Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/QBobMRblo0FvkNGj5tHovbaJhog.roa
File: QBobMRblo0FvkNGj5tHovbaJhog.roa (raw, json)
Hash identifier: lGbNV7rLydQb2NJHApef+pDn97YqRsRUES3geulrY2Y=
Subject key identifier: 40:1A:1B:31:16:E5:A3:41:6F:90:D1:A3:E6:D1:E8:BD:B6:89:86:88
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C35
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/QBobMRblo0FvkNGj5tHovbaJhog.roa
Signing time: Mon 26 May 2025 20:38:07 +0000
ROA not before: Mon 26 May 2025 20:38:07 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7221 (0x1c35)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 26 20:38:07 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=401A1B3116E5A3416F90D1A3E6D1E8BDB6898688
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:f3:68:b7:c6:3e:68:a1:a0:76:0b:cf:30:38:
22:1f:2b:c8:19:44:ec:82:1b:0a:4f:1f:2d:56:cc:
3e:2e:46:66:c0:f3:05:58:72:bf:d0:55:a7:ca:94:
c7:bc:04:6d:84:33:c9:09:c0:22:0d:23:4f:16:81:
9f:13:1d:94:10:15:4f:91:3b:25:8c:d9:6c:f4:88:
b2:aa:e7:00:5a:89:35:26:1e:12:84:d2:78:09:ff:
03:2a:67:05:ce:3e:17:30:de:d3:61:94:ae:c2:f2:
37:59:2f:85:28:5e:6d:53:34:18:12:0e:f6:7e:ae:
f5:93:22:83:4b:5f:bc:95:b6:b1:d5:c6:ca:a8:06:
62:ab:39:ab:f0:90:6c:62:50:99:eb:ac:0a:ed:81:
bb:59:34:02:fa:9f:47:35:91:8a:d3:f6:76:8a:89:
2e:7c:07:7e:df:9c:a9:72:34:de:3b:f7:ce:65:1d:
47:12:e2:e1:30:20:5d:28:07:9e:1f:0e:39:1f:99:
8e:32:69:f9:cb:4c:5d:f3:f8:f2:e0:f8:4f:c8:89:
bc:6f:66:2d:45:f7:1f:d0:24:63:4a:76:ab:c7:1d:
30:95:a8:8a:82:b5:cb:07:39:b2:a8:b8:07:8d:1c:
19:cf:3f:7d:c9:83:96:c8:ce:b2:07:c8:25:b0:24:
0c:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:1A:1B:31:16:E5:A3:41:6F:90:D1:A3:E6:D1:E8:BD:B6:89:86:88
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/QBobMRblo0FvkNGj5tHovbaJhog.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
0d:de:c7:47:3d:58:d5:4a:0a:a1:57:ea:28:6b:52:73:32:9a:
c0:f8:7e:be:9b:5a:ff:1f:1a:08:88:70:d0:34:54:a4:5a:95:
be:57:0b:57:2c:21:6c:a4:1d:93:06:45:7c:cb:d8:73:6e:10:
2d:ee:62:65:ad:ec:11:3f:2a:bf:70:48:67:2b:47:e2:57:84:
75:be:b1:b8:f2:8b:cf:01:7a:bc:d6:10:1f:ba:f9:81:3d:30:
e2:14:17:b1:92:a6:31:df:fc:2d:42:3a:90:27:e1:fa:d9:59:
0c:d6:bf:12:b3:37:ea:a6:a1:e0:c2:0b:9c:1e:2d:06:9f:5e:
e4:09:82:7a:55:ff:19:59:8b:a8:96:e2:29:92:4f:4e:6e:54:
ef:aa:00:98:4f:74:e0:30:95:59:d7:88:83:4f:66:89:63:73:
fe:fb:b0:38:0b:e0:f9:cb:91:14:23:05:8d:d6:57:69:29:a0:
5c:a7:ea:81:1d:34:82:a9:90:d8:6e:c3:28:ad:fc:ff:f1:de:
f4:ec:eb:36:4a:ad:0d:05:4a:fb:0c:bb:1f:61:1c:85:56:9d:
99:e9:c0:57:f5:03:14:13:62:61:67:01:09:41:56:aa:f7:e4:
be:f9:d4:21:6c:6d:bf:8b:d4:9e:26:4b:a7:fc:eb:4c:f1:ee:
8a:55:ac:9f
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHDUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MjYy
MDM4MDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQwMUExQjMxMTZFNUEz
NDE2RjkwRDFBM0U2RDFFOEJEQjY4OTg2ODgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCy82i3xj5ooaB2C88wOCIfK8gZROyCGwpPHy1WzD4uRmbA8wVY
cr/QVafKlMe8BG2EM8kJwCINI08WgZ8THZQQFU+ROyWM2Wz0iLKq5wBaiTUmHhKE
0ngJ/wMqZwXOPhcw3tNhlK7C8jdZL4UoXm1TNBgSDvZ+rvWTIoNLX7yVtrHVxsqo
BmKrOavwkGxiUJnrrArtgbtZNAL6n0c1kYrT9naKiS58B37fnKlyNN47985lHUcS
4uEwIF0oB54fDjkfmY4yafnLTF3z+PLg+E/IibxvZi1F9x/QJGNKdqvHHTCVqIqC
tcsHObKouAeNHBnPP33Jg5bIzrIHyCWwJAz5AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUQBobMRblo0FvkNGj5tHovbaJhogwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvUUJvYk1SYmxvMEZ2
a05HajV0SG92YmFKaG9nLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAA3ex0c9WNVKCqFX6ihrUnMymsD4
fr6bWv8fGgiIcNA0VKRalb5XC1csIWykHZMGRXzL2HNuEC3uYmWt7BE/Kr9wSGcr
R+JXhHW+sbjyi88BerzWEB+6+YE9MOIUF7GSpjHf/C1COpAn4frZWQzWvxKzN+qm
oeDCC5weLQafXuQJgnpV/xlZi6iW4imST05uVO+qAJhPdOAwlVnXiINPZoljc/77
sDgL4PnLkRQjBY3WV2kpoFyn6oEdNIKpkNhuwyit/P/x3vTs6zZKrQ0FSvsMux9h
HIVWnZnpwFf1AxQTYmFnAQlBVqr35L751CFsbb+L1J4mS6f860zx7opVrJ8=
-----END CERTIFICATE-----
Generated at Sat Jun 21 21:38:06 2025 by rpki-client