Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/UjxiUdKG7epmZS1315e4RGGX0k0.roa
File: UjxiUdKG7epmZS1315e4RGGX0k0.roa (raw, json)
Hash identifier: yHnA0FVnSYrFliFhwJf4pQcaet7Y99I22Z4KZX9xJ3c=
Subject key identifier: 52:3C:62:51:D2:86:ED:EA:66:65:2D:77:D7:97:B8:44:61:97:D2:4D
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1F0E
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/UjxiUdKG7epmZS1315e4RGGX0k0.roa
Signing time: Sat 31 May 2025 22:08:32 +0000
ROA not before: Sat 31 May 2025 22:08:32 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7950 (0x1f0e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 31 22:08:32 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=523C6251D286EDEA66652D77D797B8446197D24D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:70:44:23:69:17:c3:a6:f0:5b:bc:0d:fa:98:
8a:a8:82:91:c0:07:07:f1:50:61:6a:2d:51:be:7e:
87:43:69:70:90:41:15:aa:0b:16:48:3d:1e:ff:8b:
5e:bf:f6:4a:41:32:69:af:35:62:b7:3f:4b:66:a2:
ee:93:f0:a0:3b:93:e0:a0:95:cb:73:ec:da:43:9b:
55:df:f5:58:ea:2c:66:13:db:9c:14:d9:18:5d:3f:
a8:5f:21:8d:55:4a:28:8f:1d:c5:df:6c:3d:a8:6c:
2f:ad:32:0b:c4:f5:2d:1a:96:dc:88:78:27:4c:2a:
20:d7:ad:95:17:91:56:4e:ed:39:e3:19:0f:2e:e7:
f2:1c:88:6e:33:53:c8:eb:01:d6:99:68:18:7c:4e:
75:9c:09:c9:1a:12:0c:8b:d6:43:14:80:a4:b7:cd:
b7:fa:3d:37:5c:ba:1a:93:03:b3:9b:6a:a5:65:78:
af:2f:4f:24:22:3b:63:4c:23:31:1d:53:bb:a3:68:
ef:85:d8:5e:39:d5:2c:c8:44:c0:04:50:32:37:31:
c6:b4:4e:72:a8:43:ec:be:50:86:4c:ba:f8:2e:7c:
1e:73:f7:ef:bd:79:7b:16:a9:54:6e:d7:5c:ed:45:
f7:b5:2c:25:fe:35:a9:2d:50:7f:77:98:4c:81:96:
9f:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:3C:62:51:D2:86:ED:EA:66:65:2D:77:D7:97:B8:44:61:97:D2:4D
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/UjxiUdKG7epmZS1315e4RGGX0k0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
19:80:0e:44:4d:44:1c:f9:34:8a:ab:49:b4:86:00:5b:25:35:
17:83:0d:a0:f5:c2:c1:7e:5b:45:64:80:86:b8:7a:f0:b0:e2:
4f:9d:08:28:1b:7c:fb:78:12:9d:fb:0e:d8:c7:58:e8:f2:2e:
a1:21:5a:1b:50:86:1d:73:dc:52:3e:cf:74:fd:77:96:b4:a5:
db:f5:94:96:44:c0:c3:a4:8a:86:a6:12:53:de:89:66:f8:ad:
2d:f1:2a:1b:3f:de:64:94:a4:aa:80:c3:b8:1d:b5:9c:c6:56:
38:13:21:fb:99:f6:b7:8f:be:3c:61:22:85:eb:81:b0:0b:f1:
ba:a6:ac:ef:7a:7f:49:c2:93:12:ce:8e:0b:24:6d:2e:86:bb:
65:87:b9:21:66:57:a2:45:45:c0:c5:8b:2d:b4:15:e2:38:86:
22:30:72:88:af:d4:32:25:09:c4:23:9a:07:39:b2:67:ad:9c:
c6:ff:46:40:33:eb:cb:7f:63:18:05:45:85:99:98:96:0b:91:
b6:9d:2e:0b:a4:31:3a:43:de:3b:cc:8c:8b:8a:bc:dc:89:ea:
e8:a3:48:48:4a:da:6f:1f:b6:7b:d2:64:23:aa:d4:dc:34:a8:
3c:01:09:21:10:d6:5e:9b:b5:4c:69:f0:7a:bf:41:a6:63:5a:
df:5a:c5:03
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHw4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MzEy
MjA4MzJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDUyM0M2MjUxRDI4NkVE
RUE2NjY1MkQ3N0Q3OTdCODQ0NjE5N0QyNEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwcEQjaRfDpvBbvA36mIqogpHABwfxUGFqLVG+fodDaXCQQRWq
CxZIPR7/i16/9kpBMmmvNWK3P0tmou6T8KA7k+Cglctz7NpDm1Xf9VjqLGYT25wU
2RhdP6hfIY1VSiiPHcXfbD2obC+tMgvE9S0altyIeCdMKiDXrZUXkVZO7TnjGQ8u
5/IciG4zU8jrAdaZaBh8TnWcCckaEgyL1kMUgKS3zbf6PTdcuhqTA7ObaqVleK8v
TyQiO2NMIzEdU7ujaO+F2F451SzIRMAEUDI3Mca0TnKoQ+y+UIZMuvgufB5z9++9
eXsWqVRu11ztRfe1LCX+NaktUH93mEyBlp/FAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUUjxiUdKG7epmZS1315e4RGGX0k0wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvVWp4aVVkS0c3ZXBt
WlMxMzE1ZTRSR0dYMGswLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABmADkRNRBz5NIqrSbSGAFslNReD
DaD1wsF+W0VkgIa4evCw4k+dCCgbfPt4Ep37DtjHWOjyLqEhWhtQhh1z3FI+z3T9
d5a0pdv1lJZEwMOkioamElPeiWb4rS3xKhs/3mSUpKqAw7gdtZzGVjgTIfuZ9reP
vjxhIoXrgbAL8bqmrO96f0nCkxLOjgskbS6Gu2WHuSFmV6JFRcDFiy20FeI4hiIw
coiv1DIlCcQjmgc5smetnMb/RkAz68t/YxgFRYWZmJYLkbadLgukMTpD3jvMjIuK
vNyJ6uijSEhK2m8ftnvSZCOq1Nw0qDwBCSEQ1l6btUxp8Hq/QaZjWt9axQM=
-----END CERTIFICATE-----
Generated at Fri Jun 20 16:29:27 2025 by rpki-client