Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/JyQHxQTMc8Z_CRGQnbjunAxxyfs.roa
File: JyQHxQTMc8Z_CRGQnbjunAxxyfs.roa (raw, json)
Hash identifier: qVQXa9sjw0z2ZB9HtX+tPsL3UWZpT3oMOxv9H6aN8xE=
Subject key identifier: 27:24:07:C5:04:CC:73:C6:7F:09:11:90:9D:B8:EE:9C:0C:71:C9:FB
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1F58
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/JyQHxQTMc8Z_CRGQnbjunAxxyfs.roa
Signing time: Sun 01 Jun 2025 10:38:34 +0000
ROA not before: Sun 01 Jun 2025 10:38:34 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8024 (0x1f58)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 1 10:38:34 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=272407C504CC73C67F0911909DB8EE9C0C71C9FB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:1e:b7:d5:6c:64:37:34:23:d7:95:12:cb:da:
90:1d:ff:40:87:6d:15:55:19:1c:f2:5c:91:1e:76:
4b:99:a3:50:93:ef:d4:7b:46:f0:ed:1b:cf:32:2b:
20:24:d4:56:b3:aa:6c:29:e4:c7:d7:83:bb:65:2c:
ef:5e:7a:b3:d6:e8:b1:3e:09:a3:b8:85:66:76:6f:
d6:de:42:2f:6c:e9:a3:75:cc:12:a5:cf:db:8a:78:
65:16:04:47:fd:dd:7f:62:76:aa:2e:b5:a5:ac:61:
90:39:12:01:a4:dc:a1:51:05:2a:05:c9:a6:a7:2c:
fa:f7:37:cf:63:59:c0:65:f2:64:85:1b:8b:61:d7:
e3:e4:b9:31:90:96:25:4c:67:26:38:9b:f7:74:e2:
b1:55:7c:ba:e5:d3:82:9b:8a:0e:e8:04:37:c1:1f:
a1:7d:04:47:e7:a0:86:89:fb:db:dc:64:90:3e:f2:
5d:62:fb:53:46:57:b8:1d:bd:3a:bf:f7:5f:57:68:
76:2d:08:31:fe:38:48:8d:52:9d:5b:21:e9:d5:3b:
6f:75:cb:c4:4d:78:15:82:60:ad:28:37:3d:c0:9b:
34:06:b8:b9:d8:d5:8f:72:b6:13:b9:07:4e:2e:5c:
d3:b0:75:f9:eb:e8:2a:3e:62:16:22:1d:5c:a4:55:
89:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:24:07:C5:04:CC:73:C6:7F:09:11:90:9D:B8:EE:9C:0C:71:C9:FB
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/JyQHxQTMc8Z_CRGQnbjunAxxyfs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
80:5b:da:f8:f5:1f:9f:f1:61:37:50:fe:7d:7e:1a:ec:f8:e5:
72:d5:07:07:33:17:9d:49:e6:44:94:3d:10:15:e5:d1:5a:68:
ff:04:15:da:2d:67:ca:f4:5e:f0:02:27:25:cc:2a:66:b8:51:
0e:0d:82:68:b2:9a:10:ee:71:38:c1:0c:b6:74:7a:af:cb:f2:
bd:c5:07:e8:e3:dc:bb:52:84:2a:da:c2:11:f9:63:d3:b4:79:
8e:13:8b:66:c7:bd:82:5a:a2:f8:7c:1b:a0:50:2b:38:e8:69:
3b:8b:75:24:2d:78:83:91:a0:02:5a:2a:7f:5f:a5:0b:4a:33:
01:0a:5a:e1:07:dd:d3:57:f3:76:bc:e3:bf:d5:a1:b4:8c:15:
0c:a7:a3:31:7e:cb:43:36:04:11:a5:e6:08:2e:71:7f:9c:2e:
bb:1a:08:42:c0:6d:59:93:94:15:ec:8f:3c:a9:70:96:8c:33:
77:b0:d6:df:c2:e1:fd:4f:fc:78:2d:5c:b7:e0:54:9b:d3:a6:
a5:85:d1:60:7f:67:2f:17:04:27:0b:b1:8c:fd:4e:8e:1d:98:
86:9b:c0:2e:82:16:53:6c:6a:9e:05:a0:75:49:dd:ab:68:26:
c9:26:91:7d:0b:3a:c7:bd:27:cf:7e:0d:f9:e4:67:fb:b8:ea:
dd:59:e7:38
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICH1gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDEx
MDM4MzRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDI3MjQwN0M1MDRDQzcz
QzY3RjA5MTE5MDlEQjhFRTlDMEM3MUM5RkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCeHrfVbGQ3NCPXlRLL2pAd/0CHbRVVGRzyXJEedkuZo1CT79R7
RvDtG88yKyAk1Fazqmwp5MfXg7tlLO9eerPW6LE+CaO4hWZ2b9beQi9s6aN1zBKl
z9uKeGUWBEf93X9idqoutaWsYZA5EgGk3KFRBSoFyaanLPr3N89jWcBl8mSFG4th
1+PkuTGQliVMZyY4m/d04rFVfLrl04Kbig7oBDfBH6F9BEfnoIaJ+9vcZJA+8l1i
+1NGV7gdvTq/919XaHYtCDH+OEiNUp1bIenVO291y8RNeBWCYK0oNz3AmzQGuLnY
1Y9ythO5B04uXNOwdfnr6Co+YhYiHVykVYl5AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUJyQHxQTMc8Z/CRGQnbjunAxxyfswHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvSnlRSHhRVE1jOFpf
Q1JHUW5ianVuQXh4eWZzLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAIBb2vj1H5/xYTdQ/n1+Guz45XLV
BwczF51J5kSUPRAV5dFaaP8EFdotZ8r0XvACJyXMKma4UQ4NgmiymhDucTjBDLZ0
eq/L8r3FB+jj3LtShCrawhH5Y9O0eY4Ti2bHvYJaovh8G6BQKzjoaTuLdSQteIOR
oAJaKn9fpQtKMwEKWuEH3dNX83a847/VobSMFQynozF+y0M2BBGl5ggucX+cLrsa
CELAbVmTlBXsjzypcJaMM3ew1t/C4f1P/HgtXLfgVJvTpqWF0WB/Zy8XBCcLsYz9
To4dmIabwC6CFlNsap4FoHVJ3atoJskmkX0LOse9J89+DfnkZ/u46t1Z5zg=
-----END CERTIFICATE-----
Generated at Sun Jun 22 08:20:36 2025 by rpki-client