Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/TBVSQlQl1HOjbuSha9KgIa6CRA4.roa
File: TBVSQlQl1HOjbuSha9KgIa6CRA4.roa (raw, json)
Hash identifier: SfOVUWYt4gZ7g7+ND/fC7F9Lwz0sbRAL/8dbq1M1+cI=
Subject key identifier: 4C:15:52:42:54:25:D4:73:A3:6E:E4:A1:6B:D2:A0:21:AE:82:44:0E
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 210F
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/TBVSQlQl1HOjbuSha9KgIa6CRA4.roa
Signing time: Wed 04 Jun 2025 11:38:42 +0000
ROA not before: Wed 04 Jun 2025 11:38:42 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8463 (0x210f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 4 11:38:42 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4C1552425425D473A36EE4A16BD2A021AE82440E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:96:e4:e2:e3:d7:92:d0:e2:18:1f:35:02:c0:
62:08:1f:8e:70:17:2c:db:09:90:99:e7:52:9c:88:
62:82:90:92:84:c7:65:5a:f4:68:97:b1:cb:38:29:
14:9b:81:df:d1:db:4f:84:8e:47:7a:ab:66:1b:d0:
fa:8d:92:2f:30:0c:f5:bb:85:47:ea:71:25:94:c8:
ff:39:bf:f2:19:4c:64:7b:67:a3:d4:fd:93:5e:79:
f5:18:9d:5c:61:13:40:cb:12:a9:45:7c:78:7f:1e:
1d:b7:fe:83:4d:aa:d3:d8:3d:5f:f5:58:70:b8:43:
1f:8c:c2:c1:ba:16:9e:f3:e2:6f:ac:e8:57:bb:4a:
b9:d9:dc:66:c5:93:5c:41:b6:68:ba:ca:0f:71:77:
a9:35:ef:fe:a9:c4:3e:24:81:8d:0f:72:7d:08:44:
bb:3c:3d:5b:b3:95:7a:db:bc:47:9f:0e:42:d6:45:
2a:18:01:ce:a7:97:08:dd:9a:4d:3c:b0:3c:04:c1:
16:ea:02:68:85:69:f6:17:76:02:b2:aa:50:ff:99:
c6:88:40:28:ce:14:28:2b:a5:a7:45:33:d0:54:dd:
8c:eb:e2:6c:1a:75:87:2b:80:ae:db:3d:44:cc:90:
c5:72:ee:4d:51:46:ce:f0:f4:1a:e6:6f:d5:a2:05:
dd:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:15:52:42:54:25:D4:73:A3:6E:E4:A1:6B:D2:A0:21:AE:82:44:0E
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/TBVSQlQl1HOjbuSha9KgIa6CRA4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
4f:c8:f6:6c:9f:3e:c9:c3:0a:81:24:d0:1d:1b:d3:b4:79:48:
72:a5:83:cc:31:ca:0f:a4:ca:24:4f:c5:84:33:46:e0:72:15:
e7:a6:db:1d:34:84:fa:7d:ae:9f:66:ba:78:47:43:43:d8:9d:
26:a7:77:5a:2f:d1:38:0f:a6:69:5b:66:6c:bb:16:6a:60:ca:
43:af:91:20:36:8d:1c:16:a4:ef:b1:b0:17:b5:0b:88:d2:8f:
cc:b1:bc:c9:7d:fd:7a:85:c3:b0:2d:41:0f:5b:f5:65:28:b3:
01:f7:3c:8f:41:24:24:db:4d:ec:74:00:9a:3a:57:59:98:5b:
a6:c3:85:45:8d:88:56:37:e3:80:bc:cb:14:81:de:d7:26:e2:
4e:12:cf:df:4b:74:f4:ee:1e:eb:5b:55:4e:21:aa:d7:50:42:
0c:7e:8c:c7:35:43:90:29:8f:de:db:ea:1c:93:44:b0:a0:c7:
4b:6b:8d:ca:e4:98:8d:d2:a3:c8:8d:4b:04:3b:ca:f1:cc:1b:
1a:9f:42:82:71:4d:55:9f:da:08:0d:36:a9:e4:6b:08:b5:64:
e7:86:61:1e:fa:1b:3c:f1:95:fd:87:65:db:1d:9a:47:27:c0:
03:4a:33:61:e2:6c:1f:50:43:0a:40:c3:50:78:8f:2e:86:b4:
e0:bd:d6:8e
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIQ8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDQx
MTM4NDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDRDMTU1MjQyNTQyNUQ0
NzNBMzZFRTRBMTZCRDJBMDIxQUU4MjQ0MEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYluTi49eS0OIYHzUCwGIIH45wFyzbCZCZ51KciGKCkJKEx2Va
9GiXscs4KRSbgd/R20+Ejkd6q2Yb0PqNki8wDPW7hUfqcSWUyP85v/IZTGR7Z6PU
/ZNeefUYnVxhE0DLEqlFfHh/Hh23/oNNqtPYPV/1WHC4Qx+MwsG6Fp7z4m+s6Fe7
SrnZ3GbFk1xBtmi6yg9xd6k17/6pxD4kgY0Pcn0IRLs8PVuzlXrbvEefDkLWRSoY
Ac6nlwjdmk08sDwEwRbqAmiFafYXdgKyqlD/mcaIQCjOFCgrpadFM9BU3Yzr4mwa
dYcrgK7bPUTMkMVy7k1RRs7w9Brmb9WiBd2DAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUTBVSQlQl1HOjbuSha9KgIa6CRA4wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvVEJWU1FsUWwxSE9q
YnVTaGE5S2dJYTZDUkE0LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAE/I9myfPsnDCoEk0B0b07R5SHKl
g8wxyg+kyiRPxYQzRuByFeem2x00hPp9rp9munhHQ0PYnSand1ov0TgPpmlbZmy7
FmpgykOvkSA2jRwWpO+xsBe1C4jSj8yxvMl9/XqFw7AtQQ9b9WUoswH3PI9BJCTb
Tex0AJo6V1mYW6bDhUWNiFY344C8yxSB3tcm4k4Sz99LdPTuHutbVU4hqtdQQgx+
jMc1Q5Apj97b6hyTRLCgx0trjcrkmI3So8iNSwQ7yvHMGxqfQoJxTVWf2ggNNqnk
awi1ZOeGYR76Gzzxlf2HZdsdmkcnwANKM2HibB9QQwpAw1B4jy6GtOC91o4=
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:09:28 2025 by rpki-client