCQ0E4NDg1QjcwOEE4NTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLI2mfbfrPUsMBFC17tpKEY9oPUd5orozMC5hDfZyxzgvVGmO+
wbGnMrHzfZzThXffYqYj86Ce8zbapLaray/MyqRy6PztMoy+6BT4gex7U8H+mEzx
kw6nkD0TLM1VIM98IMwD8AVYk1ZbCklmtdjtdnb5H+lxLeaw9/vVZb/G9Rhemfh6
wXzpd36rPm72BmffZe4IM9/YWmxgddnMQ29zvEHsHOGblfIDe2IGPKVd3UFGijAg
UtHslCMyU/oyWLhgMxlDH5q0Awr5R2TfKjG+2scOE2KXQUZdjts3t8zYJIRSqlbi
BwL+WnGsI8x5/WbqCc1Q/zqeGenHwxznO8UbAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU9hmBL1Bdv3osAml2S8qEhbcIqFAwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvOWhtQkwxQmR2M29z
QW1sMlM4cUVoYmNJcUZBLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAKejv9GGjrqhuuwgLRHfHfKA6dzO
Oga4u36Nqb2TKQKnqZp5vBQWdOa2Hhj2HJtnbZWo6ALNdDTSvk0g3JZmJngHqT7i
+mCM3StfYJOBf4MCSN6tJKFoayhiIW+p1o7JjcO+E+TSZfW6rI1MsQltxUPk40o7
wZNkYM5ML5XhI8LR1WOT/kxKVqwDKxPn5w9A6kl8lSF1GGjBXldtwY4B99EOnwPc
fPgD0JTht7KjN7GVyxUTJpLEJQQAIwAnbGjCJZIFBK502FyOOUAV9nLNiQMnmiC8
mKlbuG9b+ICRk22u0566SIAosVJwiNdVfChdFxL3BkWZtt38LCg81FPA5XM=
-----END CERTIFICATE-----
Generated at Fri Jun 20 16:45:48 2025 by rpki-client