Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/GYt6Zz5bzFKbTvJRJbyVoM0hl98.roa
File: GYt6Zz5bzFKbTvJRJbyVoM0hl98.roa (raw, json)
Hash identifier: y+cVhP39s3fpDTBwqZ4FQcxKCqafod+Fx1lZOVzw6Fo=
Subject key identifier: 19:8B:7A:67:3E:5B:CC:52:9B:4E:F2:51:25:BC:95:A0:CD:21:97:DF
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2057
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/GYt6Zz5bzFKbTvJRJbyVoM0hl98.roa
Signing time: Tue 03 Jun 2025 05:08:45 +0000
ROA not before: Tue 03 Jun 2025 05:08:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8279 (0x2057)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 3 05:08:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=198B7A673E5BCC529B4EF25125BC95A0CD2197DF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:39:9c:00:06:d9:69:db:71:20:1c:8d:60:1a:
f4:88:6b:95:1b:72:16:52:d3:c1:24:72:24:c7:24:
65:de:ab:5a:b5:ae:aa:e2:4c:3a:00:05:01:b7:43:
65:53:b8:8a:96:e5:5b:49:ad:23:dc:a9:f9:04:11:
10:f3:d1:e3:34:bc:1d:be:3b:b1:ed:e3:a4:37:9b:
ee:14:55:37:2c:2c:f5:b4:7a:9a:d4:5a:9e:9d:c9:
41:6f:36:ce:14:b0:ce:a9:d7:85:86:f7:36:41:a3:
3f:e0:3e:a7:3d:fd:a2:8e:4e:07:a5:73:41:72:3e:
f7:53:ed:7c:11:eb:a5:22:1d:c0:f5:da:40:04:a7:
ae:42:33:03:b1:b2:ec:96:9d:fd:ba:85:6e:9c:73:
74:33:88:90:71:4d:4a:7b:78:f9:55:85:0a:fb:9c:
25:97:a9:16:ae:5d:38:ad:d7:49:de:ae:a8:1e:89:
31:05:de:ab:6d:fb:a9:ac:5e:6c:ee:33:24:5a:96:
13:b5:da:99:00:af:8d:bf:4b:cb:21:08:19:d0:cb:
b9:12:3b:ad:26:3b:07:22:e5:31:cc:4c:21:75:e8:
db:82:40:0d:a7:cf:22:a7:0b:1b:cf:f1:ce:0d:1a:
d8:8d:04:be:c2:1d:72:eb:5a:aa:51:28:ba:42:c3:
02:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:8B:7A:67:3E:5B:CC:52:9B:4E:F2:51:25:BC:95:A0:CD:21:97:DF
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/GYt6Zz5bzFKbTvJRJbyVoM0hl98.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
4d:0b:33:ad:43:47:41:a0:d5:e0:e8:a3:0c:3c:96:24:98:4a:
59:ee:03:96:de:3c:c0:47:a3:c1:05:f2:a9:49:fb:d0:f9:17:
cf:2f:04:5c:f0:6b:d8:85:70:b1:ff:ad:4e:ee:a5:9b:df:b8:
b9:aa:f9:8f:a4:71:8b:a8:25:17:78:a3:95:93:fa:44:5b:90:
ce:5a:a6:e3:c0:ae:a7:35:39:4b:39:a7:f2:25:e4:16:0e:e7:
1e:d4:3d:7f:68:89:cb:bb:70:e8:d3:08:07:42:77:03:b5:ca:
e6:96:4c:40:a0:4e:44:2a:d5:43:3d:69:60:ec:45:b4:4b:6a:
55:2f:d3:e1:d9:e9:82:cb:93:b7:9d:8b:1c:5b:10:b9:54:77:
cb:8a:86:bd:cc:6e:29:e4:34:43:1e:c9:b6:76:3e:1c:e0:9f:
93:1c:a7:89:a4:e5:b0:94:51:f4:05:b3:bf:09:d0:22:86:4b:
7f:56:a3:fa:9d:63:96:10:2b:3d:ad:b9:1d:f6:12:1a:d2:72:
34:b0:9a:70:04:ca:c2:4d:9d:d9:4a:0f:b7:12:49:bf:9d:3b:
1e:21:c2:a0:4a:92:bf:b2:02:64:7d:9d:ec:3a:50:f9:bc:0f:
0d:9a:c5:13:86:33:88:b7:77:46:6d:c0:59:b4:0d:8d:e9:b9:
08:fd:cd:a8
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIFcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDMw
NTA4NDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE5OEI3QTY3M0U1QkND
NTI5QjRFRjI1MTI1QkM5NUEwQ0QyMTk3REYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCWOZwABtlp23EgHI1gGvSIa5UbchZS08EkciTHJGXeq1q1rqri
TDoABQG3Q2VTuIqW5VtJrSPcqfkEERDz0eM0vB2+O7Ht46Q3m+4UVTcsLPW0eprU
Wp6dyUFvNs4UsM6p14WG9zZBoz/gPqc9/aKOTgelc0FyPvdT7XwR66UiHcD12kAE
p65CMwOxsuyWnf26hW6cc3QziJBxTUp7ePlVhQr7nCWXqRauXTit10nerqgeiTEF
3qtt+6msXmzuMyRalhO12pkAr42/S8shCBnQy7kSO60mOwci5THMTCF16NuCQA2n
zyKnCxvP8c4NGtiNBL7CHXLrWqpRKLpCwwJfAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUGYt6Zz5bzFKbTvJRJbyVoM0hl98wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvR1l0Nlp6NWJ6Rkti
VHZKUkpieVZvTTBobDk4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAE0LM61DR0Gg1eDooww8liSYSlnu
A5bePMBHo8EF8qlJ+9D5F88vBFzwa9iFcLH/rU7upZvfuLmq+Y+kcYuoJRd4o5WT
+kRbkM5apuPArqc1OUs5p/Il5BYO5x7UPX9oicu7cOjTCAdCdwO1yuaWTECgTkQq
1UM9aWDsRbRLalUv0+HZ6YLLk7edixxbELlUd8uKhr3MbinkNEMeybZ2Phzgn5Mc
p4mk5bCUUfQFs78J0CKGS39Wo/qdY5YQKz2tuR32EhrScjSwmnAEysJNndlKD7cS
Sb+dOx4hwqBKkr+yAmR9new6UPm8Dw2axROGM4i3d0ZtwFm0DY3puQj9zag=
-----END CERTIFICATE-----
Generated at Sun Jun 22 08:21:09 2025 by rpki-client