Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/T1GLimKXjxGBpS3Sftp7pa6PiBQ.roa
File: T1GLimKXjxGBpS3Sftp7pa6PiBQ.roa (raw, json)
Hash identifier: G8FnvQKGKgDFqjIxx69qAoal2FFcGJ7vq+RbCxWjcXQ=
Subject key identifier: 4F:51:8B:8A:62:97:8F:11:81:A5:2D:D2:7E:DA:7B:A5:AE:8F:88:14
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 212A
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/T1GLimKXjxGBpS3Sftp7pa6PiBQ.roa
Signing time: Wed 04 Jun 2025 16:08:41 +0000
ROA not before: Wed 04 Jun 2025 16:08:41 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8490 (0x212a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 4 16:08:41 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4F518B8A62978F1181A52DD27EDA7BA5AE8F8814
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:cb:aa:e6:27:8f:94:60:9a:65:87:79:16:da:
2b:61:66:d5:62:74:cc:79:b9:25:df:9d:df:e3:47:
9c:e3:fe:b9:9a:ef:3d:4a:6b:ed:89:24:ad:35:89:
a3:3d:f6:43:c2:c7:63:f9:e4:b2:1d:e2:51:b8:02:
14:12:54:9c:7e:94:ba:34:ec:d4:cc:e7:21:5d:a3:
b1:03:87:19:cb:6b:8f:b1:a7:8d:a2:fe:a3:bd:99:
1f:d6:9e:4b:c8:10:63:be:83:22:4b:50:c2:2b:9e:
51:3c:30:ba:57:0f:05:b6:b6:5b:82:01:74:9b:9a:
52:92:c4:bd:8c:d9:a2:28:20:c7:a4:e2:f3:13:90:
05:16:8d:ef:54:b0:3d:94:c4:34:e7:c3:7e:ea:d9:
b7:68:91:91:c2:73:71:9d:d0:ef:dd:8d:8e:d6:63:
75:c2:9b:63:21:61:da:68:d8:94:21:85:83:24:7b:
73:47:38:5c:14:69:a0:b2:ea:ab:a5:76:90:6b:6e:
10:be:4d:e3:6f:e9:b4:48:56:53:3e:f8:3a:d3:83:
05:75:cf:67:f1:6d:4f:48:a9:c0:e2:85:b3:77:4f:
65:66:b9:b3:d2:54:0f:21:20:6b:2e:2d:e5:51:4c:
74:e5:11:4a:3f:4e:c4:5c:f9:f2:66:ae:34:fe:2f:
a9:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:51:8B:8A:62:97:8F:11:81:A5:2D:D2:7E:DA:7B:A5:AE:8F:88:14
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/T1GLimKXjxGBpS3Sftp7pa6PiBQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
68:e5:95:9d:cc:a6:94:eb:8a:f5:5c:94:77:45:43:0b:5b:e1:
0e:68:bd:7b:ce:ca:87:b2:bd:19:6b:cc:a6:c9:90:73:1e:1c:
01:d9:fd:c0:9a:3e:7c:77:d9:35:97:8b:e3:80:28:ef:d3:88:
e2:78:93:08:0c:ec:3a:04:86:71:4e:0b:96:55:ec:a9:33:71:
dc:36:34:ac:21:3c:20:44:73:6d:92:73:6c:12:81:01:f5:32:
53:40:d5:ec:fa:35:38:e1:f8:d4:ce:3a:4b:f2:13:9e:f4:80:
1e:9a:89:35:29:8e:16:f1:13:fc:a2:ee:d8:48:b1:58:4e:c8:
1b:13:69:b4:79:6b:7f:0d:24:aa:ce:01:90:2b:fe:cb:82:47:
ca:52:af:d4:7b:a9:93:45:4e:8b:09:77:a9:bc:05:69:01:6e:
4a:d0:ac:13:9b:e3:6a:4f:bb:92:4c:ad:2d:69:f7:e6:bd:c2:
3b:2a:5b:6e:8a:7d:72:df:de:55:2b:ff:70:35:f3:35:70:ef:
4b:b1:7d:63:3d:d2:ac:43:7f:7c:b6:93:db:20:fd:a2:f7:fb:
99:ad:85:41:e7:74:b3:67:75:5c:4b:62:b9:4d:81:d6:1f:90:
cf:31:e4:8c:8e:64:87:8d:26:69:ee:1c:69:b3:28:d2:ea:4e:
47:16:0b:73
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICISowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDQx
NjA4NDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDRGNTE4QjhBNjI5NzhG
MTE4MUE1MkREMjdFREE3QkE1QUU4Rjg4MTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGy6rmJ4+UYJplh3kW2ithZtVidMx5uSXfnd/jR5zj/rma7z1K
a+2JJK01iaM99kPCx2P55LId4lG4AhQSVJx+lLo07NTM5yFdo7EDhxnLa4+xp42i
/qO9mR/WnkvIEGO+gyJLUMIrnlE8MLpXDwW2tluCAXSbmlKSxL2M2aIoIMek4vMT
kAUWje9UsD2UxDTnw37q2bdokZHCc3Gd0O/djY7WY3XCm2MhYdpo2JQhhYMke3NH
OFwUaaCy6quldpBrbhC+TeNv6bRIVlM++DrTgwV1z2fxbU9IqcDihbN3T2VmubPS
VA8hIGsuLeVRTHTlEUo/TsRc+fJmrjT+L6mZAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUT1GLimKXjxGBpS3Sftp7pa6PiBQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvVDFHTGltS1hqeEdC
cFMzU2Z0cDdwYTZQaUJRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGjllZ3MppTrivVclHdFQwtb4Q5o
vXvOyoeyvRlrzKbJkHMeHAHZ/cCaPnx32TWXi+OAKO/TiOJ4kwgM7DoEhnFOC5ZV
7Kkzcdw2NKwhPCBEc22Sc2wSgQH1MlNA1ez6NTjh+NTOOkvyE570gB6aiTUpjhbx
E/yi7thIsVhOyBsTabR5a38NJKrOAZAr/suCR8pSr9R7qZNFTosJd6m8BWkBbkrQ
rBOb42pPu5JMrS1p9+a9wjsqW26KfXLf3lUr/3A18zVw70uxfWM90qxDf3y2k9sg
/aL3+5mthUHndLNndVxLYrlNgdYfkM8x5IyOZIeNJmnuHGmzKNLqTkcWC3M=
-----END CERTIFICATE-----
Generated at Sat Jun 21 08:51:08 2025 by rpki-client