Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/FmDS568BVZjbykVeV-V90EhqULg.roa
File: FmDS568BVZjbykVeV-V90EhqULg.roa (raw, json)
Hash identifier: n1w3T3eaJw0dVT9Cj3IjkPKlShdbbHtF8nHZyX1W40Y=
Subject key identifier: 16:60:D2:E7:AF:01:55:98:DB:CA:45:5E:57:E5:7D:D0:48:6A:50:B8
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 230C
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/FmDS568BVZjbykVeV-V90EhqULg.roa
Signing time: Sun 08 Jun 2025 00:38:53 +0000
ROA not before: Sun 08 Jun 2025 00:38:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8972 (0x230c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 8 00:38:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1660D2E7AF015598DBCA455E57E57DD0486A50B8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:25:cf:36:ba:6c:d2:59:45:aa:bc:c3:db:79:
4e:12:c6:ac:47:12:8c:90:c7:b8:3c:ec:86:72:b1:
95:6f:ab:e4:10:23:2f:ba:11:be:66:30:c8:1e:48:
3c:66:84:3c:f9:c8:44:91:e1:4b:cd:01:0d:c6:59:
f9:38:b7:d2:f8:5d:b3:c8:0a:2d:1c:36:a9:ad:7e:
01:ea:8c:27:a9:53:ef:c4:26:5b:ed:bb:be:40:1f:
bf:68:a5:f0:4d:e0:11:f4:71:0e:90:cb:84:92:f8:
7d:9e:ad:80:f6:5d:42:93:11:73:d2:d0:43:de:2a:
7a:e1:0f:4f:70:1c:74:44:08:fc:2a:4a:af:13:d2:
ad:64:18:30:fe:90:90:d0:6c:1b:1f:e3:1b:cc:1f:
7d:bc:54:32:69:9a:b3:3c:da:dd:76:a9:82:44:81:
70:87:54:d9:89:e0:39:75:25:52:7a:98:e1:04:6e:
02:14:53:ec:8f:bc:68:ee:bf:e6:a4:9e:5f:b2:7c:
7a:ed:f0:69:8b:89:d5:c5:26:a6:8b:1c:e7:ed:6d:
ad:6a:e1:7b:d9:a2:63:80:7d:d6:f3:7f:1a:63:53:
03:ef:a0:40:4b:8a:f3:f3:38:76:89:c1:8d:88:a9:
58:05:0a:7c:cd:85:67:67:02:9d:b0:6f:44:5d:52:
e8:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:60:D2:E7:AF:01:55:98:DB:CA:45:5E:57:E5:7D:D0:48:6A:50:B8
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/FmDS568BVZjbykVeV-V90EhqULg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
ad:26:74:c7:e6:a0:8d:5f:64:6c:96:46:7f:78:b8:74:b9:65:
65:07:d8:5f:c3:0c:2d:ce:22:e1:22:60:53:f0:36:de:50:49:
77:f9:41:d8:63:9f:fc:f5:b3:55:f5:e6:f2:2c:e6:8d:1b:c4:
4c:6c:a4:40:88:13:a1:42:de:10:33:a5:46:1a:c8:8e:cd:4c:
8e:38:ea:a4:1a:a4:5e:81:ae:ba:33:36:10:69:62:76:cf:46:
c6:c3:72:f5:3d:5b:18:12:7f:53:66:8e:be:65:45:f2:70:d7:
2f:2b:cc:0b:15:0d:0d:82:b7:62:10:fc:20:b2:bb:e2:27:96:
17:b1:89:23:45:92:a5:25:5f:d9:14:b0:bc:aa:be:6a:05:86:
d4:be:06:5a:00:45:49:b8:19:13:14:6f:b7:ca:ef:28:49:dc:
5e:62:95:cb:3a:c5:6d:59:7a:09:50:a8:0c:57:70:f4:71:33:
80:88:1b:1c:e5:63:85:fb:ac:a7:46:99:91:26:f6:6f:69:0d:
78:3f:76:e8:eb:04:72:af:4e:49:a6:ea:3c:11:9b:92:46:2e:
77:71:2d:c2:2e:c0:1f:b5:80:64:32:86:f7:f8:6a:b4:7b:12:
41:62:c6:3d:73:bf:76:37:86:8f:b9:ad:fb:61:14:63:d7:4d:
2d:56:f0:4c
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIwwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDgw
MDM4NTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE2NjBEMkU3QUYwMTU1
OThEQkNBNDU1RTU3RTU3REQwNDg2QTUwQjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIJc82umzSWUWqvMPbeU4SxqxHEoyQx7g87IZysZVvq+QQIy+6
Eb5mMMgeSDxmhDz5yESR4UvNAQ3GWfk4t9L4XbPICi0cNqmtfgHqjCepU+/EJlvt
u75AH79opfBN4BH0cQ6Qy4SS+H2erYD2XUKTEXPS0EPeKnrhD09wHHRECPwqSq8T
0q1kGDD+kJDQbBsf4xvMH328VDJpmrM82t12qYJEgXCHVNmJ4Dl1JVJ6mOEEbgIU
U+yPvGjuv+aknl+yfHrt8GmLidXFJqaLHOftba1q4XvZomOAfdbzfxpjUwPvoEBL
ivPzOHaJwY2IqVgFCnzNhWdnAp2wb0RdUuiDAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUFmDS568BVZjbykVeV+V90EhqULgwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvRm1EUzU2OEJWWmpi
eWtWZVYtVjkwRWhxVUxnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAK0mdMfmoI1fZGyWRn94uHS5ZWUH
2F/DDC3OIuEiYFPwNt5QSXf5Qdhjn/z1s1X15vIs5o0bxExspECIE6FC3hAzpUYa
yI7NTI446qQapF6BrrozNhBpYnbPRsbDcvU9WxgSf1Nmjr5lRfJw1y8rzAsVDQ2C
t2IQ/CCyu+InlhexiSNFkqUlX9kUsLyqvmoFhtS+BloARUm4GRMUb7fK7yhJ3F5i
lcs6xW1ZeglQqAxXcPRxM4CIGxzlY4X7rKdGmZEm9m9pDXg/dujrBHKvTkmm6jwR
m5JGLndxLcIuwB+1gGQyhvf4arR7EkFixj1zv3Y3ho+5rfthFGPXTS1W8Ew=
-----END CERTIFICATE-----
Generated at Sat Jun 21 23:28:27 2025 by rpki-client