Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/JaQ8b_eMTw7VMG194uQj7lwVsjU.roa
File: JaQ8b_eMTw7VMG194uQj7lwVsjU.roa (raw, json)
Hash identifier: YXpwJkXLPex2N0WDgH4JxjipOeWIsCJ8BMcNJre538I=
Subject key identifier: 25:A4:3C:6F:F7:8C:4F:0E:D5:30:6D:7D:E2:E4:23:EE:5C:15:B2:35
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2087
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/JaQ8b_eMTw7VMG194uQj7lwVsjU.roa
Signing time: Tue 03 Jun 2025 13:08:39 +0000
ROA not before: Tue 03 Jun 2025 13:08:39 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8327 (0x2087)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 3 13:08:39 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=25A43C6FF78C4F0ED5306D7DE2E423EE5C15B235
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:21:8f:c1:5d:85:0a:60:97:08:e4:c8:85:4b:
81:88:cd:88:a3:96:3b:87:f2:fb:06:fd:e2:a6:84:
cb:35:62:21:f1:db:de:62:0c:a5:f7:46:79:05:a7:
ef:78:f1:e4:52:0b:88:84:0c:1a:a7:d2:5f:7f:e6:
60:70:aa:46:34:24:09:28:c5:63:b2:a5:92:f1:a3:
7f:cc:10:b4:f1:25:c5:fd:38:0e:3b:28:24:71:8a:
4e:16:17:6b:57:dd:26:50:39:41:2a:3e:5f:11:8f:
f2:9c:26:db:3c:e4:45:8f:fa:8c:e2:39:a4:e2:b9:
99:29:47:6b:6b:ec:f2:1f:b3:a4:55:23:9e:77:b6:
30:54:84:5f:30:ed:46:ea:d7:e4:3e:56:d7:15:d0:
09:52:ce:15:82:9b:4b:23:44:3e:00:ec:7e:62:11:
64:3a:a1:7d:27:d2:5c:bf:40:72:4b:66:60:ef:24:
9f:bf:12:ed:17:b9:1a:d6:01:48:97:bc:6b:1d:6a:
d9:05:8d:d3:86:0a:fc:51:80:7e:f5:46:8d:66:4c:
a0:cf:b4:0b:7c:11:a2:38:6b:ca:8a:ca:6f:57:27:
94:17:ee:2a:0b:05:5e:94:c0:4a:e5:1e:6b:28:3e:
76:42:ee:5c:c2:87:d8:5c:46:49:7b:36:de:c3:76:
c8:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:A4:3C:6F:F7:8C:4F:0E:D5:30:6D:7D:E2:E4:23:EE:5C:15:B2:35
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/JaQ8b_eMTw7VMG194uQj7lwVsjU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
9e:cb:d4:c5:b8:b1:12:8c:08:84:4c:a1:be:40:42:17:1b:a1:
e2:d6:f0:c8:d0:c7:61:f5:64:bf:64:da:b7:e9:cc:ba:6c:9e:
65:5a:1b:8e:15:ee:18:e4:d8:34:81:5d:a9:44:69:b4:72:47:
96:d5:3c:c0:f9:52:a9:38:aa:47:d9:11:eb:ed:e2:4e:ee:6e:
ef:cd:c0:af:e0:e1:21:ed:50:7a:f7:07:e5:04:25:61:63:73:
e1:25:2a:80:47:b4:c6:d2:bf:28:4d:ca:0e:14:f5:8f:33:30:
23:dc:18:61:cb:44:57:6f:6d:e8:93:e7:0a:85:b7:21:f4:ed:
aa:27:4a:7e:ba:7d:77:9a:07:58:80:f6:41:a4:1e:f1:f5:77:
58:a1:90:c0:55:73:8a:10:b5:47:e8:ea:1a:f2:fd:d7:87:38:
78:1f:bb:92:c0:93:5f:28:f1:4f:8e:44:63:72:ca:b3:da:81:
0d:27:b7:05:45:02:d6:79:4f:e3:99:6a:e8:2b:fa:2f:26:fc:
13:67:fe:2c:02:c6:5e:d3:fc:71:05:61:c6:55:ad:eb:06:be:
ab:5c:42:64:df:66:17:cb:ae:1d:35:84:fe:87:d8:84:b6:08:
55:8e:33:f8:d2:d6:4a:98:55:6c:c7:56:8c:2d:46:b3:30:11:
15:82:c8:68
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIIcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDMx
MzA4MzlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDI1QTQzQzZGRjc4QzRG
MEVENTMwNkQ3REUyRTQyM0VFNUMxNUIyMzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDkIY/BXYUKYJcI5MiFS4GIzYijljuH8vsG/eKmhMs1YiHx295i
DKX3RnkFp+948eRSC4iEDBqn0l9/5mBwqkY0JAkoxWOypZLxo3/MELTxJcX9OA47
KCRxik4WF2tX3SZQOUEqPl8Rj/KcJts85EWP+oziOaTiuZkpR2tr7PIfs6RVI553
tjBUhF8w7Ubq1+Q+VtcV0AlSzhWCm0sjRD4A7H5iEWQ6oX0n0ly/QHJLZmDvJJ+/
Eu0XuRrWAUiXvGsdatkFjdOGCvxRgH71Ro1mTKDPtAt8EaI4a8qKym9XJ5QX7ioL
BV6UwErlHmsoPnZC7lzCh9hcRkl7Nt7DdsjxAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUJaQ8b/eMTw7VMG194uQj7lwVsjUwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvSmFROGJfZU1UdzdW
TUcxOTR1UWo3bHdWc2pVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAJ7L1MW4sRKMCIRMob5AQhcboeLW
8MjQx2H1ZL9k2rfpzLpsnmVaG44V7hjk2DSBXalEabRyR5bVPMD5Uqk4qkfZEevt
4k7ubu/NwK/g4SHtUHr3B+UEJWFjc+ElKoBHtMbSvyhNyg4U9Y8zMCPcGGHLRFdv
beiT5wqFtyH07aonSn66fXeaB1iA9kGkHvH1d1ihkMBVc4oQtUfo6hry/deHOHgf
u5LAk18o8U+ORGNyyrPagQ0ntwVFAtZ5T+OZaugr+i8m/BNn/iwCxl7T/HEFYcZV
resGvqtcQmTfZhfLrh01hP6H2IS2CFWOM/jS1kqYVWzHVowtRrMwERWCyGg=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:48:43 2025 by rpki-client