Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/JSmrYJeytyf_rIpKZVi9NHvgUBI.roa
File: JSmrYJeytyf_rIpKZVi9NHvgUBI.roa (raw, json)
Hash identifier: FBMCg6bBz6V39wRwt/uDMW+Caje/pqxpdIJvdjm2CEM=
Subject key identifier: 25:29:AB:60:97:B2:B7:27:FF:AC:8A:4A:65:58:BD:34:7B:E0:50:12
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 21FF
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/JSmrYJeytyf_rIpKZVi9NHvgUBI.roa
Signing time: Fri 06 Jun 2025 03:38:47 +0000
ROA not before: Fri 06 Jun 2025 03:38:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8703 (0x21ff)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 6 03:38:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2529AB6097B2B727FFAC8A4A6558BD347BE05012
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:4a:a5:37:67:7c:ca:78:34:3f:60:8a:05:66:
6d:3d:70:fa:88:57:7a:68:f2:8a:f0:32:b8:2e:fc:
cf:8a:ac:55:ca:5d:4f:bf:7c:bf:b5:e4:ee:78:a6:
bb:64:06:e3:a5:4e:2c:9b:2e:7c:97:c5:c3:67:cd:
be:94:21:0e:36:37:63:94:42:7f:2f:df:83:ce:06:
b7:f2:e0:1e:98:a7:f8:c5:6a:c0:05:2c:a8:e9:b2:
cf:a6:87:6f:62:af:ea:cd:c5:44:70:d6:0f:46:9e:
9a:f6:a1:2b:ac:1d:87:08:8e:5c:2a:2b:8d:43:5f:
bd:29:18:3a:9c:9e:a2:91:51:77:9c:8e:76:8f:11:
69:c9:1d:b1:19:17:a3:c2:1c:72:dd:e3:64:41:92:
5d:fe:1b:3a:91:0c:b7:6e:86:14:52:7c:2b:53:b2:
49:c0:1a:32:db:56:03:dd:08:a1:ea:21:5c:e5:ea:
93:a2:ca:14:54:7b:5a:40:67:52:5b:e2:23:b3:f5:
0c:f4:2b:5d:ec:3b:9e:d0:9f:b9:cf:22:69:7e:6b:
1d:18:c0:c0:be:da:5d:93:e4:ac:1f:74:fa:c5:e7:
e1:68:56:06:c9:35:eb:aa:92:c2:51:c9:74:e0:db:
5d:37:c5:89:de:68:a7:ef:c1:69:63:88:17:fd:20:
d6:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:29:AB:60:97:B2:B7:27:FF:AC:8A:4A:65:58:BD:34:7B:E0:50:12
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/JSmrYJeytyf_rIpKZVi9NHvgUBI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
4b:51:e8:df:18:2f:11:e3:30:92:d0:12:71:c1:cc:48:48:2f:
1d:59:0f:21:54:92:33:91:d6:3e:75:88:7e:a8:2a:6d:22:96:
1e:19:8a:e9:5a:d4:c5:40:ce:b9:45:b4:e6:62:b1:94:d6:2b:
9f:2e:27:d6:75:61:8a:c3:6e:06:19:de:da:9d:bc:fe:c7:ca:
37:35:de:b2:3f:dd:76:94:e5:b3:06:be:f8:88:3e:b0:fe:f3:
b9:a7:5a:53:44:49:f3:02:2e:21:d8:9e:e3:0a:cc:dd:d7:46:
4d:ce:5b:ff:8d:e7:6e:69:9a:b8:65:4b:f6:4a:b5:7f:6c:8e:
8c:72:c5:8c:b5:cb:7a:67:34:1d:7d:07:cb:e0:b8:92:82:da:
c7:dd:00:0c:60:67:0b:bc:05:eb:16:f3:d2:63:29:cd:af:ac:
db:00:70:ec:e9:18:22:0a:e7:20:02:e8:fc:5d:a8:96:ff:7f:
5f:97:a5:b7:a7:15:00:7f:94:e3:0a:f1:cd:95:3f:81:ab:93:
80:2e:4d:c9:ef:d4:af:2b:c2:f0:5e:9b:5c:e2:b6:57:f4:1b:
25:c7:4d:dd:b7:5f:96:d8:e1:69:b4:ea:3c:2d:16:44:24:34:
78:9b:17:99:a6:9f:cd:d8:a8:5f:69:ce:27:98:bb:06:80:30:
c9:60:d4:af
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIf8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDYw
MzM4NDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDI1MjlBQjYwOTdCMkI3
MjdGRkFDOEE0QTY1NThCRDM0N0JFMDUwMTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDSqU3Z3zKeDQ/YIoFZm09cPqIV3po8orwMrgu/M+KrFXKXU+/
fL+15O54prtkBuOlTiybLnyXxcNnzb6UIQ42N2OUQn8v34POBrfy4B6Yp/jFasAF
LKjpss+mh29ir+rNxURw1g9Gnpr2oSusHYcIjlwqK41DX70pGDqcnqKRUXecjnaP
EWnJHbEZF6PCHHLd42RBkl3+GzqRDLduhhRSfCtTsknAGjLbVgPdCKHqIVzl6pOi
yhRUe1pAZ1Jb4iOz9Qz0K13sO57Qn7nPIml+ax0YwMC+2l2T5KwfdPrF5+FoVgbJ
NeuqksJRyXTg2103xYneaKfvwWljiBf9INYxAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUJSmrYJeytyf/rIpKZVi9NHvgUBIwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvSlNtcllKZXl0eWZf
cklwS1pWaTlOSHZnVUJJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAEtR6N8YLxHjMJLQEnHBzEhILx1Z
DyFUkjOR1j51iH6oKm0ilh4Ziula1MVAzrlFtOZisZTWK58uJ9Z1YYrDbgYZ3tqd
vP7Hyjc13rI/3XaU5bMGvviIPrD+87mnWlNESfMCLiHYnuMKzN3XRk3OW/+N525p
mrhlS/ZKtX9sjoxyxYy1y3pnNB19B8vguJKC2sfdAAxgZwu8BesW89JjKc2vrNsA
cOzpGCIK5yAC6PxdqJb/f1+XpbenFQB/lOMK8c2VP4Grk4AuTcnv1K8rwvBem1zi
tlf0GyXHTd23X5bY4Wm06jwtFkQkNHibF5mmn83YqF9pzieYuwaAMMlg1K8=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:20:42 2025 by rpki-client