Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/GsFPsXdKS5Y05IwTGuDas1Lw5SI.roa
File: GsFPsXdKS5Y05IwTGuDas1Lw5SI.roa (raw, json)
Hash identifier: +KVwM9VDp3jQToEbiwem/9saa8H4Iqh5fkIt9qbfSos=
Subject key identifier: 1A:C1:4F:B1:77:4A:4B:96:34:E4:8C:13:1A:E0:DA:B3:52:F0:E5:22
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2531
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/GsFPsXdKS5Y05IwTGuDas1Lw5SI.roa
Signing time: Wed 11 Jun 2025 20:09:11 +0000
ROA not before: Wed 11 Jun 2025 20:09:11 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9521 (0x2531)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 11 20:09:11 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1AC14FB1774A4B9634E48C131AE0DAB352F0E522
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:62:8f:38:ba:03:81:b9:a8:e0:7f:a5:00:6a:
0e:ee:47:74:f1:ed:32:3e:14:83:ae:37:3f:ab:5e:
da:26:09:33:53:77:ac:d6:f2:e9:1c:ab:25:96:21:
43:76:01:67:9d:00:88:a7:d6:d3:4f:00:9c:9d:a4:
4e:9f:94:5c:1b:ad:45:63:33:7c:05:72:f8:09:06:
f0:6a:80:1b:6d:b3:e1:fb:0a:bb:08:62:29:8d:96:
93:0b:2d:73:2d:77:04:fb:09:b4:11:7f:89:93:b4:
85:3c:86:54:45:13:cb:ae:da:16:fc:ac:3d:cd:e4:
a9:8f:c5:50:97:ae:82:5f:ac:72:f4:6b:4a:18:f2:
19:2d:a1:9c:c3:f2:55:9e:ea:a6:8a:f8:4e:d2:fc:
18:f2:78:11:6e:7f:c6:80:0f:2c:71:15:31:2d:1a:
29:7d:eb:eb:54:8e:58:c7:b4:42:14:13:88:a8:6e:
85:54:f4:2d:11:55:6a:ff:4e:99:b9:b4:dd:30:a5:
f6:10:ef:d4:84:77:0b:4e:e4:a5:7c:bb:27:c0:30:
bf:e5:b3:56:9e:bc:3f:ea:57:83:41:ce:22:47:7a:
aa:cb:d4:96:d1:52:de:3c:0a:18:78:99:e1:69:53:
12:f9:59:de:d3:87:94:0e:16:6d:7e:27:6c:e8:93:
a2:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:C1:4F:B1:77:4A:4B:96:34:E4:8C:13:1A:E0:DA:B3:52:F0:E5:22
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/GsFPsXdKS5Y05IwTGuDas1Lw5SI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
1b:1f:45:37:8a:68:11:b8:e0:a3:54:a5:e4:e6:41:c0:24:f0:
d9:c2:c5:c0:6d:8b:25:69:44:8d:33:87:78:13:6a:a6:e0:5f:
8c:ba:be:f1:60:78:66:61:3c:86:ce:ef:3c:cb:96:64:df:d8:
4f:40:3a:1d:54:7f:6e:7c:f6:0f:f1:69:22:ab:d0:a3:9b:76:
cf:ed:2f:f0:ce:8b:0c:bf:24:f4:da:b4:8f:ab:dd:89:e9:89:
7c:d7:5c:f8:58:60:05:72:87:56:24:02:b3:a9:9d:b6:b0:e9:
9b:1d:73:c0:bb:59:b8:0b:1a:d9:8e:a5:c9:c6:20:da:41:46:
db:eb:d5:68:f1:f5:58:15:a6:cb:5a:00:63:bb:72:76:7d:bc:
ef:35:06:dd:b4:c6:a2:d5:de:06:bb:ec:45:72:5e:e3:b3:73:
9e:c8:40:da:6c:56:92:7e:1b:b4:a3:fb:14:23:b0:11:f6:11:
17:85:6c:1d:a2:3d:84:a8:36:80:c9:74:41:f2:20:d0:68:bd:
f6:f9:e0:9f:70:ee:bd:c8:a0:13:92:bc:a1:21:64:e8:2c:f1:
a3:cc:41:3b:9b:69:7b:b4:6f:01:d5:c8:62:49:80:ca:8a:a1:
d4:94:67:09:a0:2c:ab:02:b0:ee:c5:db:1a:bd:47:ec:8e:0d:
f5:9f:8c:90
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJTEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTEy
MDA5MTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDFBQzE0RkIxNzc0QTRC
OTYzNEU0OEMxMzFBRTBEQUIzNTJGMEU1MjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+Yo84ugOBuajgf6UAag7uR3Tx7TI+FIOuNz+rXtomCTNTd6zW
8ukcqyWWIUN2AWedAIin1tNPAJydpE6flFwbrUVjM3wFcvgJBvBqgBtts+H7CrsI
YimNlpMLLXMtdwT7CbQRf4mTtIU8hlRFE8uu2hb8rD3N5KmPxVCXroJfrHL0a0oY
8hktoZzD8lWe6qaK+E7S/BjyeBFuf8aADyxxFTEtGil96+tUjljHtEIUE4ioboVU
9C0RVWr/Tpm5tN0wpfYQ79SEdwtO5KV8uyfAML/ls1aevD/qV4NBziJHeqrL1JbR
Ut48Chh4meFpUxL5Wd7Th5QOFm1+J2zok6J/AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUGsFPsXdKS5Y05IwTGuDas1Lw5SIwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvR3NGUHNYZEtTNVkw
NUl3VEd1RGFzMUx3NVNJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABsfRTeKaBG44KNUpeTmQcAk8NnC
xcBtiyVpRI0zh3gTaqbgX4y6vvFgeGZhPIbO7zzLlmTf2E9AOh1Uf2589g/xaSKr
0KObds/tL/DOiwy/JPTatI+r3YnpiXzXXPhYYAVyh1YkArOpnbaw6Zsdc8C7WbgL
GtmOpcnGINpBRtvr1Wjx9VgVpstaAGO7cnZ9vO81Bt20xqLV3ga77EVyXuOzc57I
QNpsVpJ+G7Sj+xQjsBH2EReFbB2iPYSoNoDJdEHyINBovfb54J9w7r3IoBOSvKEh
ZOgs8aPMQTubaXu0bwHVyGJJgMqKodSUZwmgLKsCsO7F2xq9R+yODfWfjJA=
-----END CERTIFICATE-----
Generated at Sun Jun 22 13:33:28 2025 by rpki-client