Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Mbzh6KRORK8b2MdhbhkNQ2XGoTI.roa
File: Mbzh6KRORK8b2MdhbhkNQ2XGoTI.roa (raw, json)
Hash identifier: VjPeM7jL3boTfi5UjfRZ/ZyD2TfMAmjW2yfyx4ROAkE=
Subject key identifier: 31:BC:E1:E8:A4:4E:44:AF:1B:D8:C7:61:6E:19:0D:43:65:C6:A1:32
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1FE5
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Mbzh6KRORK8b2MdhbhkNQ2XGoTI.roa
Signing time: Mon 02 Jun 2025 10:08:36 +0000
ROA not before: Mon 02 Jun 2025 10:08:36 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8165 (0x1fe5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 2 10:08:36 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=31BCE1E8A44E44AF1BD8C7616E190D4365C6A132
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:01:60:16:95:89:ae:1c:51:8a:89:4f:01:03:
76:92:84:e7:c7:bf:21:96:7f:82:b0:ef:fd:d8:7b:
03:f1:2e:6a:2f:3e:8b:eb:d9:c6:55:6c:2f:35:64:
3e:3a:03:ac:e6:eb:96:c5:22:cc:78:06:8c:56:b5:
04:f4:7b:a2:71:7d:61:75:e4:38:8a:e8:e3:27:82:
dc:46:74:8f:79:a7:f9:6f:98:c9:2f:d3:81:f5:0f:
ee:45:ea:58:5b:11:62:c0:69:c8:4d:a2:6d:bc:66:
d0:bd:ac:a0:36:36:83:47:cf:7f:71:09:68:1b:65:
0f:49:bc:8d:e7:76:f5:6b:ce:be:d5:0f:d4:eb:ad:
be:b0:7d:ef:ce:75:9f:ec:18:87:8e:20:a1:1d:74:
ab:93:3e:c8:9a:0c:ac:8c:ac:37:31:bf:54:1f:af:
71:98:25:61:a6:69:d4:cf:d8:f4:cf:2c:fc:15:8c:
a9:e2:95:c5:ed:8e:77:07:9a:04:11:83:8f:1f:cd:
a9:37:64:43:e7:34:f7:5c:bb:90:44:d4:0c:be:79:
3b:96:4f:8d:28:02:a3:6e:a8:60:de:79:bd:e1:ea:
41:33:aa:70:d9:f6:c5:f1:fd:86:67:3f:87:5c:45:
d8:13:b5:0e:c9:e3:f0:4e:5d:ba:97:3c:1d:b3:8e:
27:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:BC:E1:E8:A4:4E:44:AF:1B:D8:C7:61:6E:19:0D:43:65:C6:A1:32
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Mbzh6KRORK8b2MdhbhkNQ2XGoTI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
04:2e:94:06:8f:d5:63:98:eb:5d:c6:57:f8:61:1a:22:f8:4f:
a7:13:6b:27:ba:48:6d:af:33:74:eb:02:92:28:ed:61:20:34:
90:d2:73:f8:41:a4:87:00:ec:88:42:c0:f5:59:a8:70:38:be:
88:0c:51:dc:74:c7:cb:9b:eb:2c:79:0a:81:7a:9f:2f:76:16:
3f:41:88:60:e7:03:85:c4:92:e5:8d:e5:eb:af:24:6a:c0:56:
05:d7:7a:e4:57:97:aa:7c:5d:47:3c:53:56:c1:57:e1:0e:c9:
69:4f:d3:4a:61:1f:56:0e:1f:e1:03:0d:26:88:7f:f0:63:45:
bf:f4:d7:f5:e3:5c:14:59:23:96:82:84:dc:97:39:0b:ea:14:
99:a1:a7:5f:54:7e:cf:7a:df:18:3c:a2:aa:53:6e:c3:84:52:
ec:e6:0f:6b:1e:db:cb:30:d2:48:fa:76:03:02:e2:e8:33:25:
09:0b:4d:6e:0c:f5:bc:90:61:c6:22:f0:58:00:ff:35:a6:30:
17:3f:3f:9f:91:87:b6:e0:37:07:f8:f0:1e:a7:d7:84:c3:f8:
a7:b1:b8:d1:1d:f1:84:4d:05:99:4c:a2:86:eb:69:62:bc:6b:
5f:e4:36:e8:e3:8b:25:99:d0:bf:51:85:8f:48:da:c4:b2:a4:
86:02:94:63
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICH+UwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDIx
MDA4MzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDMxQkNFMUU4QTQ0RTQ0
QUYxQkQ4Qzc2MTZFMTkwRDQzNjVDNkExMzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSAWAWlYmuHFGKiU8BA3aShOfHvyGWf4Kw7/3YewPxLmovPovr
2cZVbC81ZD46A6zm65bFIsx4BoxWtQT0e6JxfWF15DiK6OMngtxGdI95p/lvmMkv
04H1D+5F6lhbEWLAachNom28ZtC9rKA2NoNHz39xCWgbZQ9JvI3ndvVrzr7VD9Tr
rb6wfe/OdZ/sGIeOIKEddKuTPsiaDKyMrDcxv1Qfr3GYJWGmadTP2PTPLPwVjKni
lcXtjncHmgQRg48fzak3ZEPnNPdcu5BE1Ay+eTuWT40oAqNuqGDeeb3h6kEzqnDZ
9sXx/YZnP4dcRdgTtQ7J4/BOXbqXPB2zjieXAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUMbzh6KRORK8b2MdhbhkNQ2XGoTIwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTWJ6aDZLUk9SSzhi
Mk1kaGJoa05RMlhHb1RJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAAQulAaP1WOY613GV/hhGiL4T6cT
aye6SG2vM3TrApIo7WEgNJDSc/hBpIcA7IhCwPVZqHA4vogMUdx0x8ub6yx5CoF6
ny92Fj9BiGDnA4XEkuWN5euvJGrAVgXXeuRXl6p8XUc8U1bBV+EOyWlP00phH1YO
H+EDDSaIf/BjRb/01/XjXBRZI5aChNyXOQvqFJmhp19Ufs963xg8oqpTbsOEUuzm
D2se28sw0kj6dgMC4ugzJQkLTW4M9byQYcYi8FgA/zWmMBc/P5+Rh7bgNwf48B6n
14TD+KexuNEd8YRNBZlMoobraWK8a1/kNujjiyWZ0L9RhY9I2sSypIYClGM=
-----END CERTIFICATE-----
Generated at Sat Jun 21 21:43:17 2025 by rpki-client