Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/AbeHHFAlW2DE14QFcmRZHifIZJQ.roa
File: AbeHHFAlW2DE14QFcmRZHifIZJQ.roa (raw, json)
Hash identifier: NXv/WaXYCdgz6FPOt7mLlvWa3BYJS30OLgPwLQttAe0=
Subject key identifier: 01:B7:87:1C:50:25:5B:60:C4:D7:84:05:72:64:59:1E:27:C8:64:94
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 222C
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/AbeHHFAlW2DE14QFcmRZHifIZJQ.roa
Signing time: Fri 06 Jun 2025 11:08:48 +0000
ROA not before: Fri 06 Jun 2025 11:08:48 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8748 (0x222c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 6 11:08:48 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=01B7871C50255B60C4D784057264591E27C86494
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:72:44:a7:55:81:8d:3e:60:cc:23:e8:cb:da:
54:78:64:ed:bf:96:e8:a8:0a:05:1a:61:7f:63:5f:
7d:dc:23:9a:b1:9f:2c:bc:61:3c:4a:c4:22:52:66:
5b:4b:c2:2f:06:3e:f4:f5:87:07:93:c7:14:31:fd:
c1:1b:20:97:69:79:9d:af:cf:61:a2:8a:48:3c:89:
89:43:91:e6:1d:31:14:94:9e:8c:4b:3c:e4:88:3a:
c2:b8:d3:20:75:d4:da:42:e3:bd:47:3b:3a:44:e1:
7f:0b:5d:80:4f:d1:37:88:72:06:5f:78:e1:ed:51:
d3:74:3d:40:9d:08:15:8f:67:51:e9:41:91:75:3c:
f0:1b:a9:20:4f:df:b1:68:53:4b:ff:ca:90:5e:68:
98:e8:64:80:b0:13:12:8b:a3:10:56:63:0d:d1:d7:
4c:f6:a3:c1:77:9a:8d:e6:e1:e4:89:9b:0d:c6:4d:
2e:17:f6:13:5d:55:95:b4:79:dd:fa:16:a3:89:94:
9f:9c:93:65:a5:69:24:0c:bb:28:fb:fc:3e:be:15:
83:8a:df:24:3b:98:1a:fc:fa:55:ec:af:10:10:c0:
b7:3d:6d:2e:ee:e2:43:c1:95:75:dd:b5:1d:2c:d2:
54:c0:cc:9e:5f:a8:2a:73:ac:a3:3b:9f:f6:0a:bc:
3b:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:B7:87:1C:50:25:5B:60:C4:D7:84:05:72:64:59:1E:27:C8:64:94
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/AbeHHFAlW2DE14QFcmRZHifIZJQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
83:70:a3:50:63:63:44:30:e4:33:79:24:6d:c9:bc:72:4b:ab:
ea:ff:f0:84:81:96:e1:21:9a:b0:d7:cf:cc:19:27:72:e5:16:
26:43:7e:dc:4d:76:e3:29:82:c0:f3:7c:be:9e:cb:30:77:ce:
8d:1b:0a:71:21:d3:54:c4:bd:0d:cd:12:10:3a:24:c0:49:02:
2d:94:7d:08:08:42:bc:74:9a:ec:b4:bf:97:50:d1:e0:52:75:
48:ad:6a:db:bd:5d:05:18:71:42:2a:f2:09:81:56:54:f6:34:
91:79:88:e4:f6:67:2d:96:a8:ae:53:71:b1:96:fc:ee:14:5c:
f3:25:41:c3:87:b6:6c:0c:2b:02:1c:32:f6:f9:97:29:d3:35:
30:0b:47:0b:09:9b:32:2c:b8:28:c9:e9:8e:fe:30:43:e5:ef:
f5:9f:22:52:ec:91:ce:b0:da:df:5e:03:f5:e2:23:18:6d:6e:
65:c0:86:16:95:2c:c7:24:e5:99:59:a3:b8:47:14:d7:35:62:
1a:10:e7:66:8e:05:8d:90:da:75:69:77:2f:1f:55:5d:d0:20:
9f:1f:77:d3:04:8b:be:9c:e0:5a:50:bb:4f:2c:41:40:99:0f:
a1:52:b1:f4:d0:83:ce:47:79:e6:68:32:46:48:60:b7:8c:99:
de:ba:82:94
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIiwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDYx
MTA4NDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDAxQjc4NzFDNTAyNTVC
NjBDNEQ3ODQwNTcyNjQ1OTFFMjdDODY0OTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSckSnVYGNPmDMI+jL2lR4ZO2/luioCgUaYX9jX33cI5qxnyy8
YTxKxCJSZltLwi8GPvT1hweTxxQx/cEbIJdpeZ2vz2Giikg8iYlDkeYdMRSUnoxL
POSIOsK40yB11NpC471HOzpE4X8LXYBP0TeIcgZfeOHtUdN0PUCdCBWPZ1HpQZF1
PPAbqSBP37FoU0v/ypBeaJjoZICwExKLoxBWYw3R10z2o8F3mo3m4eSJmw3GTS4X
9hNdVZW0ed36FqOJlJ+ck2WlaSQMuyj7/D6+FYOK3yQ7mBr8+lXsrxAQwLc9bS7u
4kPBlXXdtR0s0lTAzJ5fqCpzrKM7n/YKvDvxAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUAbeHHFAlW2DE14QFcmRZHifIZJQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvQWJlSEhGQWxXMkRF
MTRRRmNtUlpIaWZJWkpRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAINwo1BjY0Qw5DN5JG3JvHJLq+r/
8ISBluEhmrDXz8wZJ3LlFiZDftxNduMpgsDzfL6eyzB3zo0bCnEh01TEvQ3NEhA6
JMBJAi2UfQgIQrx0muy0v5dQ0eBSdUitatu9XQUYcUIq8gmBVlT2NJF5iOT2Zy2W
qK5TcbGW/O4UXPMlQcOHtmwMKwIcMvb5lynTNTALRwsJmzIsuCjJ6Y7+MEPl7/Wf
IlLskc6w2t9eA/XiIxhtbmXAhhaVLMck5ZlZo7hHFNc1YhoQ52aOBY2Q2nVpdy8f
VV3QIJ8fd9MEi76c4FpQu08sQUCZD6FSsfTQg85HeeZoMkZIYLeMmd66gpQ=
-----END CERTIFICATE-----
Generated at Fri Jun 20 16:26:18 2025 by rpki-client