Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/REHP3SqPog8YgvR0B0RP8xvqLoE.roa
File: REHP3SqPog8YgvR0B0RP8xvqLoE.roa (raw, json)
Hash identifier: taN7b/Pv6qYGrK4z/e7sTvHc3Z9PM77K3s7gifYR6PM=
Subject key identifier: 44:41:CF:DD:2A:8F:A2:0F:18:82:F4:74:07:44:4F:F3:1B:EA:2E:81
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 214E
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/REHP3SqPog8YgvR0B0RP8xvqLoE.roa
Signing time: Wed 04 Jun 2025 22:08:43 +0000
ROA not before: Wed 04 Jun 2025 22:08:43 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8526 (0x214e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 4 22:08:43 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4441CFDD2A8FA20F1882F47407444FF31BEA2E81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:7d:ab:2a:56:62:65:2e:31:bc:7a:58:7d:1f:
97:a0:4b:24:87:9e:67:04:5c:5a:63:10:15:09:4a:
22:e0:b1:45:eb:96:22:31:d4:ca:33:93:56:a2:28:
d5:8e:74:14:c6:34:33:62:6a:75:75:7e:c1:55:e1:
82:4c:de:c8:d6:0b:7c:17:36:b5:c7:82:36:b1:37:
f8:41:98:e8:3a:40:be:0b:fe:04:70:5c:9c:b0:13:
79:d4:f6:92:a7:9e:32:84:92:d5:97:9f:d9:85:42:
c7:b3:f4:dd:53:81:6b:b4:0c:45:45:43:2f:59:6c:
bc:03:2e:56:42:95:10:36:f1:90:76:a5:9c:43:7e:
36:9b:5c:30:70:fe:5b:13:e0:54:a0:25:e8:f9:ee:
bc:16:ff:24:bd:83:f5:76:0b:29:dd:1c:46:a8:0c:
51:ab:77:44:5e:c1:b5:fd:77:d5:ae:96:08:c5:b5:
13:14:7b:9e:8e:d3:8d:f1:08:b3:d4:f3:c3:c5:27:
89:26:a5:7d:b2:b9:37:14:b0:d0:55:df:40:dc:12:
2f:cc:a4:da:ae:7d:94:21:75:9e:b2:16:79:5f:d6:
76:07:d3:e2:09:85:f8:13:7c:f0:c3:14:45:5d:a8:
49:b5:45:69:9d:06:a5:34:26:39:64:3f:7d:1e:29:
27:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:41:CF:DD:2A:8F:A2:0F:18:82:F4:74:07:44:4F:F3:1B:EA:2E:81
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/REHP3SqPog8YgvR0B0RP8xvqLoE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
8e:da:0b:99:d7:94:b4:3f:80:f2:0b:72:b8:0e:96:d2:13:2d:
02:c5:89:bd:2e:bc:cf:9d:93:7e:d0:1e:e5:ea:b5:f6:c1:7d:
da:f2:22:8a:1b:60:27:99:3d:bb:aa:ac:16:f3:c5:de:ce:3a:
1a:7d:e6:5b:c4:32:cd:69:9d:f9:3f:ae:56:75:3d:3d:45:fe:
01:b6:b1:d6:64:15:fb:e1:27:ef:45:65:fd:9a:4d:6a:95:cf:
a9:a1:2d:90:e6:91:9d:d2:3b:91:56:b4:69:5c:f9:52:98:8d:
b1:c1:0f:e9:29:67:2e:40:2c:70:ff:b0:84:71:a6:89:ba:19:
04:62:18:45:d9:32:63:26:fe:14:d8:1c:e3:8f:d2:d2:a3:03:
bb:c1:db:74:25:fb:00:79:fc:a7:f2:5b:28:c2:a8:8f:7b:d8:
9d:ac:86:e9:b0:c2:f3:9c:62:ba:27:1c:8a:25:55:e3:a1:00:
98:94:72:7b:07:95:df:95:a5:09:52:c0:24:7c:6d:8b:3b:82:
93:a1:5e:31:9a:44:bd:07:ad:9f:97:6c:d2:ab:1f:b5:bd:2c:
65:6f:20:6b:1e:e7:35:aa:b6:3c:fe:a5:c0:7e:b5:19:9e:61:
93:1a:08:13:83:8d:5f:1a:5b:16:e0:64:b6:b5:6e:e5:33:d2:
e0:29:ee:af
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIU4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDQy
MjA4NDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQ0NDFDRkREMkE4RkEy
MEYxODgyRjQ3NDA3NDQ0RkYzMUJFQTJFODEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCsfasqVmJlLjG8elh9H5egSySHnmcEXFpjEBUJSiLgsUXrliIx
1Mozk1aiKNWOdBTGNDNianV1fsFV4YJM3sjWC3wXNrXHgjaxN/hBmOg6QL4L/gRw
XJywE3nU9pKnnjKEktWXn9mFQsez9N1TgWu0DEVFQy9ZbLwDLlZClRA28ZB2pZxD
fjabXDBw/lsT4FSgJej57rwW/yS9g/V2CyndHEaoDFGrd0RewbX9d9WulgjFtRMU
e56O043xCLPU88PFJ4kmpX2yuTcUsNBV30DcEi/MpNqufZQhdZ6yFnlf1nYH0+IJ
hfgTfPDDFEVdqEm1RWmdBqU0JjlkP30eKSdpAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUREHP3SqPog8YgvR0B0RP8xvqLoEwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvUkVIUDNTcVBvZzhZ
Z3ZSMEIwUlA4eHZxTG9FLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAI7aC5nXlLQ/gPILcrgOltITLQLF
ib0uvM+dk37QHuXqtfbBfdryIoobYCeZPbuqrBbzxd7OOhp95lvEMs1pnfk/rlZ1
PT1F/gG2sdZkFfvhJ+9FZf2aTWqVz6mhLZDmkZ3SO5FWtGlc+VKYjbHBD+kpZy5A
LHD/sIRxpom6GQRiGEXZMmMm/hTYHOOP0tKjA7vB23Ql+wB5/KfyWyjCqI972J2s
humwwvOcYronHIolVeOhAJiUcnsHld+VpQlSwCR8bYs7gpOhXjGaRL0HrZ+XbNKr
H7W9LGVvIGse5zWqtjz+pcB+tRmeYZMaCBODjV8aWxbgZLa1buUz0uAp7q8=
-----END CERTIFICATE-----
Generated at Sat Jun 21 07:11:26 2025 by rpki-client