Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/FleTFB19FSixE0YsTm-ii3Ut5CQ.roa
File: FleTFB19FSixE0YsTm-ii3Ut5CQ.roa (raw, json)
Hash identifier: J8UfmQkkTmxJpmkZP1R7q2aW8AlO5YFd8SBD9Qilbqc=
Subject key identifier: 16:57:93:14:1D:7D:15:28:B1:13:46:2C:4E:6F:A2:8B:75:2D:E4:24
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 21AD
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/FleTFB19FSixE0YsTm-ii3Ut5CQ.roa
Signing time: Thu 05 Jun 2025 14:08:48 +0000
ROA not before: Thu 05 Jun 2025 14:08:48 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8621 (0x21ad)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 14:08:48 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=165793141D7D1528B113462C4E6FA28B752DE424
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:62:ba:f8:81:19:f6:8d:16:76:53:76:3e:5b:
1e:de:a1:4c:e6:80:26:f3:0f:a8:c7:fe:d0:85:8d:
6e:ca:59:2a:60:f9:df:c9:c0:ea:cf:ac:0d:d5:80:
67:2b:b2:c3:cc:38:dd:2c:2a:64:2d:38:7c:85:17:
b9:e1:b3:78:f5:8f:c4:5d:a1:10:cf:f8:cd:8c:21:
54:85:d1:cd:28:a2:6a:a9:56:b2:d9:9f:40:a9:46:
0e:dc:15:70:bf:1c:9f:71:b7:6b:f5:da:4b:ae:98:
9e:c5:27:76:21:30:09:52:c4:8c:e3:80:55:e6:2d:
be:fa:33:60:80:5c:6a:e1:2b:9a:4c:d7:7b:cf:cd:
3a:33:62:b9:8a:fe:8d:0c:56:07:bc:e5:a6:ca:71:
34:56:b8:dc:cd:54:a6:ac:42:26:71:1e:e9:a0:a2:
0b:b3:0f:21:a1:27:e5:cb:aa:5d:0d:f6:80:fd:6d:
74:e4:5f:42:1c:2e:cc:f8:fd:23:d7:c9:c3:c4:e9:
5a:50:d8:35:cd:dd:33:90:3b:0e:b9:1d:59:20:f2:
b4:a7:8a:93:e4:8a:23:3b:9f:f3:09:e0:4c:28:47:
c8:be:03:55:b5:f5:e0:3f:5c:23:40:91:5c:31:67:
9b:e9:b8:17:0e:d2:a2:d2:53:09:45:c0:d6:7a:d2:
71:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:57:93:14:1D:7D:15:28:B1:13:46:2C:4E:6F:A2:8B:75:2D:E4:24
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/FleTFB19FSixE0YsTm-ii3Ut5CQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
77:2f:16:33:28:84:66:5b:eb:46:ee:5e:16:db:f0:b2:54:c9:
5f:54:b0:60:12:9b:ea:e3:1f:53:04:45:d9:b8:b3:b0:e2:d6:
60:4d:21:49:60:3c:db:8f:ca:8e:14:f6:c5:b1:94:b0:58:aa:
f2:f4:ae:86:d4:65:47:fd:ba:f3:10:8a:5e:32:a4:17:d1:d3:
8e:06:8a:f2:81:f9:44:fc:4c:ba:db:ab:5d:9a:f1:b0:cd:67:
8c:4c:c9:96:61:29:28:93:65:3b:db:7f:4a:7d:33:3f:c4:a4:
55:a8:06:b0:72:90:b0:00:de:e3:ce:a5:7b:0b:ad:e6:df:ea:
0c:1e:b3:be:96:d9:37:af:39:bf:18:f4:17:37:16:e0:a1:e5:
39:f0:88:53:6b:37:28:10:f6:8d:c7:0a:c5:cb:9b:75:81:d9:
c3:04:72:f3:8e:e1:07:ff:11:3f:8a:46:d3:e5:6e:e8:43:65:
0f:4c:bb:b5:58:8f:e3:ce:2d:ae:84:44:9d:dd:7a:4f:eb:79:
ee:1e:23:d7:93:ba:d2:ad:58:6c:9d:da:02:d5:f4:3b:07:9f:
0f:45:00:43:f1:3f:c8:dd:db:35:dc:01:ec:50:30:18:3b:cd:
44:42:52:42:2b:ac:86:ea:3b:e1:da:0c:0e:9d:c6:0e:04:b0:
25:ec:b8:92
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIa0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUx
NDA4NDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE2NTc5MzE0MUQ3RDE1
MjhCMTEzNDYyQzRFNkZBMjhCNzUyREU0MjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVYrr4gRn2jRZ2U3Y+Wx7eoUzmgCbzD6jH/tCFjW7KWSpg+d/J
wOrPrA3VgGcrssPMON0sKmQtOHyFF7nhs3j1j8RdoRDP+M2MIVSF0c0oomqpVrLZ
n0CpRg7cFXC/HJ9xt2v12kuumJ7FJ3YhMAlSxIzjgFXmLb76M2CAXGrhK5pM13vP
zTozYrmK/o0MVge85abKcTRWuNzNVKasQiZxHumgoguzDyGhJ+XLql0N9oD9bXTk
X0IcLsz4/SPXycPE6VpQ2DXN3TOQOw65HVkg8rSnipPkiiM7n/MJ4EwoR8i+A1W1
9eA/XCNAkVwxZ5vpuBcO0qLSUwlFwNZ60nEVAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUFleTFB19FSixE0YsTm+ii3Ut5CQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvRmxlVEZCMTlGU2l4
RTBZc1RtLWlpM1V0NUNRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAHcvFjMohGZb60buXhbb8LJUyV9U
sGASm+rjH1MERdm4s7Di1mBNIUlgPNuPyo4U9sWxlLBYqvL0robUZUf9uvMQil4y
pBfR044GivKB+UT8TLrbq12a8bDNZ4xMyZZhKSiTZTvbf0p9Mz/EpFWoBrBykLAA
3uPOpXsLrebf6gwes76W2TevOb8Y9Bc3FuCh5TnwiFNrNygQ9o3HCsXLm3WB2cME
cvOO4Qf/ET+KRtPlbuhDZQ9Mu7VYj+POLa6ERJ3dek/ree4eI9eTutKtWGyd2gLV
9DsHnw9FAEPxP8jd2zXcAexQMBg7zURCUkIrrIbqO+HaDA6dxg4EsCXsuJI=
-----END CERTIFICATE-----
Generated at Sat Jun 21 11:24:49 2025 by rpki-client