Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/TTqfJJBpMh9eglY-5OtOEQ3kgss.roa
File: TTqfJJBpMh9eglY-5OtOEQ3kgss.roa (raw, json)
Hash identifier: mMKRT44TL++5gI+ymAYGqLyglxBG7nMUphGxYbanVt4=
Subject key identifier: 4D:3A:9F:24:90:69:32:1F:5E:82:56:3E:E4:EB:4E:11:0D:E4:82:CB
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 256A
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/TTqfJJBpMh9eglY-5OtOEQ3kgss.roa
Signing time: Thu 12 Jun 2025 05:39:14 +0000
ROA not before: Thu 12 Jun 2025 05:39:14 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9578 (0x256a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 05:39:14 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4D3A9F249069321F5E82563EE4EB4E110DE482CB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:64:e3:c3:c1:3f:85:1b:38:37:63:d1:ec:0d:
99:e9:52:98:78:a8:58:6d:f5:45:cd:e5:64:6d:d1:
a2:a1:ee:59:e0:d7:ba:39:78:84:ca:63:2e:99:8b:
db:d3:44:d3:6c:fe:c2:61:7f:ed:26:83:32:77:01:
2f:1b:7a:fa:94:85:dc:5e:75:7d:3b:99:3f:08:32:
d1:3d:a1:e8:0a:78:78:0d:84:9e:21:f3:66:c6:4b:
e2:3b:69:6c:df:2e:ba:01:4d:28:14:9e:6f:c1:a2:
3c:ca:5e:1b:fc:45:61:6e:1a:67:11:41:08:15:74:
16:e3:d5:aa:5d:fa:24:8c:d3:de:01:4f:ac:26:90:
16:c1:bb:f6:db:3d:6a:e2:1a:90:63:56:76:ac:20:
81:22:64:a9:64:98:da:e6:70:ca:8b:6b:e0:c0:90:
92:45:6a:9c:4b:66:f9:96:ce:39:d7:11:39:00:7a:
6c:6f:31:d9:bf:45:18:bd:c0:16:e9:d1:76:9a:ba:
b4:4e:f3:9c:f3:b3:49:97:12:16:84:28:e1:e4:e7:
65:45:7f:6f:9b:25:e5:fb:d3:42:40:78:24:65:35:
96:00:cf:95:19:f8:d7:5c:f2:13:04:ae:ec:26:4a:
5d:35:1e:cd:60:65:6c:20:99:7d:df:f4:bd:04:67:
b8:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:3A:9F:24:90:69:32:1F:5E:82:56:3E:E4:EB:4E:11:0D:E4:82:CB
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/TTqfJJBpMh9eglY-5OtOEQ3kgss.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
42:7e:12:43:7a:b0:4f:71:44:d4:bf:fb:10:d4:4e:7f:bb:ce:
4b:f1:b8:23:71:70:32:3a:25:7a:53:29:7c:6d:6f:37:2a:24:
a9:c6:74:da:aa:38:eb:e5:2d:3e:18:aa:3d:f4:77:34:de:2f:
43:8f:ef:e0:27:dc:ec:57:ed:b6:f3:d9:52:e7:c0:9d:0c:2f:
e4:f3:3f:58:1e:fc:3e:2a:80:57:e9:ab:d3:82:f3:60:5f:4d:
4d:d7:2b:26:5d:66:39:aa:a2:fd:dd:99:b8:8a:d1:d8:c8:66:
0c:05:98:f0:c9:d9:30:39:6e:bd:67:28:c3:32:72:ad:3d:d1:
18:58:cc:f2:03:9d:6a:e3:98:7c:8d:da:ef:9a:2f:97:73:24:
46:c5:3b:40:21:12:53:ee:95:f2:bc:ca:4b:69:c1:c3:30:f7:
30:4c:42:5d:b9:d5:42:ed:0f:3d:59:94:8e:69:a7:64:8e:48:
8e:a4:be:97:84:65:3d:12:64:59:82:2b:b5:08:80:b2:ea:df:
bb:e2:fe:88:89:b8:6c:48:e3:1a:7a:d3:92:e9:a8:a2:a8:d0:
dd:d8:44:1e:ff:8b:c5:2a:78:c2:49:69:95:bc:05:07:c2:d4:
80:f6:55:72:38:be:bd:6f:4e:67:ec:4b:1c:fd:7c:48:e9:79:
2c:c0:c7:5c
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJWowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIw
NTM5MTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDREM0E5RjI0OTA2OTMy
MUY1RTgyNTYzRUU0RUI0RTExMERFNDgyQ0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0ZOPDwT+FGzg3Y9HsDZnpUph4qFht9UXN5WRt0aKh7lng17o5
eITKYy6Zi9vTRNNs/sJhf+0mgzJ3AS8bevqUhdxedX07mT8IMtE9oegKeHgNhJ4h
82bGS+I7aWzfLroBTSgUnm/BojzKXhv8RWFuGmcRQQgVdBbj1apd+iSM094BT6wm
kBbBu/bbPWriGpBjVnasIIEiZKlkmNrmcMqLa+DAkJJFapxLZvmWzjnXETkAemxv
Mdm/RRi9wBbp0XaaurRO85zzs0mXEhaEKOHk52VFf2+bJeX700JAeCRlNZYAz5UZ
+Ndc8hMEruwmSl01Hs1gZWwgmX3f9L0EZ7jrAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUTTqfJJBpMh9eglY+5OtOEQ3kgsswHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvVFRxZkpKQnBNaDll
Z2xZLTVPdE9FUTNrZ3NzLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAEJ+EkN6sE9xRNS/+xDUTn+7zkvx
uCNxcDI6JXpTKXxtbzcqJKnGdNqqOOvlLT4Yqj30dzTeL0OP7+An3OxX7bbz2VLn
wJ0ML+TzP1ge/D4qgFfpq9OC82BfTU3XKyZdZjmqov3dmbiK0djIZgwFmPDJ2TA5
br1nKMMycq090RhYzPIDnWrjmHyN2u+aL5dzJEbFO0AhElPulfK8yktpwcMw9zBM
Ql251ULtDz1ZlI5pp2SOSI6kvpeEZT0SZFmCK7UIgLLq37vi/oiJuGxI4xp605Lp
qKKo0N3YRB7/i8UqeMJJaZW8BQfC1ID2VXI4vr1vTmfsSxz9fEjpeSzAx1w=
-----END CERTIFICATE-----
Generated at Sun Jun 22 21:11:05 2025 by rpki-client