Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/IUC3T0zP2MFh41UHgtnQ5-h8ykY.roa
File: IUC3T0zP2MFh41UHgtnQ5-h8ykY.roa (raw, json)
Hash identifier: fRHIghdGGHSaAAxCsdcWfutEB7zIOP/iArrRgru4MgI=
Subject key identifier: 21:40:B7:4F:4C:CF:D8:C1:61:E3:55:07:82:D9:D0:E7:E8:7C:CA:46
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 20E2
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/IUC3T0zP2MFh41UHgtnQ5-h8ykY.roa
Signing time: Wed 04 Jun 2025 04:08:39 +0000
ROA not before: Wed 04 Jun 2025 04:08:39 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8418 (0x20e2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 4 04:08:39 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2140B74F4CCFD8C161E3550782D9D0E7E87CCA46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:75:fc:5a:ba:f2:e2:fe:e3:d6:f2:a2:0c:2a:
fa:fd:92:2c:4b:82:5b:76:9e:74:d9:ff:cc:40:2c:
ca:52:04:56:9b:5a:fa:35:c5:11:51:22:8f:98:55:
00:ba:1a:e6:12:b3:43:b5:56:7a:c1:aa:39:11:e1:
50:06:78:4c:a0:51:0d:9b:75:af:0b:66:26:0d:ad:
d8:a9:26:fe:a4:56:7f:ee:e8:7f:a5:cd:4a:09:79:
ee:0f:4d:f1:75:fe:41:b4:f9:39:1f:51:69:70:fd:
6a:4f:d6:d1:08:68:06:40:8e:55:b0:44:3f:6a:65:
2e:98:83:7d:d6:69:f9:13:61:55:de:c4:e8:4b:bf:
43:6f:c5:02:9f:05:9a:c0:6c:de:17:7a:cf:09:b4:
a4:c3:86:e1:e1:bc:a8:af:3c:30:e8:9a:d9:0d:17:
86:9c:9c:8d:24:1e:05:b8:38:a2:86:24:07:d4:e4:
27:03:db:59:e2:d6:4b:47:a1:b5:1a:5c:50:e5:89:
63:54:06:ef:d5:be:fd:56:39:b2:b5:20:3b:43:ad:
e9:84:77:1a:76:37:fb:9e:ae:86:b0:8b:0b:ad:4d:
4a:9a:a6:bc:49:4a:3d:82:57:2c:47:5c:7c:01:6c:
55:0b:fa:a3:d1:02:08:34:bc:48:d4:a7:d2:59:90:
a5:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:40:B7:4F:4C:CF:D8:C1:61:E3:55:07:82:D9:D0:E7:E8:7C:CA:46
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/IUC3T0zP2MFh41UHgtnQ5-h8ykY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
18:75:4c:b5:c7:f1:3f:f1:ea:31:2f:e5:4d:f9:86:b9:f3:a4:
b8:54:59:59:bf:8d:38:85:c6:e4:13:66:c1:7e:e7:b6:99:d7:
2b:41:d8:02:20:f6:a3:9d:fd:5c:14:31:04:3f:c1:ed:ab:72:
bb:23:ee:7c:05:ba:6e:6b:56:f7:89:98:f9:06:6a:80:2c:14:
3e:ac:c1:2c:4b:1e:3f:0c:5c:87:77:fc:ef:2b:4a:28:47:eb:
20:16:3d:c9:10:1f:66:ff:b1:43:51:b5:47:97:b4:6b:93:ed:
79:a3:78:19:98:be:de:3f:5d:3e:35:1e:8e:51:be:1d:6f:26:
87:29:0e:79:b1:22:03:f6:50:3c:49:bc:05:ec:0d:19:34:20:
92:4c:ed:e0:31:71:d3:2c:d4:45:95:00:7f:d0:bd:ac:c7:96:
77:c4:aa:24:ef:60:4e:0e:82:39:6c:38:bc:24:e9:3e:ee:d0:
79:32:f8:f6:00:49:54:6a:74:16:c5:c5:e4:66:36:9d:b2:1f:
06:1a:69:ee:84:d6:8b:55:67:a1:18:1e:7a:a1:65:c9:51:7d:
6b:92:55:fa:58:8c:74:6a:6d:b6:7d:d0:dd:e0:b9:6e:73:63:
60:09:f6:c8:57:2f:f9:fe:b2:18:77:5a:fc:d5:e2:66:f0:0f:
ce:59:e9:ba
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIOIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDQw
NDA4MzlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDIxNDBCNzRGNENDRkQ4
QzE2MUUzNTUwNzgyRDlEMEU3RTg3Q0NBNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1dfxauvLi/uPW8qIMKvr9kixLglt2nnTZ/8xALMpSBFabWvo1
xRFRIo+YVQC6GuYSs0O1VnrBqjkR4VAGeEygUQ2bda8LZiYNrdipJv6kVn/u6H+l
zUoJee4PTfF1/kG0+TkfUWlw/WpP1tEIaAZAjlWwRD9qZS6Yg33WafkTYVXexOhL
v0NvxQKfBZrAbN4Xes8JtKTDhuHhvKivPDDomtkNF4acnI0kHgW4OKKGJAfU5CcD
21ni1ktHobUaXFDliWNUBu/Vvv1WObK1IDtDremEdxp2N/ueroawiwutTUqaprxJ
Sj2CVyxHXHwBbFUL+qPRAgg0vEjUp9JZkKV7AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUIUC3T0zP2MFh41UHgtnQ5+h8ykYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvSVVDM1QwelAyTUZo
NDFVSGd0blE1LWg4eWtZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABh1TLXH8T/x6jEv5U35hrnzpLhU
WVm/jTiFxuQTZsF+57aZ1ytB2AIg9qOd/VwUMQQ/we2rcrsj7nwFum5rVveJmPkG
aoAsFD6swSxLHj8MXId3/O8rSihH6yAWPckQH2b/sUNRtUeXtGuT7XmjeBmYvt4/
XT41Ho5Rvh1vJocpDnmxIgP2UDxJvAXsDRk0IJJM7eAxcdMs1EWVAH/QvazHlnfE
qiTvYE4OgjlsOLwk6T7u0Hky+PYASVRqdBbFxeRmNp2yHwYaae6E1otVZ6EYHnqh
ZclRfWuSVfpYjHRqbbZ90N3guW5zY2AJ9shXL/n+shh3WvzV4mbwD85Z6bo=
-----END CERTIFICATE-----
Generated at Sat Jun 21 22:49:07 2025 by rpki-client