Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/JyX8RT_qHL0cf_ZwjC0e9rpux7k.roa
File: JyX8RT_qHL0cf_ZwjC0e9rpux7k.roa (raw, json)
Hash identifier: Xi0YKMXtCoYmmRwKpfS5m+G158IY6E2D/lM31zeNqO4=
Subject key identifier: 27:25:FC:45:3F:EA:1C:BD:1C:7F:F6:70:8C:2D:1E:F6:BA:6E:C7:B9
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 21C0
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/JyX8RT_qHL0cf_ZwjC0e9rpux7k.roa
Signing time: Thu 05 Jun 2025 17:08:47 +0000
ROA not before: Thu 05 Jun 2025 17:08:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8640 (0x21c0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 17:08:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2725FC453FEA1CBD1C7FF6708C2D1EF6BA6EC7B9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:61:db:d4:43:44:52:a5:18:69:9d:87:33:1a:
89:2f:5c:72:8c:ee:ec:3b:17:03:70:a4:ff:4a:7b:
c3:a0:8e:53:06:b9:5a:d2:52:57:d7:5b:95:9a:50:
e8:f9:31:21:16:1d:ea:bc:0f:ad:64:22:39:7a:78:
86:d8:32:99:18:99:05:33:b5:04:0c:16:5d:bc:5e:
06:12:b4:91:8a:20:89:65:18:1f:4d:9e:3b:20:49:
fd:77:90:9e:f2:21:47:62:bf:b5:fe:f7:ce:0b:d0:
35:cc:f0:97:90:3d:a9:67:5a:78:d9:dc:bd:39:08:
04:72:bd:94:c2:0b:2a:23:40:76:7e:24:bc:05:c2:
45:c4:58:ae:2c:ca:7f:48:27:e5:43:56:f8:f8:81:
12:c0:b9:94:c1:f3:cd:3e:d7:d6:40:48:1d:ed:78:
dc:04:72:63:8d:c8:e6:f6:ee:4d:15:9b:25:00:47:
12:d5:a8:23:fd:6a:6c:2b:26:a7:9e:74:9d:38:a8:
71:21:a9:cd:f9:67:51:7c:62:25:e9:20:cb:52:d5:
49:05:e1:1a:17:51:bd:51:f3:5c:31:02:3f:4d:6c:
5c:75:f0:cc:1a:a1:90:da:4e:0b:82:fa:f5:0e:22:
27:0e:24:64:39:96:c5:f5:5a:f7:ae:48:2a:5d:f0:
63:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:25:FC:45:3F:EA:1C:BD:1C:7F:F6:70:8C:2D:1E:F6:BA:6E:C7:B9
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/JyX8RT_qHL0cf_ZwjC0e9rpux7k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
32:5b:84:db:eb:44:39:ec:60:7e:02:fb:f7:76:ed:6c:11:fd:
a5:07:cc:b3:0f:fe:84:4f:20:53:62:0c:52:14:d7:de:f4:6a:
54:5d:6a:15:82:04:c8:14:2b:7d:df:f2:ac:96:8e:c1:dd:df:
8c:a8:df:a7:64:31:e0:44:65:04:f5:98:03:50:57:1a:48:5b:
a8:87:73:d0:82:1b:07:75:3d:cb:3f:d2:37:bd:23:2f:70:b6:
21:f6:97:ec:b4:4c:03:e4:58:fe:7f:37:4c:dd:17:56:6a:e9:
bd:43:38:de:5b:88:02:50:1b:90:3d:4c:7e:be:3d:77:fd:29:
8b:d1:e8:54:a7:c9:7e:5b:15:d7:dd:9b:3f:3d:bb:00:73:28:
be:f5:da:c9:92:30:56:9e:c5:86:ec:ae:2f:12:a3:f7:79:76:
74:ed:c2:c5:fd:ea:10:69:b1:d7:17:1e:3f:e4:4c:26:c3:da:
b4:79:5d:0d:4d:61:cb:1c:91:38:84:12:a7:17:d5:cc:fc:12:
14:25:d3:b0:e8:d3:e2:aa:b4:7d:c6:f2:cd:02:92:46:a1:8e:
5a:82:f9:41:09:d7:9a:57:65:2d:ea:f6:f5:8a:05:19:fa:73:
35:15:67:3a:e5:31:4e:d3:a3:cf:3b:a6:29:7a:b3:c4:74:c7:
b0:89:e8:f2
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIcAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUx
NzA4NDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDI3MjVGQzQ1M0ZFQTFD
QkQxQzdGRjY3MDhDMkQxRUY2QkE2RUM3QjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDpYdvUQ0RSpRhpnYczGokvXHKM7uw7FwNwpP9Ke8OgjlMGuVrS
UlfXW5WaUOj5MSEWHeq8D61kIjl6eIbYMpkYmQUztQQMFl28XgYStJGKIIllGB9N
njsgSf13kJ7yIUdiv7X+984L0DXM8JeQPalnWnjZ3L05CARyvZTCCyojQHZ+JLwF
wkXEWK4syn9IJ+VDVvj4gRLAuZTB880+19ZASB3teNwEcmONyOb27k0VmyUARxLV
qCP9amwrJqeedJ04qHEhqc35Z1F8YiXpIMtS1UkF4RoXUb1R81wxAj9NbFx18Mwa
oZDaTguC+vUOIicOJGQ5lsX1WveuSCpd8GNtAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUJyX8RT/qHL0cf/ZwjC0e9rpux7kwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvSnlYOFJUX3FITDBj
Zl9ad2pDMGU5cnB1eDdrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBADJbhNvrRDnsYH4C+/d27WwR/aUH
zLMP/oRPIFNiDFIU1970alRdahWCBMgUK33f8qyWjsHd34yo36dkMeBEZQT1mANQ
VxpIW6iHc9CCGwd1Pcs/0je9Iy9wtiH2l+y0TAPkWP5/N0zdF1Zq6b1DON5biAJQ
G5A9TH6+PXf9KYvR6FSnyX5bFdfdmz89uwBzKL712smSMFaexYbsri8So/d5dnTt
wsX96hBpsdcXHj/kTCbD2rR5XQ1NYcsckTiEEqcX1cz8EhQl07Do0+KqtH3G8s0C
kkahjlqC+UEJ15pXZS3q9vWKBRn6czUVZzrlMU7To887pil6s8R0x7CJ6PI=
-----END CERTIFICATE-----
Generated at Sat Jun 21 12:19:49 2025 by rpki-client