Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/BrI7iG8EgsC4BybEh_Y_ruoYrAI.roa
File: BrI7iG8EgsC4BybEh_Y_ruoYrAI.roa (raw, json)
Hash identifier: xToEfB7RbJw2AiP7T4maU4vWyqA1dwFRjJl6V2cp7no=
Subject key identifier: 06:B2:3B:88:6F:04:82:C0:B8:07:26:C4:87:F6:3F:AE:EA:18:AC:02
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2120
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/BrI7iG8EgsC4BybEh_Y_ruoYrAI.roa
Signing time: Wed 04 Jun 2025 14:38:44 +0000
ROA not before: Wed 04 Jun 2025 14:38:44 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8480 (0x2120)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 4 14:38:44 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=06B23B886F0482C0B80726C487F63FAEEA18AC02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:cc:83:ed:14:e9:f4:0e:0f:53:f9:e5:bb:49:
2b:68:e6:c2:ce:db:c0:4b:a0:da:2f:24:50:c0:4c:
df:2c:be:77:b8:55:30:e5:7e:6b:7e:e2:c5:7f:71:
bd:29:9b:d3:82:50:70:d5:07:56:fa:2f:a9:a8:99:
32:9b:0e:55:a9:16:2d:a6:1c:02:5d:a6:a1:9a:0b:
c7:a8:39:f9:0b:f9:39:48:6d:31:2b:4c:0f:75:df:
bb:79:38:a5:a6:00:ee:e5:f8:4e:a3:d4:8b:2d:59:
a7:30:9b:5a:88:14:e0:70:1c:77:ce:b9:9a:8c:00:
be:8c:d2:d8:cb:57:01:10:8e:f2:c8:53:8f:fd:56:
fe:05:4a:17:d9:9d:b2:6d:65:34:58:6d:07:78:79:
db:a1:50:19:f2:d6:48:85:6c:c9:97:20:e2:a6:de:
c6:d2:04:7a:96:40:66:b0:56:5f:6f:3b:97:a7:2f:
3d:bb:27:85:6a:aa:b8:a1:6e:c1:e1:32:35:06:44:
4f:f2:ea:e4:33:04:8b:1c:15:56:1b:af:ce:f3:3d:
fc:3e:40:29:54:c0:ad:d4:5f:e9:b9:da:8c:a1:9f:
9b:6d:b2:c5:ef:0c:c9:5d:57:b5:74:ac:de:3e:03:
d7:18:5b:8e:98:9c:11:a0:cf:a5:97:1f:5f:7e:47:
89:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:B2:3B:88:6F:04:82:C0:B8:07:26:C4:87:F6:3F:AE:EA:18:AC:02
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/BrI7iG8EgsC4BybEh_Y_ruoYrAI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
51:02:64:19:09:7b:ac:fa:24:81:79:8b:db:6d:cb:fe:6c:9b:
ff:6b:af:3c:19:4e:23:44:ca:52:ec:63:8a:38:ad:fa:4f:9d:
07:29:43:ef:5a:dd:68:6f:54:c9:1c:b8:28:fd:59:68:e4:33:
e0:32:27:ab:c7:b6:fc:01:c5:6c:2a:bf:bb:bf:9e:5f:2c:87:
9f:bd:24:fb:62:0b:50:73:b9:89:a7:5e:12:04:8a:3e:d5:bb:
88:60:55:d8:a9:94:ae:26:05:de:4b:5a:9e:88:52:97:8e:b1:
59:c3:20:c6:23:57:93:af:3f:6b:97:0e:63:12:ef:46:88:11:
d2:26:cb:0c:02:19:de:dc:32:24:99:8d:50:10:1f:54:56:16:
19:b5:ce:de:c1:a8:33:81:22:d1:bd:51:43:cb:b0:04:59:47:
a0:44:03:9e:76:b3:4c:50:cd:3b:d5:8b:ce:03:69:ab:d4:2f:
16:0e:4a:17:bf:5a:67:61:20:52:8e:f5:82:c8:ed:6d:ab:aa:
d3:19:3c:90:74:d9:dd:52:3e:2b:2b:d5:8a:f0:1d:09:c4:62:
1a:dc:fb:4e:38:5c:5b:13:e0:2a:6a:0d:de:88:64:39:a8:3c:
3a:63:d7:2e:6d:96:e3:2a:cc:35:79:1c:2b:00:69:fe:96:ac:
6b:12:ab:01
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICISAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDQx
NDM4NDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDA2QjIzQjg4NkYwNDgy
QzBCODA3MjZDNDg3RjYzRkFFRUExOEFDMDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQClzIPtFOn0Dg9T+eW7SSto5sLO28BLoNovJFDATN8svne4VTDl
fmt+4sV/cb0pm9OCUHDVB1b6L6momTKbDlWpFi2mHAJdpqGaC8eoOfkL+TlIbTEr
TA9137t5OKWmAO7l+E6j1IstWacwm1qIFOBwHHfOuZqMAL6M0tjLVwEQjvLIU4/9
Vv4FShfZnbJtZTRYbQd4eduhUBny1kiFbMmXIOKm3sbSBHqWQGawVl9vO5enLz27
J4VqqrihbsHhMjUGRE/y6uQzBIscFVYbr87zPfw+QClUwK3UX+m52oyhn5ttssXv
DMldV7V0rN4+A9cYW46YnBGgz6WXH19+R4mZAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUBrI7iG8EgsC4BybEh/Y/ruoYrAIwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvQnJJN2lHOEVnc0M0
QnliRWhfWV9ydW9ZckFJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAFECZBkJe6z6JIF5i9tty/5sm/9r
rzwZTiNEylLsY4o4rfpPnQcpQ+9a3WhvVMkcuCj9WWjkM+AyJ6vHtvwBxWwqv7u/
nl8sh5+9JPtiC1BzuYmnXhIEij7Vu4hgVdiplK4mBd5LWp6IUpeOsVnDIMYjV5Ov
P2uXDmMS70aIEdImywwCGd7cMiSZjVAQH1RWFhm1zt7BqDOBItG9UUPLsARZR6BE
A552s0xQzTvVi84DaavULxYOShe/WmdhIFKO9YLI7W2rqtMZPJB02d1SPisr1Yrw
HQnEYhrc+044XFsT4CpqDd6IZDmoPDpj1y5tluMqzDV5HCsAaf6WrGsSqwE=
-----END CERTIFICATE-----
Generated at Sat Jun 21 23:28:58 2025 by rpki-client