Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/T6JBsOfx0YF6oGaTIwq0Jnmb8TM.roa
File: T6JBsOfx0YF6oGaTIwq0Jnmb8TM.roa (raw, json)
Hash identifier: TdJeitlX04DDODrrraW+BBytJzasrvgloG9SXUrpG8Q=
Subject key identifier: 4F:A2:41:B0:E7:F1:D1:81:7A:A0:66:93:23:0A:B4:26:79:9B:F1:33
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1EF8
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/T6JBsOfx0YF6oGaTIwq0Jnmb8TM.roa
Signing time: Sat 31 May 2025 18:38:31 +0000
ROA not before: Sat 31 May 2025 18:38:31 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7928 (0x1ef8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 31 18:38:31 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4FA241B0E7F1D1817AA06693230AB426799BF133
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:f3:42:8b:39:62:d3:1a:cb:33:27:c9:76:67:
11:37:a2:85:33:4b:86:e4:78:66:f5:62:15:12:5f:
2a:42:e5:96:0c:9b:bb:1c:3c:05:44:ca:2d:07:b2:
9e:0a:f1:d3:08:e2:8d:46:1c:44:73:6f:82:7c:06:
79:52:50:10:89:44:10:22:87:97:81:48:12:f8:6e:
22:16:cc:fb:ae:db:a3:63:af:dc:be:7a:b4:6c:67:
08:ae:2b:34:8a:12:c3:71:24:e1:f9:9f:63:95:fd:
12:fe:a3:80:fd:e8:22:31:ec:66:df:4d:34:59:af:
f4:26:e1:1c:4a:77:84:4c:02:4e:dc:71:94:4f:76:
5e:ab:4c:56:48:ee:1b:0c:92:c2:b3:76:4c:34:5e:
a9:7f:57:11:a5:23:66:ed:16:5a:c0:71:4b:1a:12:
38:53:e4:9e:c2:3f:d4:2b:b6:58:a3:05:8c:54:12:
f2:9a:99:40:ba:3f:14:d4:f7:7e:e4:70:b3:54:f3:
ef:d3:c5:c4:cf:4e:70:f7:5e:9c:7c:c6:c7:67:57:
a9:5e:09:f4:0b:75:ce:c7:42:16:74:3c:09:de:48:
ab:04:55:27:25:41:90:06:c2:a9:bc:2a:b0:0e:bc:
7d:3d:10:c0:32:21:39:08:fd:e0:66:e5:d6:9a:20:
04:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:A2:41:B0:E7:F1:D1:81:7A:A0:66:93:23:0A:B4:26:79:9B:F1:33
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/T6JBsOfx0YF6oGaTIwq0Jnmb8TM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
44:c4:92:7d:77:25:00:23:cc:c3:ca:44:6c:77:3c:1f:22:3e:
30:10:09:35:6e:68:a6:dd:d8:df:0a:2e:55:90:5c:31:9a:5c:
f5:ed:bc:66:bb:f2:c7:7c:c7:b4:d5:2c:5f:a6:da:bf:76:94:
4a:52:3a:b3:4a:06:f6:8d:bc:e3:5f:c5:73:e4:c0:01:d5:1b:
21:65:23:da:22:e6:88:97:85:e1:7f:9b:5d:60:7b:b6:c8:f7:
31:b4:eb:ed:a3:6b:b0:46:f7:fb:27:41:e5:b3:5a:4e:96:c6:
08:71:98:5d:6d:9b:a3:05:df:a7:3c:5a:de:a0:05:b8:4b:c5:
fa:43:0b:af:49:6f:15:9f:a5:6d:0d:f2:1e:b5:6a:40:56:0a:
a1:57:71:13:4f:12:4c:ca:1b:2e:34:09:72:ba:8e:69:dd:39:
c6:ee:c1:8c:74:d0:d6:66:2e:b0:6c:0d:6d:8d:25:a6:55:cb:
0f:14:66:37:08:31:af:20:72:bf:ab:25:19:10:d9:b1:67:6b:
45:22:e6:0a:b4:de:b1:98:6c:9b:8b:93:9c:ac:39:f2:7a:ac:
1d:c2:47:35:13:83:40:2f:3d:17:db:b4:e9:7c:b7:eb:a8:3a:
21:01:8c:b5:68:12:fa:4d:c5:1a:b2:27:ce:d1:d0:7f:2a:d0:
bf:18:36:dd
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHvgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MzEx
ODM4MzFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDRGQTI0MUIwRTdGMUQx
ODE3QUEwNjY5MzIzMEFCNDI2Nzk5QkYxMzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQ80KLOWLTGsszJ8l2ZxE3ooUzS4bkeGb1YhUSXypC5ZYMm7sc
PAVEyi0Hsp4K8dMI4o1GHERzb4J8BnlSUBCJRBAih5eBSBL4biIWzPuu26Njr9y+
erRsZwiuKzSKEsNxJOH5n2OV/RL+o4D96CIx7GbfTTRZr/Qm4RxKd4RMAk7ccZRP
dl6rTFZI7hsMksKzdkw0Xql/VxGlI2btFlrAcUsaEjhT5J7CP9QrtlijBYxUEvKa
mUC6PxTU937kcLNU8+/TxcTPTnD3Xpx8xsdnV6leCfQLdc7HQhZ0PAneSKsEVScl
QZAGwqm8KrAOvH09EMAyITkI/eBm5daaIAQlAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUT6JBsOfx0YF6oGaTIwq0Jnmb8TMwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvVDZKQnNPZngwWUY2
b0dhVEl3cTBKbm1iOFRNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAETEkn13JQAjzMPKRGx3PB8iPjAQ
CTVuaKbd2N8KLlWQXDGaXPXtvGa78sd8x7TVLF+m2r92lEpSOrNKBvaNvONfxXPk
wAHVGyFlI9oi5oiXheF/m11ge7bI9zG06+2ja7BG9/snQeWzWk6WxghxmF1tm6MF
36c8Wt6gBbhLxfpDC69JbxWfpW0N8h61akBWCqFXcRNPEkzKGy40CXK6jmndOcbu
wYx00NZmLrBsDW2NJaZVyw8UZjcIMa8gcr+rJRkQ2bFna0Ui5gq03rGYbJuLk5ys
OfJ6rB3CRzUTg0AvPRfbtOl8t+uoOiEBjLVoEvpNxRqyJ87R0H8q0L8YNt0=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:34:39 2025 by rpki-client