Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/C7Jaf9mnCtpS7D-m-WvOSS-bBCg.roa
File: C7Jaf9mnCtpS7D-m-WvOSS-bBCg.roa (raw, json)
Hash identifier: hMUWKu0ZAFhI7oG7LfgomtqRiiUyGFuZ4qo98S+LYG4=
Subject key identifier: 0B:B2:5A:7F:D9:A7:0A:DA:52:EC:3F:A6:F9:6B:CE:49:2F:9B:04:28
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2253
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/C7Jaf9mnCtpS7D-m-WvOSS-bBCg.roa
Signing time: Fri 06 Jun 2025 17:38:49 +0000
ROA not before: Fri 06 Jun 2025 17:38:49 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8787 (0x2253)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 6 17:38:49 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0BB25A7FD9A70ADA52EC3FA6F96BCE492F9B0428
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:d1:85:5a:79:65:48:52:f0:f6:2c:7e:9e:b9:
8c:23:fa:1b:4b:97:e2:20:41:f5:17:20:aa:50:95:
b1:04:f2:83:64:59:a4:fe:13:f5:c2:a4:ff:16:41:
2c:7e:a2:9f:e5:b5:37:8d:dc:c8:d9:bd:e8:4e:d3:
47:d3:e6:83:9d:eb:90:64:ad:b6:d3:76:50:92:0b:
09:80:21:5d:18:39:2c:e2:24:47:4b:7b:b0:45:0c:
25:27:39:ed:34:03:f0:dd:6c:2a:32:3a:4c:60:61:
21:d5:c4:39:35:f7:ff:0a:81:56:c2:94:47:d2:01:
18:16:e3:87:aa:67:ae:d5:98:ab:9d:25:03:72:76:
24:64:0f:31:d3:14:ec:41:f0:f2:4f:09:72:e2:a6:
40:22:d4:46:af:dc:82:70:aa:56:e2:08:73:21:88:
93:0f:44:10:b7:4b:30:c3:8a:45:40:17:c1:aa:5f:
fc:ab:e2:a8:73:7c:f7:ca:aa:1a:61:3f:f6:a7:a4:
f4:6a:6f:ed:f2:5f:2a:1c:6c:75:4b:a7:18:2d:2d:
24:39:f0:2c:b4:c1:7c:1d:56:c9:55:29:1a:f2:ee:
7c:22:9d:88:b9:b2:f2:ae:fc:69:9f:77:b8:b8:c0:
29:b3:96:8c:e9:5e:e8:62:b3:7b:d6:53:06:f2:5f:
68:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:B2:5A:7F:D9:A7:0A:DA:52:EC:3F:A6:F9:6B:CE:49:2F:9B:04:28
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/C7Jaf9mnCtpS7D-m-WvOSS-bBCg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
45:49:f3:5c:dd:8a:63:73:01:89:22:31:4d:78:15:bf:04:77:
fe:21:fe:03:52:50:f2:0b:e1:70:1f:b3:d1:81:76:ee:1f:4f:
59:7e:33:f7:41:1c:50:02:dd:d5:30:95:7f:1d:e5:6d:55:2a:
59:40:2b:12:27:6e:3f:66:5b:e1:5b:b1:2e:fe:42:4f:f3:f2:
fb:2b:0c:9a:a5:3b:9c:59:5b:82:1e:32:9e:1c:66:36:15:27:
c9:96:91:4a:b6:4d:6c:fa:a0:f3:d0:a2:71:fb:23:b8:93:0a:
a4:4d:73:b0:45:1d:a9:94:fd:c0:be:33:6b:59:65:80:fb:0d:
98:ec:36:12:1c:d3:ce:a1:67:f8:a0:76:02:a5:7f:b8:16:70:
72:c9:23:7b:f0:f1:ff:5c:62:cd:47:15:5b:d3:74:d1:03:86:
31:5b:aa:f1:ec:af:c4:27:6d:83:16:13:b8:1a:d2:7e:e2:b8:
38:a1:c6:a2:68:d2:97:99:49:34:e8:7e:6b:ff:5b:a6:0a:59:
12:a8:c7:84:39:9f:32:4c:21:72:33:4f:32:44:73:2c:74:a5:
d0:82:eb:61:e1:92:57:5f:1e:6c:32:7e:82:55:82:41:8d:c6:
97:fc:c3:54:aa:50:5d:51:60:79:46:79:a2:e6:74:c8:15:c6:
f2:f4:45:eb
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIlMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDYx
NzM4NDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBCQjI1QTdGRDlBNzBB
REE1MkVDM0ZBNkY5NkJDRTQ5MkY5QjA0MjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDz0YVaeWVIUvD2LH6euYwj+htLl+IgQfUXIKpQlbEE8oNkWaT+
E/XCpP8WQSx+op/ltTeN3MjZvehO00fT5oOd65BkrbbTdlCSCwmAIV0YOSziJEdL
e7BFDCUnOe00A/DdbCoyOkxgYSHVxDk19/8KgVbClEfSARgW44eqZ67VmKudJQNy
diRkDzHTFOxB8PJPCXLipkAi1Eav3IJwqlbiCHMhiJMPRBC3SzDDikVAF8GqX/yr
4qhzfPfKqhphP/anpPRqb+3yXyocbHVLpxgtLSQ58Cy0wXwdVslVKRry7nwinYi5
svKu/Gmfd7i4wCmzlozpXuhis3vWUwbyX2gdAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUC7Jaf9mnCtpS7D+m+WvOSS+bBCgwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvQzdKYWY5bW5DdHBT
N0QtbS1Xdk9TUy1iQkNnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAEVJ81zdimNzAYkiMU14Fb8Ed/4h
/gNSUPIL4XAfs9GBdu4fT1l+M/dBHFAC3dUwlX8d5W1VKllAKxInbj9mW+FbsS7+
Qk/z8vsrDJqlO5xZW4IeMp4cZjYVJ8mWkUq2TWz6oPPQonH7I7iTCqRNc7BFHamU
/cC+M2tZZYD7DZjsNhIc086hZ/igdgKlf7gWcHLJI3vw8f9cYs1HFVvTdNEDhjFb
qvHsr8QnbYMWE7ga0n7iuDihxqJo0peZSTTofmv/W6YKWRKox4Q5nzJMIXIzTzJE
cyx0pdCC62HhkldfHmwyfoJVgkGNxpf8w1SqUF1RYHlGeaLmdMgVxvL0Res=
-----END CERTIFICATE-----
Generated at Fri Jun 20 16:18:18 2025 by rpki-client