Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/9iCKgjZEgH1DOKRpxqjU00xfE6s.roa
File: 9iCKgjZEgH1DOKRpxqjU00xfE6s.roa (raw, json)
Hash identifier: tSwCpQGpNumtiTCipi2rhYQbW3/XmZPGkq6B9bV7cbE=
Subject key identifier: F6:20:8A:82:36:44:80:7D:43:38:A4:69:C6:A8:D4:D3:4C:5F:13:AB
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 259B
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/9iCKgjZEgH1DOKRpxqjU00xfE6s.roa
Signing time: Thu 12 Jun 2025 13:39:14 +0000
ROA not before: Thu 12 Jun 2025 13:39:14 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9627 (0x259b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 13:39:14 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F6208A823644807D4338A469C6A8D4D34C5F13AB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:c4:54:7f:b9:ac:f5:76:07:62:09:ee:c9:3c:
8a:ee:6b:15:5d:e5:dc:3e:63:8b:07:49:df:da:e7:
c6:ec:f4:f2:f0:b6:b2:d1:75:d1:41:96:b2:b2:c3:
6c:43:81:4a:d0:13:ff:f9:8d:68:4c:e9:b9:05:39:
cb:a5:36:82:d9:1d:e5:5c:93:75:3e:be:31:72:56:
53:10:5d:71:40:d3:55:4c:7a:1c:5b:a0:88:0d:d9:
79:66:0f:11:49:12:31:27:24:1b:25:42:f2:86:5c:
66:9e:32:29:b5:1a:9b:a2:c1:d1:2f:c4:14:84:31:
e2:51:e7:d6:3e:87:67:40:99:e4:7a:7d:6c:d1:71:
c4:05:3a:cc:43:0d:9f:fc:22:6a:df:36:0a:91:5b:
54:0f:b4:6c:ef:c1:31:89:01:89:78:94:6c:5d:4e:
7f:d6:cf:1a:90:23:f9:0f:41:d4:34:2e:2e:29:35:
45:da:5b:fb:ea:7d:1a:74:2c:a6:3e:5e:5c:58:95:
80:2c:e4:e2:62:19:24:2f:d0:dc:84:08:c3:af:9b:
4f:d9:fe:c3:a4:cc:9b:23:c9:33:02:56:fd:5c:8a:
04:2f:fc:95:94:35:b9:91:b0:49:63:27:3d:42:a3:
9c:56:b7:ef:7b:85:45:a7:44:d9:79:a7:19:cc:69:
b8:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:20:8A:82:36:44:80:7D:43:38:A4:69:C6:A8:D4:D3:4C:5F:13:AB
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/9iCKgjZEgH1DOKRpxqjU00xfE6s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
18:e7:49:0f:0c:01:2f:25:89:40:39:34:00:30:d2:a2:89:14:
5c:1d:bd:a1:f7:b7:0e:11:d3:63:68:ee:92:b3:e7:75:a4:e8:
29:a0:7a:de:fa:41:5b:9b:01:65:43:27:ab:2c:b8:93:0a:b7:
80:fc:9b:20:9d:76:ef:12:22:fc:76:d9:34:41:2d:b2:8b:79:
33:5b:9c:cc:b9:b2:e2:a0:be:88:f1:87:ea:a0:92:31:19:45:
8a:eb:f8:75:76:92:6b:f7:f5:96:de:90:97:5c:5f:e0:d2:c0:
a5:02:b2:26:b0:d0:a8:d0:ab:c3:03:f9:e1:71:c0:7e:ee:11:
7c:ec:3f:4f:99:8a:36:a4:1b:f7:0e:06:d0:6a:8e:b3:55:7c:
f5:6e:e7:2b:5e:9d:7d:0f:51:3c:0f:1c:01:bc:94:52:e9:ff:
45:60:0d:e4:09:b6:8c:e0:53:3f:e5:4d:0c:20:77:d3:fe:5d:
43:16:f3:7f:65:92:87:0a:9a:77:25:c4:83:90:e3:29:e5:ef:
05:9c:87:6d:7d:16:79:80:ad:71:49:4f:5c:2e:a3:8f:65:d3:
19:39:7b:18:16:14:ae:3d:2b:8d:1b:ba:79:22:0f:de:5d:3a:
ae:f8:74:11:b8:3e:fe:2a:63:cc:55:ff:87:a6:28:fd:e1:e0:
77:1a:ad:72
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJZswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIx
MzM5MTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEY2MjA4QTgyMzY0NDgw
N0Q0MzM4QTQ2OUM2QThENEQzNEM1RjEzQUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDvxFR/uaz1dgdiCe7JPIruaxVd5dw+Y4sHSd/a58bs9PLwtrLR
ddFBlrKyw2xDgUrQE//5jWhM6bkFOculNoLZHeVck3U+vjFyVlMQXXFA01VMehxb
oIgN2XlmDxFJEjEnJBslQvKGXGaeMim1GpuiwdEvxBSEMeJR59Y+h2dAmeR6fWzR
ccQFOsxDDZ/8ImrfNgqRW1QPtGzvwTGJAYl4lGxdTn/WzxqQI/kPQdQ0Li4pNUXa
W/vqfRp0LKY+XlxYlYAs5OJiGSQv0NyECMOvm0/Z/sOkzJsjyTMCVv1cigQv/JWU
NbmRsEljJz1Co5xWt+97hUWnRNl5pxnMabhtAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU9iCKgjZEgH1DOKRpxqjU00xfE6swHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvOWlDS2dqWkVnSDFE
T0tScHhxalUwMHhmRTZzLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABjnSQ8MAS8liUA5NAAw0qKJFFwd
vaH3tw4R02No7pKz53Wk6Cmget76QVubAWVDJ6ssuJMKt4D8myCddu8SIvx22TRB
LbKLeTNbnMy5suKgvojxh+qgkjEZRYrr+HV2kmv39ZbekJdcX+DSwKUCsiaw0KjQ
q8MD+eFxwH7uEXzsP0+ZijakG/cOBtBqjrNVfPVu5ytenX0PUTwPHAG8lFLp/0Vg
DeQJtozgUz/lTQwgd9P+XUMW839lkocKmnclxIOQ4ynl7wWch219FnmArXFJT1wu
o49l0xk5exgWFK49K40bunkiD95dOq74dBG4Pv4qY8xV/4emKP3h4HcarXI=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:58:11 2025 by rpki-client