Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Bg28Nm1Yxm8N9hPI2mMO9D8ultI.roa
File: Bg28Nm1Yxm8N9hPI2mMO9D8ultI.roa (raw, json)
Hash identifier: PCngIJeJZCyceXPqZ0KSR73yrx7vjV1T5pSbVX+fhp8=
Subject key identifier: 06:0D:BC:36:6D:58:C6:6F:0D:F6:13:C8:DA:63:0E:F4:3F:2E:96:D2
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2393
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Bg28Nm1Yxm8N9hPI2mMO9D8ultI.roa
Signing time: Sun 08 Jun 2025 23:08:57 +0000
ROA not before: Sun 08 Jun 2025 23:08:57 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9107 (0x2393)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 8 23:08:57 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=060DBC366D58C66F0DF613C8DA630EF43F2E96D2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:4f:f2:4c:7b:fb:64:a4:bd:44:0e:f8:07:19:
ba:e8:19:bf:63:0c:d0:b5:84:87:12:2b:6f:28:39:
83:6d:4b:27:97:92:a8:63:3f:e3:03:7d:12:9f:99:
13:81:69:82:e8:da:cf:ab:77:b3:58:23:f9:18:4c:
25:ca:2d:56:d6:b9:ea:29:17:b8:f3:f2:5f:d0:bd:
8a:3f:06:58:69:0e:77:cb:19:7e:f3:82:44:f0:71:
e0:6d:81:3e:04:4a:65:12:77:82:55:38:8f:04:1f:
c4:b5:ad:3f:9d:64:c5:74:9f:f9:e1:17:20:a0:7e:
83:fe:4d:28:bd:12:55:01:9c:61:ee:e7:47:be:18:
5c:f5:77:8e:8c:59:a7:d5:0e:50:9a:29:52:3a:97:
f4:d0:d2:c7:31:3e:13:f1:a2:d5:45:44:90:e4:d9:
ce:2a:b0:8b:b9:13:d5:44:44:25:c5:dc:17:8e:1e:
62:c5:e7:2c:81:78:81:d8:a9:84:d5:69:01:25:21:
9a:c4:98:de:6c:2b:ec:fc:4b:e6:83:f0:d3:6d:bf:
57:c6:e0:c7:c9:15:6e:83:01:c2:23:fa:13:3c:08:
7e:9d:f8:c9:d7:7f:b6:6b:45:fa:dc:07:ad:ab:9f:
77:32:4a:d9:33:da:38:11:19:cb:28:54:57:89:fc:
a7:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:0D:BC:36:6D:58:C6:6F:0D:F6:13:C8:DA:63:0E:F4:3F:2E:96:D2
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Bg28Nm1Yxm8N9hPI2mMO9D8ultI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
3c:3a:d5:56:10:27:63:b8:8d:00:c5:7c:50:6d:b2:9f:bd:0b:
42:fb:88:87:5b:db:91:22:a6:26:5e:6f:99:92:d9:33:77:74:
fe:aa:6d:71:f8:f1:6a:99:56:3d:9e:a9:95:e3:7b:79:49:38:
bf:c9:ed:73:e0:f3:ce:82:21:e8:9e:fc:7d:fa:58:af:89:aa:
cb:c8:02:a6:e4:43:49:17:86:91:c7:16:f8:62:1d:7d:ca:a2:
52:36:83:bc:8d:2c:b4:8d:9d:86:2b:9d:48:71:d2:6a:21:fd:
61:7f:5a:2a:4b:07:c5:79:15:c5:b5:32:5d:bd:a0:54:ef:26:
8c:28:18:d0:dc:6f:b6:0a:c3:1c:f2:73:17:33:30:b4:10:4b:
2e:77:f1:9b:4c:b1:bd:e8:54:4b:54:df:a3:6a:ec:f6:b8:d9:
64:d6:85:84:50:83:43:39:0c:63:9c:dd:77:e5:85:3d:fd:0a:
aa:e6:ba:38:6c:59:c4:d6:25:8e:e0:5d:4f:7b:df:62:ff:b4:
39:86:c0:f0:59:8f:26:e6:12:17:60:d2:c9:d7:25:50:9d:a3:
9a:c7:50:bc:7d:89:ab:6b:b5:19:2e:78:8f:4d:58:26:72:83:
d7:cf:c7:71:87:ce:b8:67:32:42:71:5f:e1:55:05:0b:1c:b2:
b1:42:f1:9f
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICI5MwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDgy
MzA4NTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDA2MERCQzM2NkQ1OEM2
NkYwREY2MTNDOERBNjMwRUY0M0YyRTk2RDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDqT/JMe/tkpL1EDvgHGbroGb9jDNC1hIcSK28oOYNtSyeXkqhj
P+MDfRKfmROBaYLo2s+rd7NYI/kYTCXKLVbWueopF7jz8l/QvYo/BlhpDnfLGX7z
gkTwceBtgT4ESmUSd4JVOI8EH8S1rT+dZMV0n/nhFyCgfoP+TSi9ElUBnGHu50e+
GFz1d46MWafVDlCaKVI6l/TQ0scxPhPxotVFRJDk2c4qsIu5E9VERCXF3BeOHmLF
5yyBeIHYqYTVaQElIZrEmN5sK+z8S+aD8NNtv1fG4MfJFW6DAcIj+hM8CH6d+MnX
f7ZrRfrcB62rn3cyStkz2jgRGcsoVFeJ/KefAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUBg28Nm1Yxm8N9hPI2mMO9D8ultIwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvQmcyOE5tMVl4bThO
OWhQSTJtTU85RDh1bHRJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBADw61VYQJ2O4jQDFfFBtsp+9C0L7
iIdb25EipiZeb5mS2TN3dP6qbXH48WqZVj2eqZXje3lJOL/J7XPg886CIeie/H36
WK+JqsvIAqbkQ0kXhpHHFvhiHX3KolI2g7yNLLSNnYYrnUhx0moh/WF/WipLB8V5
FcW1Ml29oFTvJowoGNDcb7YKwxzycxczMLQQSy538ZtMsb3oVEtU36Nq7Pa42WTW
hYRQg0M5DGOc3XflhT39CqrmujhsWcTWJY7gXU9732L/tDmGwPBZjybmEhdg0snX
JVCdo5rHULx9iatrtRkueI9NWCZyg9fPx3GHzrhnMkJxX+FVBQscsrFC8Z8=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:35:41 2025 by rpki-client