Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Fg72J9qNFpJgPasIb3ljPO5CujQ.roa
File: Fg72J9qNFpJgPasIb3ljPO5CujQ.roa (raw, json)
Hash identifier: dkqA3ddh+HZyfiNVHyrozpmRmVn+N2alEmk2MBXZlDA=
Subject key identifier: 16:0E:F6:27:DA:8D:16:92:60:3D:AB:08:6F:79:63:3C:EE:42:BA:34
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1ED8
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Fg72J9qNFpJgPasIb3ljPO5CujQ.roa
Signing time: Sat 31 May 2025 13:08:28 +0000
ROA not before: Sat 31 May 2025 13:08:28 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7896 (0x1ed8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 31 13:08:28 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=160EF627DA8D1692603DAB086F79633CEE42BA34
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:c8:e6:8b:3a:80:83:b3:50:02:5f:98:c8:f6:
8b:ae:bf:1f:80:30:13:14:fc:32:55:2d:e4:9f:d0:
34:c1:8d:9f:28:6e:28:74:a5:29:78:2f:1e:cc:4e:
d6:dc:0d:7b:ca:91:f2:90:0c:e9:98:e8:a8:df:85:
bd:e3:1b:2a:54:57:45:c5:d8:12:da:7d:fc:20:1e:
e8:0b:39:b3:b9:a8:86:8d:16:9d:b7:8f:29:73:ab:
ef:98:67:5b:fb:5f:db:dc:71:ca:41:94:21:8e:ac:
cd:70:04:4e:0e:b1:f0:77:c2:44:6f:3d:81:cf:df:
c4:d2:15:d2:e7:ba:de:7b:37:60:15:8e:a4:19:38:
f8:bb:5f:57:59:55:40:64:2f:30:ed:7d:6f:ad:90:
97:e3:81:02:09:e5:7d:dc:bf:47:ce:8a:de:b8:48:
d3:cb:15:34:e8:9c:18:09:d2:f0:b3:3f:cf:89:93:
40:19:81:09:7c:6f:69:fa:44:84:03:82:a3:d0:97:
0b:dc:45:33:f9:8c:50:fc:4d:f0:c6:28:74:e2:d9:
ac:b8:e6:b8:bc:0c:4f:91:b4:fb:33:ce:9d:a3:8d:
06:52:b2:e0:ad:93:10:f5:4b:c5:b2:35:c1:2b:91:
b5:72:df:47:55:a4:08:ee:ce:06:85:db:b0:54:4e:
47:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:0E:F6:27:DA:8D:16:92:60:3D:AB:08:6F:79:63:3C:EE:42:BA:34
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Fg72J9qNFpJgPasIb3ljPO5CujQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
98:1d:4f:04:43:be:57:bd:81:cf:cb:75:74:54:2d:81:55:0f:
79:d1:62:e4:c1:af:0c:87:42:c3:ba:72:d3:76:3a:cf:8c:a4:
f5:20:64:1b:09:63:d4:d7:56:84:79:bf:4c:e9:3a:67:fe:36:
3d:f0:ae:17:09:e3:a3:b5:69:05:b3:2f:1f:4a:eb:71:6c:d3:
79:7d:4e:8d:b9:a3:4d:68:ab:f5:df:61:b3:24:9f:c6:86:a6:
0d:7e:7a:7e:4f:77:74:aa:82:31:f1:b5:55:7e:8a:09:f4:35:
4f:04:65:d1:cd:13:3d:90:dd:77:dd:78:28:0e:93:74:d5:85:
a3:40:2a:51:1c:c6:01:38:4c:e5:28:fe:81:3a:ef:7c:1a:4f:
c2:eb:aa:29:c8:47:31:0c:88:6f:4b:78:ba:a6:50:a8:3f:02:
31:0a:b5:23:5a:4a:09:fe:0e:81:51:05:c5:1f:82:a0:1d:6f:
b7:dd:7b:f0:4a:da:44:c0:89:33:2d:31:dd:47:1b:eb:ff:a2:
24:7b:54:51:60:dd:5b:26:e2:3b:89:0f:e1:5f:aa:ce:f2:cc:
b0:a6:e3:53:23:93:32:4b:3b:31:8a:17:34:3e:47:fd:5f:9c:
b6:d2:75:86:02:08:d6:d9:ad:62:7f:e2:e4:d8:6a:91:0a:c6:
91:c7:36:d4
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHtgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MzEx
MzA4MjhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE2MEVGNjI3REE4RDE2
OTI2MDNEQUIwODZGNzk2MzNDRUU0MkJBMzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDyyOaLOoCDs1ACX5jI9ouuvx+AMBMU/DJVLeSf0DTBjZ8obih0
pSl4Lx7MTtbcDXvKkfKQDOmY6Kjfhb3jGypUV0XF2BLaffwgHugLObO5qIaNFp23
jylzq++YZ1v7X9vcccpBlCGOrM1wBE4OsfB3wkRvPYHP38TSFdLnut57N2AVjqQZ
OPi7X1dZVUBkLzDtfW+tkJfjgQIJ5X3cv0fOit64SNPLFTTonBgJ0vCzP8+Jk0AZ
gQl8b2n6RIQDgqPQlwvcRTP5jFD8TfDGKHTi2ay45ri8DE+RtPszzp2jjQZSsuCt
kxD1S8WyNcErkbVy30dVpAjuzgaF27BUTkcxAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUFg72J9qNFpJgPasIb3ljPO5CujQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvRmc3Mko5cU5GcEpn
UGFzSWIzbGpQTzVDdWpRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAJgdTwRDvle9gc/LdXRULYFVD3nR
YuTBrwyHQsO6ctN2Os+MpPUgZBsJY9TXVoR5v0zpOmf+Nj3wrhcJ46O1aQWzLx9K
63Fs03l9To25o01oq/XfYbMkn8aGpg1+en5Pd3SqgjHxtVV+ign0NU8EZdHNEz2Q
3XfdeCgOk3TVhaNAKlEcxgE4TOUo/oE673waT8LrqinIRzEMiG9LeLqmUKg/AjEK
tSNaSgn+DoFRBcUfgqAdb7fde/BK2kTAiTMtMd1HG+v/oiR7VFFg3Vsm4juJD+Ff
qs7yzLCm41MjkzJLOzGKFzQ+R/1fnLbSdYYCCNbZrWJ/4uTYapEKxpHHNtQ=
-----END CERTIFICATE-----
Generated at Sun Jun 22 13:54:28 2025 by rpki-client