Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/TOwVBIZQ0PKujaZ-5WgD-pYzeMg.roa
File: TOwVBIZQ0PKujaZ-5WgD-pYzeMg.roa (raw, json)
Hash identifier: lMl4VbUDs3U6WIien0y9fqXqsQ147x57ZEVHksGneAQ=
Subject key identifier: 4C:EC:15:04:86:50:D0:F2:AE:8D:A6:7E:E5:68:03:FA:96:33:78:C8
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 229E
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/TOwVBIZQ0PKujaZ-5WgD-pYzeMg.roa
Signing time: Sat 07 Jun 2025 06:08:53 +0000
ROA not before: Sat 07 Jun 2025 06:08:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8862 (0x229e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 7 06:08:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4CEC15048650D0F2AE8DA67EE56803FA963378C8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:4c:f0:4a:a8:07:2d:b5:a0:7b:f8:a6:7d:d3:
ef:e5:90:d2:bc:06:bf:7f:6a:97:1a:45:aa:43:c3:
0e:58:ef:05:aa:54:93:96:af:7d:80:4c:a6:6b:00:
2e:4b:2c:88:33:85:82:e8:e8:e9:59:44:fa:67:1e:
ad:af:aa:ad:95:e0:57:17:39:ec:f2:cd:64:08:41:
82:32:13:eb:2f:00:4a:cb:87:ce:31:23:c5:4d:93:
78:d4:48:30:d5:22:ff:3f:cb:25:ce:92:1e:bf:29:
96:ad:2a:8a:fc:d7:ab:2e:2d:57:f7:ef:cf:e5:77:
5d:bd:6e:a5:ad:77:22:60:4c:4a:4d:40:cf:dd:a1:
f8:b8:db:9a:2f:07:76:45:70:49:d8:73:d5:20:e2:
59:51:6d:0b:b7:5b:a5:c5:d2:5b:e4:3c:d8:e0:bd:
1b:38:8e:6b:97:5c:3d:49:c1:dc:f0:50:9c:e8:0d:
f6:38:e0:5c:78:82:5d:d0:87:ee:bd:d9:f6:f9:d6:
60:d8:01:cb:ec:0e:bb:2b:04:27:a5:0b:43:ee:a2:
47:ac:e7:29:29:c9:1e:09:f1:c6:26:e0:9b:8a:a7:
e2:0d:90:fa:6e:5c:62:34:f6:68:fc:29:a2:6f:69:
3b:9a:67:fe:3c:54:44:f7:59:f3:d7:77:d2:d6:7a:
c2:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:EC:15:04:86:50:D0:F2:AE:8D:A6:7E:E5:68:03:FA:96:33:78:C8
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/TOwVBIZQ0PKujaZ-5WgD-pYzeMg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
8c:91:91:a7:44:34:5d:d5:47:81:5a:63:5c:e7:55:c5:9e:cc:
52:b1:f7:40:30:f0:0c:a5:9c:a2:7e:d4:dd:3e:a8:01:1b:22:
5d:10:46:df:d9:6b:e1:43:19:7a:ae:5a:de:34:08:fd:0c:a1:
4d:11:af:e3:67:57:21:d7:48:9b:41:74:40:5f:fb:2d:37:1a:
56:b0:e9:f2:95:21:ee:0d:ec:9d:b0:fd:95:42:c3:93:0a:f1:
53:d6:18:ab:72:e1:b1:1d:b4:c8:0a:ef:5d:6c:a0:a0:b0:f8:
bd:46:9a:bd:bc:5d:14:e7:a9:48:ac:8e:ed:b9:d7:22:bc:8b:
4d:91:9b:7a:dd:e7:f4:83:b6:6a:bb:52:75:d8:f1:dc:e7:5c:
23:20:dc:40:da:43:3a:8a:84:e6:75:df:d2:db:e7:5b:cd:32:
35:e5:03:85:11:30:e5:71:e7:2b:bb:9f:95:8d:25:04:2d:30:
ec:0f:8c:d7:d6:e0:2c:3e:95:d0:85:f5:fa:bd:b6:ff:44:bb:
cb:28:dc:ae:31:ce:fb:85:07:99:e6:c3:7b:03:a9:da:db:f3:
21:3b:31:af:31:39:a2:68:2d:e3:7a:bf:7a:7a:33:b9:00:1b:
c1:b1:78:27:50:62:86:31:c4:bf:c6:bd:39:37:fa:d8:8b:cf:
3c:d4:36:a8
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIp4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDcw
NjA4NTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDRDRUMxNTA0ODY1MEQw
RjJBRThEQTY3RUU1NjgwM0ZBOTYzMzc4QzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDfTPBKqActtaB7+KZ90+/lkNK8Br9/apcaRapDww5Y7wWqVJOW
r32ATKZrAC5LLIgzhYLo6OlZRPpnHq2vqq2V4FcXOezyzWQIQYIyE+svAErLh84x
I8VNk3jUSDDVIv8/yyXOkh6/KZatKor816suLVf378/ld129bqWtdyJgTEpNQM/d
ofi425ovB3ZFcEnYc9Ug4llRbQu3W6XF0lvkPNjgvRs4jmuXXD1JwdzwUJzoDfY4
4Fx4gl3Qh+692fb51mDYAcvsDrsrBCelC0Puokes5ykpyR4J8cYm4JuKp+INkPpu
XGI09mj8KaJvaTuaZ/48VET3WfPXd9LWesJxAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUTOwVBIZQ0PKujaZ+5WgD+pYzeMgwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvVE93VkJJWlEwUEt1
amFaLTVXZ0QtcFl6ZU1nLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAIyRkadENF3VR4FaY1znVcWezFKx
90Aw8AylnKJ+1N0+qAEbIl0QRt/Za+FDGXquWt40CP0MoU0Rr+NnVyHXSJtBdEBf
+y03Glaw6fKVIe4N7J2w/ZVCw5MK8VPWGKty4bEdtMgK711soKCw+L1Gmr28XRTn
qUisju251yK8i02Rm3rd5/SDtmq7UnXY8dznXCMg3EDaQzqKhOZ139Lb51vNMjXl
A4URMOVx5yu7n5WNJQQtMOwPjNfW4Cw+ldCF9fq9tv9Eu8so3K4xzvuFB5nmw3sD
qdrb8yE7Ma8xOaJoLeN6v3p6M7kAG8GxeCdQYoYxxL/GvTk3+tiLzzzUNqg=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:20:28 2025 by rpki-client