Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/A5pmZaWIfQwgYB1FgVUzLLnYkEM.roa
File: A5pmZaWIfQwgYB1FgVUzLLnYkEM.roa (raw, json)
Hash identifier: h/UucR11OB+8ejAb1K33b+fEm1DnsPjd+Po9AG2cWRA=
Subject key identifier: 03:9A:66:65:A5:88:7D:0C:20:60:1D:45:81:55:33:2C:B9:D8:90:43
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 246C
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/A5pmZaWIfQwgYB1FgVUzLLnYkEM.roa
Signing time: Tue 10 Jun 2025 11:09:05 +0000
ROA not before: Tue 10 Jun 2025 11:09:05 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9324 (0x246c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 10 11:09:05 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=039A6665A5887D0C20601D458155332CB9D89043
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:15:fb:3b:29:50:7b:47:57:19:bd:a1:3e:ea:
3c:e8:00:7c:6c:24:2f:9e:cd:47:74:2f:5f:6c:15:
7b:50:70:28:ea:1f:cd:0b:ba:4d:90:7c:26:be:94:
48:d9:cb:d6:7c:53:06:a7:b3:6f:ff:b2:c9:ef:d6:
4f:92:d2:ac:c6:a9:39:d5:f5:15:59:d7:26:1f:45:
f5:ef:29:67:b3:9a:db:2c:1d:19:04:85:35:11:07:
06:b5:f2:df:c8:47:79:a2:c1:9c:f9:14:bf:bc:c3:
e3:db:6a:c8:c0:3b:7f:2d:38:65:a2:65:5d:2c:c4:
bd:4a:92:a0:19:82:8c:91:f9:ef:6e:5a:2a:d0:7c:
57:2c:d7:f9:ab:3b:5a:1d:26:0a:d2:18:2a:1a:9b:
3e:f3:ce:7a:18:09:db:c7:c1:da:fb:f1:06:24:99:
3e:83:5d:d0:af:53:61:86:f7:1e:4c:53:a7:68:19:
45:67:72:5e:f8:7b:00:73:a0:05:25:c6:5e:93:9e:
b9:aa:70:90:b9:7b:09:60:ac:55:42:52:4e:f4:e7:
0b:9b:41:0e:8d:83:27:ac:42:4b:27:0a:c0:58:57:
a1:8e:9f:bc:a8:32:ff:ce:48:08:c5:7a:e7:3f:b1:
f8:f0:0b:dc:46:2f:9d:e4:d9:ac:e9:d8:43:97:50:
3c:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:9A:66:65:A5:88:7D:0C:20:60:1D:45:81:55:33:2C:B9:D8:90:43
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/A5pmZaWIfQwgYB1FgVUzLLnYkEM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
c1:92:e7:38:01:0b:dc:ee:b3:c1:70:3e:da:39:8c:7a:ae:10:
eb:b8:d1:f4:c1:cd:b9:f3:aa:a0:c6:b3:ef:cf:a7:c9:7e:da:
ed:08:2c:6e:28:eb:a9:d6:f2:1f:2e:d2:45:85:55:5b:31:60:
90:3c:26:48:ee:60:97:43:f3:b7:4d:df:ea:23:4e:9b:ec:cf:
7e:3c:8b:cc:21:19:83:a9:7d:f4:4b:5e:1a:fb:f3:1a:08:de:
2e:13:26:90:d7:14:17:23:56:ac:82:18:00:59:96:98:dc:ef:
af:9b:77:51:ac:e9:cc:87:f8:6c:63:0c:a4:ac:e9:ae:78:c5:
80:0a:d9:3e:6a:ac:04:8e:bb:b8:cd:e9:14:0e:6b:9b:51:5b:
12:80:a3:1b:0c:f4:8b:1d:4f:e2:34:7b:ca:f5:8e:4b:09:f4:
2b:af:ed:7d:20:46:ea:82:95:59:33:9d:00:7e:3b:a4:ae:1c:
45:39:4a:2a:65:04:ff:e7:1c:dc:89:f0:f3:83:20:d7:25:3c:
77:de:24:38:e7:50:b0:dc:03:b5:16:d7:1a:29:72:56:d9:94:
5b:02:93:0d:f5:1e:52:f6:00:b0:7a:fe:a6:d1:2f:f3:aa:a1:
6d:2a:7e:ab:c5:61:9b:10:8d:c7:7c:9e:7d:a0:f8:b4:d1:c9:
e7:b4:02:57
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJGwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTAx
MTA5MDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDAzOUE2NjY1QTU4ODdE
MEMyMDYwMUQ0NTgxNTUzMzJDQjlEODkwNDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9Ffs7KVB7R1cZvaE+6jzoAHxsJC+ezUd0L19sFXtQcCjqH80L
uk2QfCa+lEjZy9Z8Uwans2//ssnv1k+S0qzGqTnV9RVZ1yYfRfXvKWezmtssHRkE
hTURBwa18t/IR3miwZz5FL+8w+PbasjAO38tOGWiZV0sxL1KkqAZgoyR+e9uWirQ
fFcs1/mrO1odJgrSGCoamz7zznoYCdvHwdr78QYkmT6DXdCvU2GG9x5MU6doGUVn
cl74ewBzoAUlxl6TnrmqcJC5ewlgrFVCUk705wubQQ6NgyesQksnCsBYV6GOn7yo
Mv/OSAjFeuc/sfjwC9xGL53k2azp2EOXUDx/AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUA5pmZaWIfQwgYB1FgVUzLLnYkEMwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvQTVwbVphV0lmUXdn
WUIxRmdWVXpMTG5Za0VNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAMGS5zgBC9zus8FwPto5jHquEOu4
0fTBzbnzqqDGs+/Pp8l+2u0ILG4o66nW8h8u0kWFVVsxYJA8JkjuYJdD87dN3+oj
Tpvsz348i8whGYOpffRLXhr78xoI3i4TJpDXFBcjVqyCGABZlpjc76+bd1Gs6cyH
+GxjDKSs6a54xYAK2T5qrASOu7jN6RQOa5tRWxKAoxsM9IsdT+I0e8r1jksJ9Cuv
7X0gRuqClVkznQB+O6SuHEU5SiplBP/nHNyJ8PODINclPHfeJDjnULDcA7UW1xop
clbZlFsCkw31HlL2ALB6/qbRL/OqoW0qfqvFYZsQjcd8nn2g+LTRyee0Alc=
-----END CERTIFICATE-----
Generated at Sat Jun 21 15:31:30 2025 by rpki-client