Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/KFEWPSjkSUWtNFEvCBEYvqFoIJA.roa
File: KFEWPSjkSUWtNFEvCBEYvqFoIJA.roa (raw, json)
Hash identifier: SNBn2rOI/8pp4sYHm7XYn7aj389rqyOsH0xBqcI5ld4=
Subject key identifier: 28:51:16:3D:28:E4:49:45:AD:34:51:2F:08:11:18:BE:A1:68:20:90
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2583
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/KFEWPSjkSUWtNFEvCBEYvqFoIJA.roa
Signing time: Thu 12 Jun 2025 09:39:12 +0000
ROA not before: Thu 12 Jun 2025 09:39:12 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9603 (0x2583)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 09:39:12 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2851163D28E44945AD34512F081118BEA1682090
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:ea:8c:c6:54:80:73:16:ff:c5:82:3c:a3:8e:
a3:a1:1b:96:20:bb:87:bc:7c:28:4f:47:44:c1:d3:
37:ea:44:80:7d:db:2b:da:df:0d:e8:5d:af:09:53:
2d:d6:9d:0c:9f:55:69:62:21:f5:2a:dd:9a:66:73:
50:7f:f0:6a:46:e4:39:fd:95:fb:9f:6b:dd:b9:c4:
31:fc:0e:81:d0:c7:5b:10:8c:d6:76:63:c6:20:a8:
77:9e:89:a6:39:ea:46:a9:4a:07:34:6f:3c:13:96:
2f:49:f6:f6:01:7d:76:6d:5c:20:ae:eb:be:a3:26:
96:90:c7:70:a4:1d:e1:63:a8:10:fe:1d:73:2c:16:
88:7b:61:0b:15:2a:8f:7b:f0:8a:1a:d3:a4:2f:06:
40:36:39:32:5f:86:c6:1c:29:08:d2:48:09:ba:92:
68:8d:56:fd:5a:bb:14:21:b8:08:1f:75:b7:4a:b3:
e1:12:bb:dd:0a:d0:76:55:38:55:dd:bd:69:2d:8e:
30:e5:20:04:f4:b2:36:1a:a5:01:95:23:31:ee:e4:
e1:fc:27:28:73:b1:31:cf:b6:0e:8a:fc:a6:e2:bd:
4c:b1:d4:57:f5:43:a7:cb:89:1a:36:b1:37:68:75:
7a:5c:56:7f:bd:a1:81:35:c3:fe:0d:44:7f:7b:ff:
8c:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:51:16:3D:28:E4:49:45:AD:34:51:2F:08:11:18:BE:A1:68:20:90
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/KFEWPSjkSUWtNFEvCBEYvqFoIJA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
b2:28:d9:f7:13:ff:9e:06:75:b9:73:6f:50:41:a9:34:df:da:
2a:24:4e:f1:2e:67:5c:c9:61:86:d7:0a:9f:f7:3f:9f:d2:e6:
7b:54:50:57:12:79:26:9c:6b:da:ca:a2:73:7f:7b:6b:bb:6b:
9e:fc:c8:4a:52:6d:f9:01:4f:c7:e2:46:6f:6e:53:e4:d5:b7:
23:11:60:22:fa:1a:d8:90:18:b8:6a:7f:2e:3f:5f:a6:d7:30:
f8:39:3f:c8:41:88:34:d7:26:91:9f:8f:53:63:e2:84:b1:19:
c6:00:ce:c2:e3:b9:b4:f9:be:73:01:1f:f8:81:0e:22:9a:f7:
2f:11:f0:2c:e0:da:17:b1:64:fd:fb:ff:37:a9:94:11:60:95:
96:d0:4c:ef:f1:52:b3:52:d1:86:76:bb:b9:3f:c0:e0:94:7b:
8b:2d:93:d6:f9:6a:34:fe:a6:a8:9c:57:b7:96:f7:61:5f:30:
96:fe:0a:e4:46:e6:fb:7d:46:c4:99:71:d8:29:e1:f3:08:76:
88:6d:5a:fc:f4:d9:f5:5e:ee:65:2e:30:d9:05:65:25:14:a1:
dc:fd:de:49:8f:17:bb:67:36:93:c6:c2:ba:15:9c:c9:04:b0:
64:24:bc:21:df:2e:02:bd:5f:24:70:57:5b:a9:e8:a7:b7:40:
9e:18:9b:a9
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJYMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIw
OTM5MTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDI4NTExNjNEMjhFNDQ5
NDVBRDM0NTEyRjA4MTExOEJFQTE2ODIwOTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCf6ozGVIBzFv/FgjyjjqOhG5Ygu4e8fChPR0TB0zfqRIB92yva
3w3oXa8JUy3WnQyfVWliIfUq3Zpmc1B/8GpG5Dn9lfufa925xDH8DoHQx1sQjNZ2
Y8YgqHeeiaY56kapSgc0bzwTli9J9vYBfXZtXCCu676jJpaQx3CkHeFjqBD+HXMs
Foh7YQsVKo978Ioa06QvBkA2OTJfhsYcKQjSSAm6kmiNVv1auxQhuAgfdbdKs+ES
u90K0HZVOFXdvWktjjDlIAT0sjYapQGVIzHu5OH8JyhzsTHPtg6K/KbivUyx1Ff1
Q6fLiRo2sTdodXpcVn+9oYE1w/4NRH97/4zJAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUKFEWPSjkSUWtNFEvCBEYvqFoIJAwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvS0ZFV1BTamtTVVd0
TkZFdkNCRVl2cUZvSUpBLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALIo2fcT/54Gdblzb1BBqTTf2iok
TvEuZ1zJYYbXCp/3P5/S5ntUUFcSeSaca9rKonN/e2u7a578yEpSbfkBT8fiRm9u
U+TVtyMRYCL6GtiQGLhqfy4/X6bXMPg5P8hBiDTXJpGfj1Nj4oSxGcYAzsLjubT5
vnMBH/iBDiKa9y8R8Czg2hexZP37/zeplBFglZbQTO/xUrNS0YZ2u7k/wOCUe4st
k9b5ajT+pqicV7eW92FfMJb+CuRG5vt9RsSZcdgp4fMIdohtWvz02fVe7mUuMNkF
ZSUUodz93kmPF7tnNpPGwroVnMkEsGQkvCHfLgK9XyRwV1up6Ke3QJ4Ym6k=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:55:47 2025 by rpki-client