Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/SJGnL6pXFVkyUSfJWH19TDabwvs.roa
File: SJGnL6pXFVkyUSfJWH19TDabwvs.roa (raw, json)
Hash identifier: ENs8FW3gaiP1qaN1mq9Yw/JIscBCrk5jN67TYfpfsa8=
Subject key identifier: 48:91:A7:2F:AA:57:15:59:32:51:27:C9:58:7D:7D:4C:36:9B:C2:FB
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 240E
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/SJGnL6pXFVkyUSfJWH19TDabwvs.roa
Signing time: Mon 09 Jun 2025 19:39:03 +0000
ROA not before: Mon 09 Jun 2025 19:39:03 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9230 (0x240e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 9 19:39:03 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4891A72FAA571559325127C9587D7D4C369BC2FB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:2f:08:4d:b3:96:51:89:b8:04:5c:4b:88:ee:
94:5c:aa:d2:f3:03:d6:be:31:b2:68:a1:d0:24:35:
0a:c2:d5:03:6e:dc:da:db:50:fa:93:36:80:b1:61:
b6:8a:cb:e2:48:01:dd:dc:5d:39:86:bd:8e:e6:21:
5f:e1:bd:48:3f:61:ec:4b:a0:4b:16:ff:22:ba:25:
66:6b:13:e5:3e:75:29:68:7d:67:2a:98:8a:8b:f3:
6c:cb:98:73:e2:c6:47:04:dc:cf:02:8c:89:90:e8:
d7:3f:b0:a2:ca:ac:f8:f9:72:18:b9:75:17:95:20:
11:17:30:f8:7e:73:a3:14:4a:dd:44:51:17:15:68:
8d:18:ee:b9:82:86:de:11:fb:0b:68:27:c7:4d:62:
5a:ad:dd:a0:dd:80:1f:d7:22:58:b3:a7:b4:97:6e:
ed:1d:bf:8f:11:98:9d:75:43:c6:1b:70:b3:32:30:
9b:71:0f:ba:36:9e:cb:09:0b:44:d1:02:86:30:f7:
1f:be:38:fb:f6:90:c5:98:66:d8:2d:1b:d0:e2:de:
ac:33:19:98:9d:b5:6e:92:d9:c0:72:8a:e9:16:e4:
33:b3:48:a9:d3:bd:1f:ad:49:24:13:1f:31:18:be:
05:f1:73:3a:ec:e2:a7:7f:e3:11:c6:8a:38:c7:5b:
4b:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:91:A7:2F:AA:57:15:59:32:51:27:C9:58:7D:7D:4C:36:9B:C2:FB
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/SJGnL6pXFVkyUSfJWH19TDabwvs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
23:28:ba:9d:eb:89:83:30:3e:e7:c9:01:e5:1f:1d:20:35:3a:
21:f3:ca:72:d1:bf:88:67:2b:bc:5b:84:93:da:55:86:1f:e3:
c8:e7:c1:1b:09:b7:c1:e1:76:08:d1:2c:58:ae:c2:92:3f:59:
8b:31:56:d9:51:9f:14:1e:f5:8d:53:96:9f:b9:ea:5b:ac:ea:
88:ce:35:0b:3f:03:22:f1:e3:09:f6:ff:75:7a:cd:cb:ca:58:
6c:f6:ca:05:e7:44:0b:82:02:e3:cb:fb:4e:3a:ca:3a:85:53:
16:00:50:58:a8:59:02:65:35:5f:87:de:f3:02:f5:0a:5d:56:
97:c6:1c:9c:50:49:55:df:52:f6:60:de:ca:d6:54:72:1b:82:
87:7f:20:df:9a:02:9d:e7:d1:8c:ea:09:c2:cb:dc:9d:44:da:
16:fe:23:f3:e6:b8:af:27:0b:fd:fa:fb:ae:8c:f4:d5:88:7a:
9b:1a:de:5f:0a:7b:f6:db:43:7a:7d:61:ca:b6:61:89:c0:b4:
12:90:ef:f8:81:fc:55:c8:95:b5:31:8a:08:4f:4b:d1:38:31:
e2:66:83:23:fe:29:48:92:4c:9d:be:c3:2a:05:98:13:5c:36:
b8:5e:01:3e:dd:ce:43:6a:e0:9e:3e:96:d5:74:9a:f4:7e:40:
ae:a1:83:b7
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJA4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDkx
OTM5MDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQ4OTFBNzJGQUE1NzE1
NTkzMjUxMjdDOTU4N0Q3RDRDMzY5QkMyRkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCuLwhNs5ZRibgEXEuI7pRcqtLzA9a+MbJoodAkNQrC1QNu3Nrb
UPqTNoCxYbaKy+JIAd3cXTmGvY7mIV/hvUg/YexLoEsW/yK6JWZrE+U+dSlofWcq
mIqL82zLmHPixkcE3M8CjImQ6Nc/sKLKrPj5chi5dReVIBEXMPh+c6MUSt1EURcV
aI0Y7rmCht4R+wtoJ8dNYlqt3aDdgB/XIlizp7SXbu0dv48RmJ11Q8YbcLMyMJtx
D7o2nssJC0TRAoYw9x++OPv2kMWYZtgtG9Di3qwzGZidtW6S2cByiukW5DOzSKnT
vR+tSSQTHzEYvgXxczrs4qd/4xHGijjHW0vPAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUSJGnL6pXFVkyUSfJWH19TDabwvswHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvU0pHbkw2cFhGVmt5
VVNmSldIMTlURGFid3ZzLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBACMoup3riYMwPufJAeUfHSA1OiHz
ynLRv4hnK7xbhJPaVYYf48jnwRsJt8HhdgjRLFiuwpI/WYsxVtlRnxQe9Y1Tlp+5
6lus6ojONQs/AyLx4wn2/3V6zcvKWGz2ygXnRAuCAuPL+046yjqFUxYAUFioWQJl
NV+H3vMC9QpdVpfGHJxQSVXfUvZg3srWVHIbgod/IN+aAp3n0YzqCcLL3J1E2hb+
I/PmuK8nC/36+66M9NWIepsa3l8Ke/bbQ3p9Ycq2YYnAtBKQ7/iB/FXIlbUxighP
S9E4MeJmgyP+KUiSTJ2+wyoFmBNcNrheAT7dzkNq4J4+ltV0mvR+QK6hg7c=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:51:15 2025 by rpki-client