Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/IBX0LaYHq89iA27q0oHEbqGbVDY.roa
File: IBX0LaYHq89iA27q0oHEbqGbVDY.roa (raw, json)
Hash identifier: JA5WTyRMtW8azeeMsU9dWkEr017ZrlGdAWnAKyBJjyw=
Subject key identifier: 20:15:F4:2D:A6:07:AB:CF:62:03:6E:EA:D2:81:C4:6E:A1:9B:54:36
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2160
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/IBX0LaYHq89iA27q0oHEbqGbVDY.roa
Signing time: Thu 05 Jun 2025 01:08:50 +0000
ROA not before: Thu 05 Jun 2025 01:08:50 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8544 (0x2160)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 01:08:50 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2015F42DA607ABCF62036EEAD281C46EA19B5436
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:09:e9:b2:72:7a:9c:a0:de:39:fe:ec:3b:72:
4b:82:95:0e:c5:bc:4d:8e:e4:21:e3:ca:ac:b2:d3:
14:d0:f4:73:9d:93:b3:b6:30:49:39:53:de:0a:a9:
55:70:34:1d:e1:13:17:04:38:c2:5d:d1:ca:69:37:
b1:ca:30:0a:a3:4f:53:91:f1:fd:77:fd:f8:d6:fe:
53:33:24:95:93:3b:d1:77:44:1d:6a:8c:9d:80:8a:
96:bb:2e:01:85:f6:6f:15:0a:f7:66:cc:ca:6d:38:
d7:76:61:a8:39:db:88:f7:46:f9:bf:7f:36:45:9d:
00:3c:0c:08:97:2d:ae:7f:84:dc:aa:f0:3b:25:fe:
cf:98:67:7b:ce:62:ec:7d:e9:e8:78:31:a3:bc:f3:
e9:68:d3:91:93:32:31:8e:93:65:2f:ca:fd:79:33:
a8:19:a8:13:db:13:7e:b3:d5:78:7e:23:20:de:e8:
36:bb:53:de:f3:c6:0b:c9:25:01:a2:47:84:7a:5a:
9e:d6:6b:4d:95:98:f5:36:7e:47:d4:f5:a0:95:6f:
8b:ea:c2:da:35:5c:c2:95:17:36:b6:6e:bd:ca:b5:
c7:af:d7:5d:c6:40:33:cc:8e:d9:91:27:a0:17:6f:
b2:29:02:ce:c5:39:b8:8d:59:37:9e:62:ad:59:9c:
d2:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:15:F4:2D:A6:07:AB:CF:62:03:6E:EA:D2:81:C4:6E:A1:9B:54:36
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/IBX0LaYHq89iA27q0oHEbqGbVDY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
66:9f:14:42:95:cc:6e:42:7a:e5:5d:08:c5:0d:e9:e9:e7:33:
13:af:4c:6c:c0:d0:c5:8e:c6:3d:aa:55:9e:5f:ec:c7:b4:63:
ec:d9:3a:ad:22:19:43:77:d4:41:4c:28:e1:f7:7f:eb:d7:97:
90:d4:28:e7:94:9a:11:93:e8:eb:05:bb:d9:cf:73:60:ba:55:
e4:8b:48:76:3e:24:36:35:3d:c1:43:3a:45:ca:ac:e7:c3:34:
07:0f:ec:8f:fc:f8:e5:55:60:cd:ba:66:8c:18:00:57:d9:c6:
8a:55:12:81:99:fc:aa:5d:1c:cf:09:30:25:97:d9:59:3b:40:
69:56:02:19:62:66:f2:98:31:9a:28:0a:76:da:4c:64:95:7d:
f3:20:00:82:2c:fc:c2:32:1a:e9:27:e8:a8:c1:f5:a2:8b:6a:
0b:06:44:ff:9c:9a:92:bf:3a:c0:7a:fa:81:fe:a1:35:aa:01:
8a:0a:bf:53:ed:e0:14:23:91:73:12:78:65:82:04:e7:38:77:
54:a8:e5:9b:0a:80:f6:9a:06:4e:fd:7c:78:29:09:74:76:c2:
29:7e:0a:db:a4:bf:9e:9b:7b:5c:b1:9a:c4:95:f1:fa:e3:e5:
57:d6:71:30:11:c0:7c:a1:28:e9:bc:ae:b5:56:ab:6d:d7:04:
a9:63:a9:85
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIWAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUw
MTA4NTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDIwMTVGNDJEQTYwN0FC
Q0Y2MjAzNkVFQUQyODFDNDZFQTE5QjU0MzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXCemycnqcoN45/uw7ckuClQ7FvE2O5CHjyqyy0xTQ9HOdk7O2
MEk5U94KqVVwNB3hExcEOMJd0cppN7HKMAqjT1OR8f13/fjW/lMzJJWTO9F3RB1q
jJ2Aipa7LgGF9m8VCvdmzMptONd2Yag524j3Rvm/fzZFnQA8DAiXLa5/hNyq8Dsl
/s+YZ3vOYux96eh4MaO88+lo05GTMjGOk2Uvyv15M6gZqBPbE36z1Xh+IyDe6Da7
U97zxgvJJQGiR4R6Wp7Wa02VmPU2fkfU9aCVb4vqwto1XMKVFza2br3Ktcev113G
QDPMjtmRJ6AXb7IpAs7FObiNWTeeYq1ZnNLtAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUIBX0LaYHq89iA27q0oHEbqGbVDYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvSUJYMExhWUhxODlp
QTI3cTBvSEVicUdiVkRZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGafFEKVzG5CeuVdCMUN6ennMxOv
TGzA0MWOxj2qVZ5f7Me0Y+zZOq0iGUN31EFMKOH3f+vXl5DUKOeUmhGT6OsFu9nP
c2C6VeSLSHY+JDY1PcFDOkXKrOfDNAcP7I/8+OVVYM26ZowYAFfZxopVEoGZ/Kpd
HM8JMCWX2Vk7QGlWAhliZvKYMZooCnbaTGSVffMgAIIs/MIyGukn6KjB9aKLagsG
RP+cmpK/OsB6+oH+oTWqAYoKv1Pt4BQjkXMSeGWCBOc4d1So5ZsKgPaaBk79fHgp
CXR2wil+Ctukv56be1yxmsSV8frj5VfWcTARwHyhKOm8rrVWq23XBKljqYU=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:14:05 2025 by rpki-client