Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/KIV3n-pqRxtpNRTtKleu5STvlZ8.roa
File: KIV3n-pqRxtpNRTtKleu5STvlZ8.roa (raw, json)
Hash identifier: hKtfOw9KPUkPT+AIQUiqO+boND6NIow+d10UOmrZUqQ=
Subject key identifier: 28:85:77:9F:EA:6A:47:1B:69:35:14:ED:2A:57:AE:E5:24:EF:95:9F
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 20D8
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/KIV3n-pqRxtpNRTtKleu5STvlZ8.roa
Signing time: Wed 04 Jun 2025 02:38:40 +0000
ROA not before: Wed 04 Jun 2025 02:38:40 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8408 (0x20d8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 4 02:38:40 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=2885779FEA6A471B693514ED2A57AEE524EF959F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:02:2e:df:7f:68:65:85:ee:ce:9b:11:4a:8d:
07:2c:74:a6:55:8c:b8:0a:f5:62:53:6f:07:6f:bb:
ba:f0:cc:f3:e1:98:64:f1:e3:eb:61:96:ca:06:64:
2f:20:8a:3f:28:8d:bd:54:90:8b:76:4a:0c:20:d3:
8e:e7:ca:d3:61:a4:c6:01:2a:b1:ac:84:78:13:21:
00:9b:8f:bf:c6:9a:90:5d:8c:51:15:41:64:a9:f4:
d9:38:42:fa:e0:05:45:12:53:22:03:d4:02:49:c6:
6a:d6:28:70:1c:78:2c:10:7d:5a:93:44:30:61:b3:
89:80:93:b4:b9:90:d2:f7:74:49:8a:ef:3a:48:fb:
70:14:94:08:3a:ce:e2:35:12:89:c2:bc:55:d0:e8:
4a:20:06:d8:c3:01:ab:7f:ff:91:23:65:e4:81:71:
af:fc:c8:c9:e5:a9:23:b3:0f:db:cd:30:c2:90:32:
4f:51:74:7f:c5:b5:f1:d3:2f:39:80:98:23:63:b3:
5d:6c:e2:cf:c3:36:ac:2c:71:4c:f4:13:88:95:dd:
7e:0e:8f:b6:64:a2:47:2b:0b:d6:14:20:3d:7e:cc:
19:e2:88:e9:0a:f3:e7:fb:86:9a:28:f1:11:5e:75:
6b:82:4f:cd:f4:10:ca:59:80:e5:33:2c:f8:14:d4:
c0:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:85:77:9F:EA:6A:47:1B:69:35:14:ED:2A:57:AE:E5:24:EF:95:9F
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/KIV3n-pqRxtpNRTtKleu5STvlZ8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
6c:28:30:b8:69:b1:da:5b:c3:2a:9b:95:4f:0f:94:0c:e9:63:
d1:89:9a:84:b2:07:48:b9:6c:53:79:fb:1c:82:d2:1b:d6:07:
92:24:40:d5:47:a4:ec:4e:39:43:e6:0e:59:e1:a5:ce:f1:99:
e5:af:c7:f4:ba:23:fd:dd:0f:7d:c4:52:27:72:3f:43:7b:33:
3b:fa:99:42:88:fa:95:a2:c3:fc:d3:ab:75:97:9b:ce:e6:b7:
2c:08:c2:58:22:24:80:db:ae:d3:ea:f8:b0:7e:2b:c2:2f:71:
c1:d3:bd:72:93:bb:a1:4e:c5:29:67:38:4c:fc:82:7d:63:ab:
a2:6b:af:75:a9:88:91:d1:9f:22:53:82:c0:aa:ce:98:f6:7c:
a2:6e:c6:9e:86:8f:3f:ac:72:fc:8a:41:06:8d:7d:42:4c:0f:
4a:88:24:25:93:13:aa:13:be:f7:9c:a7:a4:77:61:e3:48:33:
a8:0a:07:1e:53:18:58:70:0f:7d:b4:40:5c:fa:7b:4d:69:bc:
19:9f:56:cd:aa:22:9b:2d:ef:79:ba:c2:82:c5:b6:4d:6d:90:
19:76:26:b8:bc:2f:35:bf:0c:57:70:e7:5b:da:ff:79:6b:f3:
88:14:45:05:10:51:81:c9:39:4b:31:06:61:3d:99:8d:ac:3f:
68:7e:4a:4c
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICINgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDQw
MjM4NDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDI4ODU3NzlGRUE2QTQ3
MUI2OTM1MTRFRDJBNTdBRUU1MjRFRjk1OUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDnAi7ff2hlhe7OmxFKjQcsdKZVjLgK9WJTbwdvu7rwzPPhmGTx
4+thlsoGZC8gij8ojb1UkIt2Sgwg047nytNhpMYBKrGshHgTIQCbj7/GmpBdjFEV
QWSp9Nk4QvrgBUUSUyID1AJJxmrWKHAceCwQfVqTRDBhs4mAk7S5kNL3dEmK7zpI
+3AUlAg6zuI1EonCvFXQ6EogBtjDAat//5EjZeSBca/8yMnlqSOzD9vNMMKQMk9R
dH/FtfHTLzmAmCNjs11s4s/DNqwscUz0E4iV3X4Oj7ZkokcrC9YUID1+zBniiOkK
8+f7hpoo8RFedWuCT830EMpZgOUzLPgU1MBRAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUKIV3n+pqRxtpNRTtKleu5STvlZ8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvS0lWM24tcHFSeHRw
TlJUdEtsZXU1U1R2bFo4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGwoMLhpsdpbwyqblU8PlAzpY9GJ
moSyB0i5bFN5+xyC0hvWB5IkQNVHpOxOOUPmDlnhpc7xmeWvx/S6I/3dD33EUidy
P0N7Mzv6mUKI+pWiw/zTq3WXm87mtywIwlgiJIDbrtPq+LB+K8IvccHTvXKTu6FO
xSlnOEz8gn1jq6Jrr3WpiJHRnyJTgsCqzpj2fKJuxp6Gjz+scvyKQQaNfUJMD0qI
JCWTE6oTvvecp6R3YeNIM6gKBx5TGFhwD320QFz6e01pvBmfVs2qIpst73m6woLF
tk1tkBl2Jri8LzW/DFdw51va/3lr84gURQUQUYHJOUsxBmE9mY2sP2h+Skw=
-----END CERTIFICATE-----
Generated at Fri Jun 20 19:39:18 2025 by rpki-client