Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/KFJe_y9jj1L6CDd1T74HLbtNEI8.roa
File: KFJe_y9jj1L6CDd1T74HLbtNEI8.roa (raw, json)
Hash identifier: KiJZs1a64enMe7dNWX8jruNw5svA1H+TGuVu5SjK/Uw=
Subject key identifier: 28:52:5E:FF:2F:63:8F:52:FA:08:37:75:4F:BE:07:2D:BB:4D:10:8F
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 21DB
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/KFJe_y9jj1L6CDd1T74HLbtNEI8.roa
Signing time: Thu 05 Jun 2025 21:38:50 +0000
ROA not before: Thu 05 Jun 2025 21:38:50 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8667 (0x21db)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 21:38:50 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=28525EFF2F638F52FA0837754FBE072DBB4D108F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:2b:41:a5:ca:47:96:7e:37:0d:8f:d8:f9:7d:
75:f0:b3:fd:49:6f:25:f2:b1:74:2c:60:8e:0f:fa:
e8:d1:77:c9:0d:4d:bb:be:aa:de:4b:df:39:7b:7a:
f2:1d:14:e4:b4:55:84:61:0a:5f:d3:c2:b6:34:3f:
26:53:5f:41:29:61:d3:4b:ca:b0:c7:00:aa:af:cb:
8f:2a:e2:c9:c2:8f:00:92:81:c3:be:c9:a4:31:a0:
60:f1:60:d9:d3:12:fc:b8:ad:d5:24:3a:57:16:84:
67:6e:ed:f1:11:d3:71:af:86:4b:67:74:28:9a:6c:
18:cc:08:c1:a2:18:16:38:74:b5:8f:b6:4c:a9:3e:
61:ad:2f:f3:ad:43:97:53:9c:ec:b0:1e:64:f0:df:
e3:77:35:55:0b:9a:07:2f:41:f6:bf:20:3b:1b:c3:
23:5c:b3:b0:5f:82:9e:6d:d5:dd:50:ba:5d:07:b6:
a8:5d:9a:16:b3:59:b0:ff:21:6c:fd:da:94:98:f8:
16:3f:72:de:95:f4:b7:32:64:4f:a3:50:63:2b:86:
b3:79:ea:33:75:b4:59:ce:e5:51:d4:3f:af:a8:8f:
a6:4b:42:ce:05:6c:c5:df:c5:b2:94:00:02:ac:64:
16:1a:a6:1f:01:30:e9:27:8f:62:c6:bd:79:54:07:
2a:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:52:5E:FF:2F:63:8F:52:FA:08:37:75:4F:BE:07:2D:BB:4D:10:8F
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/KFJe_y9jj1L6CDd1T74HLbtNEI8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
a8:f7:05:77:70:62:7c:4e:f3:3e:29:e2:af:ff:be:80:90:53:
f7:ed:73:c9:9a:9a:dc:5b:ed:3e:71:64:b3:2e:33:4c:e8:bb:
16:61:e9:a5:b3:b9:e0:a7:9c:76:a2:23:55:b9:58:c9:3c:fe:
51:ac:0a:8c:3c:6b:82:f6:5a:6d:89:8d:e9:0c:6d:49:2a:6e:
9b:88:1c:4d:ac:77:80:cf:c5:9b:76:be:67:48:21:9a:64:a3:
e4:4b:5f:81:ae:61:42:da:dc:be:c6:a3:d5:29:34:06:86:96:
5a:8a:73:ec:ec:7b:d4:b6:f2:7b:25:ce:92:7b:0b:3b:48:58:
6d:d6:0b:bc:99:34:a4:29:15:ef:1f:14:d0:fb:03:a4:5b:23:
77:d6:fc:49:a8:f0:4c:7b:23:ea:ab:ab:91:3c:99:a6:6c:7f:
b1:4b:62:bf:50:59:ea:3a:c5:29:93:47:1b:37:b7:74:78:3b:
dc:4e:3a:b9:2e:c9:6c:c5:c9:40:63:25:8d:d4:1f:7d:dc:31:
80:87:a2:61:8d:4b:38:44:b1:95:eb:47:08:e9:29:9f:1c:c2:
b7:8e:33:6e:78:6b:c1:c9:a4:91:c4:5b:af:6b:51:9c:d9:3f:
09:94:ef:91:03:9e:9e:7c:8b:eb:d3:40:be:61:91:3e:8a:ab:
14:9e:f6:af
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIdswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUy
MTM4NTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDI4NTI1RUZGMkY2MzhG
NTJGQTA4Mzc3NTRGQkUwNzJEQkI0RDEwOEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbK0GlykeWfjcNj9j5fXXws/1JbyXysXQsYI4P+ujRd8kNTbu+
qt5L3zl7evIdFOS0VYRhCl/TwrY0PyZTX0EpYdNLyrDHAKqvy48q4snCjwCSgcO+
yaQxoGDxYNnTEvy4rdUkOlcWhGdu7fER03GvhktndCiabBjMCMGiGBY4dLWPtkyp
PmGtL/OtQ5dTnOywHmTw3+N3NVULmgcvQfa/IDsbwyNcs7Bfgp5t1d1Qul0Htqhd
mhazWbD/IWz92pSY+BY/ct6V9LcyZE+jUGMrhrN56jN1tFnO5VHUP6+oj6ZLQs4F
bMXfxbKUAAKsZBYaph8BMOknj2LGvXlUBypTAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUKFJe/y9jj1L6CDd1T74HLbtNEI8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvS0ZKZV95OWpqMUw2
Q0RkMVQ3NEhMYnRORUk4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAKj3BXdwYnxO8z4p4q//voCQU/ft
c8mamtxb7T5xZLMuM0zouxZh6aWzueCnnHaiI1W5WMk8/lGsCow8a4L2Wm2JjekM
bUkqbpuIHE2sd4DPxZt2vmdIIZpko+RLX4GuYULa3L7Go9UpNAaGllqKc+zse9S2
8nslzpJ7CztIWG3WC7yZNKQpFe8fFND7A6RbI3fW/Emo8Ex7I+qrq5E8maZsf7FL
Yr9QWeo6xSmTRxs3t3R4O9xOOrkuyWzFyUBjJY3UH33cMYCHomGNSzhEsZXrRwjp
KZ8cwreOM254a8HJpJHEW69rUZzZPwmU75EDnp58i+vTQL5hkT6KqxSe9q8=
-----END CERTIFICATE-----
Generated at Sat Jun 21 14:52:37 2025 by rpki-client