Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Tm4JTbjkWjiUgE6Gxzoi3R33Zvg.roa
File: Tm4JTbjkWjiUgE6Gxzoi3R33Zvg.roa (raw, json)
Hash identifier: 0jwWWY+oLWsBRzGddy6vufcMeLY5AQMQZYHFO7MM5IY=
Subject key identifier: 4E:6E:09:4D:B8:E4:5A:38:94:80:4E:86:C7:3A:22:DD:1D:F7:66:F8
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 25AF
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Tm4JTbjkWjiUgE6Gxzoi3R33Zvg.roa
Signing time: Thu 12 Jun 2025 17:09:13 +0000
ROA not before: Thu 12 Jun 2025 17:09:13 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9647 (0x25af)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 17:09:13 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=4E6E094DB8E45A3894804E86C73A22DD1DF766F8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:f9:8a:ea:86:4c:4f:ab:54:1d:c6:c5:c9:a5:
19:5f:12:d0:62:a5:5f:84:61:d8:af:9c:c1:a5:77:
c3:59:9c:61:2c:35:4c:4c:98:90:34:02:ae:a7:26:
4d:8b:53:b8:2c:72:38:22:2f:dc:fa:e4:0a:e6:f2:
08:f8:2e:9c:3d:93:5c:35:79:cb:81:15:1b:20:74:
83:64:40:7b:4e:b9:d4:91:0f:56:df:85:1d:2e:c4:
bd:43:60:ff:07:95:2a:5c:b8:41:44:06:15:70:6e:
a1:63:6f:8a:72:b1:56:fd:01:80:80:a5:9f:f5:65:
5f:cb:34:0c:e7:49:9b:24:5a:06:50:c9:d9:b4:3f:
ef:7c:c7:c3:f7:e7:77:b3:54:e4:2f:ac:36:2f:a2:
60:38:84:c2:5b:76:f2:68:15:4f:c1:9b:b7:1c:5d:
a6:33:5a:12:b7:c9:4c:2c:72:76:51:13:88:4b:77:
d6:a3:7a:c7:21:ce:db:7b:83:32:3a:0a:d9:b7:49:
7f:01:8a:c0:6b:a4:f3:e3:5c:bc:0f:71:05:57:07:
16:b6:45:50:9d:67:4a:44:b0:c5:b6:a9:46:0f:cd:
5f:47:61:21:7f:64:c1:1b:0e:14:05:dc:16:99:a4:
0f:87:9c:5b:5b:fd:2a:cb:8b:7c:73:97:46:dc:4e:
0c:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:6E:09:4D:B8:E4:5A:38:94:80:4E:86:C7:3A:22:DD:1D:F7:66:F8
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Tm4JTbjkWjiUgE6Gxzoi3R33Zvg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
02:df:c6:d5:a5:c5:30:55:d8:8b:61:2e:42:3b:ab:9f:60:c1:
d6:4b:21:09:35:b4:5a:77:0e:b6:12:45:28:06:d7:7a:56:f8:
dd:05:00:a4:ea:82:e5:38:87:5f:dd:d8:57:02:a1:ca:6c:3b:
af:41:55:32:68:64:8a:2b:47:e2:fc:82:f0:0a:d8:84:82:17:
45:0a:f4:85:e8:55:ce:21:c5:76:f9:3f:81:18:03:0f:f4:c2:
c8:9c:82:30:05:78:c6:6b:cb:54:21:58:5f:aa:ca:52:8f:5c:
59:a1:5f:20:64:10:80:0f:c3:0a:3f:cb:c9:24:9c:2e:c6:49:
72:e4:07:1c:a3:e5:cf:4b:81:84:44:62:a8:42:72:0f:ec:5f:
81:c0:bc:e3:dd:63:30:be:7a:df:b1:95:4c:98:bc:29:19:3c:
03:66:5e:3a:0b:27:2c:29:1e:a1:0f:6a:d0:c0:4e:7d:b8:da:
10:ed:6e:06:2b:f2:c1:65:ac:95:e7:25:f6:c4:f6:91:d9:87:
22:8c:51:1c:79:a5:83:01:44:db:f6:e6:a2:23:60:c8:06:fa:
52:82:e2:d2:b6:9b:b1:4b:e2:0d:3d:09:82:3e:c5:2d:9a:ae:
81:cd:f4:5f:8b:60:a0:7b:5d:9e:4b:2f:b5:dc:12:38:cc:dc:
44:25:65:37
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJa8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIx
NzA5MTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDRFNkUwOTREQjhFNDVB
Mzg5NDgwNEU4NkM3M0EyMkREMURGNzY2RjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCY+YrqhkxPq1QdxsXJpRlfEtBipV+EYdivnMGld8NZnGEsNUxM
mJA0Aq6nJk2LU7gscjgiL9z65Arm8gj4Lpw9k1w1ecuBFRsgdINkQHtOudSRD1bf
hR0uxL1DYP8HlSpcuEFEBhVwbqFjb4pysVb9AYCApZ/1ZV/LNAznSZskWgZQydm0
P+98x8P353ezVOQvrDYvomA4hMJbdvJoFU/Bm7ccXaYzWhK3yUwscnZRE4hLd9aj
eschztt7gzI6Ctm3SX8BisBrpPPjXLwPcQVXBxa2RVCdZ0pEsMW2qUYPzV9HYSF/
ZMEbDhQF3BaZpA+HnFtb/SrLi3xzl0bcTgzVAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUTm4JTbjkWjiUgE6Gxzoi3R33ZvgwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvVG00SlRiamtXamlV
Z0U2R3h6b2kzUjMzWnZnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAALfxtWlxTBV2IthLkI7q59gwdZL
IQk1tFp3DrYSRSgG13pW+N0FAKTqguU4h1/d2FcCocpsO69BVTJoZIorR+L8gvAK
2ISCF0UK9IXoVc4hxXb5P4EYAw/0wsicgjAFeMZry1QhWF+qylKPXFmhXyBkEIAP
wwo/y8kknC7GSXLkBxyj5c9LgYREYqhCcg/sX4HAvOPdYzC+et+xlUyYvCkZPANm
XjoLJywpHqEPatDATn242hDtbgYr8sFlrJXnJfbE9pHZhyKMURx5pYMBRNv25qIj
YMgG+lKC4tK2m7FL4g09CYI+xS2aroHN9F+LYKB7XZ5LL7XcEjjM3EQlZTc=
-----END CERTIFICATE-----
Generated at Sat Jun 21 20:27:58 2025 by rpki-client