Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/V8HmV-jfvjXTf48uQv7Tuw4w2z4.roa
File: V8HmV-jfvjXTf48uQv7Tuw4w2z4.roa (raw, json)
Hash identifier: fEuQn0ql5gYRUm2IVTtRhvO13sg/DAOlR+BlNYjhnIo=
Subject key identifier: 57:C1:E6:57:E8:DF:BE:35:D3:7F:8F:2E:42:FE:D3:BB:0E:30:DB:3E
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 20EB
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/V8HmV-jfvjXTf48uQv7Tuw4w2z4.roa
Signing time: Wed 04 Jun 2025 05:38:44 +0000
ROA not before: Wed 04 Jun 2025 05:38:44 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8427 (0x20eb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 4 05:38:44 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=57C1E657E8DFBE35D37F8F2E42FED3BB0E30DB3E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:7b:a5:53:28:90:05:ba:93:9d:86:3a:a0:90:
4c:41:41:21:97:8e:ce:91:95:74:66:f9:08:c9:e9:
c3:f0:55:85:f5:84:26:d7:ac:5d:cb:3f:bd:fd:ef:
2f:4c:2b:e0:b0:a3:29:c2:f0:ac:b1:3e:12:ea:31:
05:b2:c3:18:cc:52:36:24:4d:67:a7:5a:ef:2c:47:
ba:f5:7a:60:4a:5b:fc:71:2a:c4:7e:dd:01:fd:89:
06:19:60:8f:a1:37:8f:11:0a:77:da:48:ae:39:83:
02:10:5e:2d:ea:c8:6c:9e:4c:ff:2c:80:95:66:47:
35:8a:de:be:35:ac:9c:4c:5e:b6:63:9c:26:36:ba:
55:6f:c8:37:cd:be:9a:4f:47:61:a7:68:9d:83:ef:
1e:89:f1:00:e3:8f:7a:2c:90:86:dd:0a:ea:de:78:
3f:a9:bf:75:99:bd:f0:2a:34:3f:ad:a8:46:b0:af:
db:25:b8:69:2f:24:40:94:e8:9f:6c:96:7f:77:71:
8d:30:e4:26:ea:43:60:a9:d7:a8:31:07:28:7f:68:
bd:e3:36:83:cd:b9:ff:e1:99:37:28:22:7b:94:6d:
04:65:d5:7c:64:f4:a0:90:cd:0d:72:c3:5a:b9:16:
4d:13:2d:2c:66:40:94:ed:76:0b:a2:7e:d0:fc:21:
95:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:C1:E6:57:E8:DF:BE:35:D3:7F:8F:2E:42:FE:D3:BB:0E:30:DB:3E
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/V8HmV-jfvjXTf48uQv7Tuw4w2z4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
4f:8b:cd:7a:a4:b1:1b:87:e7:85:79:d8:d0:13:e9:2c:97:f3:
ef:f4:f5:92:6e:41:a5:f3:fd:71:ab:01:19:34:20:f9:d1:9a:
7f:9b:f1:58:c2:a4:0a:b5:f3:f2:46:85:2b:40:29:01:1d:df:
76:3a:55:f1:e6:a1:0f:85:d7:48:12:56:6b:26:dd:bc:e4:31:
6e:f6:c2:3e:2d:1d:6e:b0:c7:3b:d1:71:e8:d7:6a:3a:70:14:
ce:91:1f:92:ce:f8:0f:92:38:03:f6:2c:a9:71:3d:12:7b:5a:
06:6b:10:17:65:c2:f3:61:d1:6f:4d:d4:db:f0:30:52:e1:06:
16:32:36:0d:4b:c2:6a:0c:59:b0:6b:f5:c0:67:46:ca:c6:2f:
4e:e8:e5:ea:e5:26:94:66:f8:52:0e:ae:50:32:07:98:97:4e:
01:57:ea:85:5b:85:4a:55:17:a4:9a:1f:fb:9a:b8:66:0d:33:
1a:88:00:27:47:6c:25:46:b0:ef:33:f2:2c:91:d4:07:51:8e:
a6:fa:e2:5a:af:cc:82:17:64:36:28:74:16:eb:fd:a6:1a:64:
4e:b0:d5:22:e3:07:a1:10:b1:7a:e4:c8:8b:43:b7:b4:2b:bf:
36:99:85:4a:66:87:5b:d6:7f:b7:fd:12:ff:74:43:9e:2a:f8:
cc:4a:43:a4
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIOswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDQw
NTM4NDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDU3QzFFNjU3RThERkJF
MzVEMzdGOEYyRTQyRkVEM0JCMEUzMERCM0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDe6VTKJAFupOdhjqgkExBQSGXjs6RlXRm+QjJ6cPwVYX1hCbX
rF3LP7397y9MK+CwoynC8KyxPhLqMQWywxjMUjYkTWenWu8sR7r1emBKW/xxKsR+
3QH9iQYZYI+hN48RCnfaSK45gwIQXi3qyGyeTP8sgJVmRzWK3r41rJxMXrZjnCY2
ulVvyDfNvppPR2GnaJ2D7x6J8QDjj3oskIbdCureeD+pv3WZvfAqND+tqEawr9sl
uGkvJECU6J9sln93cY0w5CbqQ2Cp16gxByh/aL3jNoPNuf/hmTcoInuUbQRl1Xxk
9KCQzQ1yw1q5Fk0TLSxmQJTtdguiftD8IZVhAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUV8HmV+jfvjXTf48uQv7Tuw4w2z4wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvVjhIbVYtamZ2alhU
ZjQ4dVF2N1R1dzR3Mno0LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAE+LzXqksRuH54V52NAT6SyX8+/0
9ZJuQaXz/XGrARk0IPnRmn+b8VjCpAq18/JGhStAKQEd33Y6VfHmoQ+F10gSVmsm
3bzkMW72wj4tHW6wxzvRcejXajpwFM6RH5LO+A+SOAP2LKlxPRJ7WgZrEBdlwvNh
0W9N1NvwMFLhBhYyNg1LwmoMWbBr9cBnRsrGL07o5erlJpRm+FIOrlAyB5iXTgFX
6oVbhUpVF6SaH/uauGYNMxqIACdHbCVGsO8z8iyR1AdRjqb64lqvzIIXZDYodBbr
/aYaZE6w1SLjB6EQsXrkyItDt7QrvzaZhUpmh1vWf7f9Ev90Q54q+MxKQ6Q=
-----END CERTIFICATE-----
Generated at Sat Jun 21 22:23:25 2025 by rpki-client