Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/A-q5m2dau5jCZQuYVGmJlCj7Hbc.roa
File: A-q5m2dau5jCZQuYVGmJlCj7Hbc.roa (raw, json)
Hash identifier: WVDPXu6ODCgpR3Qcv7wbRnnjTD2as8qfEttXbmSvpSA=
Subject key identifier: 03:EA:B9:9B:67:5A:BB:98:C2:65:0B:98:54:69:89:94:28:FB:1D:B7
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 22B0
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/A-q5m2dau5jCZQuYVGmJlCj7Hbc.roa
Signing time: Sat 07 Jun 2025 09:08:52 +0000
ROA not before: Sat 07 Jun 2025 09:08:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8880 (0x22b0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 7 09:08:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=03EAB99B675ABB98C2650B985469899428FB1DB7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:4c:13:03:5d:46:05:36:f1:6e:92:3e:ad:a5:
65:4f:04:cd:d6:78:a6:86:a2:ac:2e:c7:c1:0f:7f:
33:8f:f1:97:d6:e9:fc:71:4f:af:3b:90:74:e7:1a:
6f:30:fc:05:b9:49:a6:cb:58:2e:19:c9:35:d1:66:
b6:dc:d9:c1:b3:23:ae:05:05:21:53:7e:fc:69:97:
d4:a5:88:8a:44:a2:47:e1:61:6e:2c:87:1c:0b:78:
f5:07:01:59:99:2d:72:d0:b9:da:1e:7a:53:2e:5d:
c8:e2:5a:74:fd:a7:91:14:35:eb:b9:dd:e5:8c:ec:
d8:df:e5:61:69:5f:de:71:f0:05:07:ca:82:6c:e7:
2b:a7:a7:94:83:1a:e0:00:c3:6a:05:0e:04:3d:3a:
30:0a:b8:38:cf:bf:d6:be:5e:9e:d8:47:88:13:6e:
55:d6:f8:be:39:ac:bd:11:14:70:b4:cf:95:7b:06:
78:d2:f1:c7:88:9f:59:95:cf:d6:79:07:49:12:2c:
46:cf:68:38:cf:cc:3d:e4:d0:b4:72:2f:f6:7d:3d:
c7:61:a1:8b:d9:49:e4:f9:4d:9f:07:1f:bf:6a:3e:
af:12:bc:bd:53:39:f6:59:6b:c5:3d:2b:a3:32:b7:
2b:22:66:cc:2f:fa:a5:c6:da:50:1c:72:60:18:36:
01:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:EA:B9:9B:67:5A:BB:98:C2:65:0B:98:54:69:89:94:28:FB:1D:B7
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/A-q5m2dau5jCZQuYVGmJlCj7Hbc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
35:6c:4e:0b:e6:44:b7:f3:aa:23:c3:c8:42:b8:72:c3:c7:15:
d0:ec:3f:8d:4a:fd:0a:2d:ac:c2:c8:8c:66:0d:70:e1:49:77:
bb:d8:8e:83:4c:a9:9f:00:b0:43:8e:46:06:08:f3:ac:ad:74:
31:04:08:d9:43:d9:38:43:b9:5f:6e:ff:90:4c:25:f1:bb:fc:
ad:e7:9f:0e:c9:e6:8f:50:97:2a:a3:88:57:fb:0f:a4:39:4a:
4a:39:bb:80:e1:49:4a:c3:60:66:f4:46:62:07:a4:65:c3:39:
cd:04:0c:56:66:89:08:a7:05:1e:24:f1:a7:01:7a:c1:7f:43:
cc:d9:54:12:8e:88:6d:3c:2c:22:b1:75:30:98:1d:64:ac:4d:
55:ba:a1:05:31:9f:58:19:ec:5d:dd:77:f1:95:08:b2:e8:16:
f4:2a:2d:b6:ba:2e:a0:54:68:b9:84:bc:69:9f:1a:a5:18:a7:
b2:fb:87:34:f2:1e:06:ef:7b:51:55:42:2f:4c:63:75:2d:61:
16:ff:4e:be:33:55:84:93:37:c0:07:2f:4a:d6:7b:e4:17:5f:
01:bc:44:5a:64:09:22:b3:fd:82:bc:db:7e:b7:aa:59:dd:ee:
bb:02:9b:d6:df:5b:1c:90:7b:96:f1:d9:be:5b:b2:74:d3:ac:
ac:b0:70:dc
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIrAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDcw
OTA4NTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDAzRUFCOTlCNjc1QUJC
OThDMjY1MEI5ODU0Njk4OTk0MjhGQjFEQjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqTBMDXUYFNvFukj6tpWVPBM3WeKaGoqwux8EPfzOP8ZfW6fxx
T687kHTnGm8w/AW5SabLWC4ZyTXRZrbc2cGzI64FBSFTfvxpl9SliIpEokfhYW4s
hxwLePUHAVmZLXLQudoeelMuXcjiWnT9p5EUNeu53eWM7Njf5WFpX95x8AUHyoJs
5yunp5SDGuAAw2oFDgQ9OjAKuDjPv9a+Xp7YR4gTblXW+L45rL0RFHC0z5V7BnjS
8ceIn1mVz9Z5B0kSLEbPaDjPzD3k0LRyL/Z9PcdhoYvZSeT5TZ8HH79qPq8SvL1T
OfZZa8U9K6MytysiZswv+qXG2lAccmAYNgE/AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUA+q5m2dau5jCZQuYVGmJlCj7HbcwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvQS1xNW0yZGF1NWpD
WlF1WVZHbUpsQ2o3SGJjLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBADVsTgvmRLfzqiPDyEK4csPHFdDs
P41K/QotrMLIjGYNcOFJd7vYjoNMqZ8AsEOORgYI86ytdDEECNlD2ThDuV9u/5BM
JfG7/K3nnw7J5o9QlyqjiFf7D6Q5Sko5u4DhSUrDYGb0RmIHpGXDOc0EDFZmiQin
BR4k8acBesF/Q8zZVBKOiG08LCKxdTCYHWSsTVW6oQUxn1gZ7F3dd/GVCLLoFvQq
Lba6LqBUaLmEvGmfGqUYp7L7hzTyHgbve1FVQi9MY3UtYRb/Tr4zVYSTN8AHL0rW
e+QXXwG8RFpkCSKz/YK82363qlnd7rsCm9bfWxyQe5bx2b5bsnTTrKywcNw=
-----END CERTIFICATE-----
Generated at Sun Jun 22 05:21:55 2025 by rpki-client