Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/VM-kXmpDt7eVkQ-gnwp9wYhZ9M4.roa
File: VM-kXmpDt7eVkQ-gnwp9wYhZ9M4.roa (raw, json)
Hash identifier: SWjgNzXfoYT+lar4Xp3OGXiVPAsvzgV+0CkJZPW4xIE=
Subject key identifier: 54:CF:A4:5E:6A:43:B7:B7:95:91:0F:A0:9F:0A:7D:C1:88:59:F4:CE
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 25AA
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/VM-kXmpDt7eVkQ-gnwp9wYhZ9M4.roa
Signing time: Thu 12 Jun 2025 16:09:16 +0000
ROA not before: Thu 12 Jun 2025 16:09:16 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9642 (0x25aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 16:09:16 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=54CFA45E6A43B7B795910FA09F0A7DC18859F4CE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:8b:a8:15:1d:99:5b:4f:8a:94:03:97:34:8e:
2f:37:8d:e1:23:79:85:a3:83:21:3b:8f:92:45:f1:
8b:78:89:13:07:8a:ac:fc:2d:2c:43:11:88:f2:18:
dc:e7:3f:84:0e:c1:44:fb:12:bf:92:ae:fb:6a:08:
60:15:e7:36:30:72:25:a6:74:53:57:57:49:b9:83:
15:f6:80:0b:db:8c:d9:c5:d8:cc:1c:6a:50:d9:8e:
86:65:86:a5:66:1c:aa:ad:07:77:7b:71:e2:f4:b2:
d2:a0:77:7f:10:34:a0:3b:cc:ab:89:d1:7d:6f:95:
b8:6a:69:27:50:98:4e:b5:fb:a3:f7:f0:0a:c4:ef:
41:1d:67:43:0c:ae:7e:00:c8:82:63:7b:e7:66:ea:
e2:4b:a4:8f:3c:a5:dc:72:0d:c4:20:f9:41:2b:3d:
a7:1e:22:2f:0b:82:51:8e:2b:79:54:a6:d2:94:d8:
bb:9f:a3:d4:b3:92:73:60:52:5b:a7:a6:46:4f:ad:
5b:70:72:00:03:6b:57:46:53:67:f9:41:7e:3e:03:
f9:fd:61:cd:61:66:9e:aa:6e:a0:3e:4d:86:8b:e9:
25:42:5f:59:5c:8d:3f:e9:b5:df:b4:fc:65:fd:3e:
56:0e:d7:01:c3:7a:6e:e1:5f:6c:28:45:ce:67:2c:
00:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:CF:A4:5E:6A:43:B7:B7:95:91:0F:A0:9F:0A:7D:C1:88:59:F4:CE
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/VM-kXmpDt7eVkQ-gnwp9wYhZ9M4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
77:a6:8e:c2:ef:d6:f8:c5:5a:6e:3a:0b:72:85:01:0b:88:99:
86:77:69:a0:00:d6:94:c6:7c:47:d3:d9:6f:00:f0:ba:40:eb:
ef:78:de:da:1a:30:c9:8b:93:2f:6e:d5:b8:18:87:00:75:dc:
1b:c7:9b:1b:e3:c0:99:a4:93:7f:a6:33:0f:5a:02:3e:a9:e2:
97:c0:34:3a:64:66:76:5e:f6:fe:d9:20:45:01:e7:09:b1:79:
cb:3c:45:2a:9c:d2:eb:36:35:94:2a:72:62:4a:19:6a:75:a8:
b2:82:d3:58:74:5f:c0:7a:9a:d1:00:ab:b1:6f:0c:9a:fb:14:
63:57:d9:0d:49:d9:17:d0:e3:ed:0f:ca:fe:71:57:e1:98:24:
28:9d:e0:1f:38:dc:6c:f5:89:44:d3:b4:a1:06:ba:2f:f7:83:
2f:59:89:ec:4c:37:6b:c6:0e:47:50:74:ae:c7:62:78:f7:8d:
c7:78:44:d4:5b:c0:6f:ce:19:28:6a:6c:87:26:e1:73:89:3f:
74:6b:2b:52:c2:80:d6:86:c7:ee:a2:d1:d7:ed:ce:f3:6c:5f:
ff:e6:05:c1:c1:f2:25:89:85:48:96:01:35:f7:d3:ce:25:23:
6c:b0:a1:cc:96:63:5d:c0:07:a3:9b:8e:30:5d:f4:ef:62:17:
69:d3:fb:67
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJaowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIx
NjA5MTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDU0Q0ZBNDVFNkE0M0I3
Qjc5NTkxMEZBMDlGMEE3REMxODg1OUY0Q0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDai6gVHZlbT4qUA5c0ji83jeEjeYWjgyE7j5JF8Yt4iRMHiqz8
LSxDEYjyGNznP4QOwUT7Er+SrvtqCGAV5zYwciWmdFNXV0m5gxX2gAvbjNnF2Mwc
alDZjoZlhqVmHKqtB3d7ceL0stKgd38QNKA7zKuJ0X1vlbhqaSdQmE61+6P38ArE
70EdZ0MMrn4AyIJje+dm6uJLpI88pdxyDcQg+UErPaceIi8LglGOK3lUptKU2Luf
o9SzknNgUlunpkZPrVtwcgADa1dGU2f5QX4+A/n9Yc1hZp6qbqA+TYaL6SVCX1lc
jT/ptd+0/GX9PlYO1wHDem7hX2woRc5nLAB3AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUVM+kXmpDt7eVkQ+gnwp9wYhZ9M4wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvVk0ta1htcER0N2VW
a1EtZ253cDl3WWhaOU00LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAHemjsLv1vjFWm46C3KFAQuImYZ3
aaAA1pTGfEfT2W8A8LpA6+943toaMMmLky9u1bgYhwB13BvHmxvjwJmkk3+mMw9a
Aj6p4pfANDpkZnZe9v7ZIEUB5wmxecs8RSqc0us2NZQqcmJKGWp1qLKC01h0X8B6
mtEAq7FvDJr7FGNX2Q1J2RfQ4+0Pyv5xV+GYJCid4B843Gz1iUTTtKEGui/3gy9Z
iexMN2vGDkdQdK7HYnj3jcd4RNRbwG/OGShqbIcm4XOJP3RrK1LCgNaGx+6i0dft
zvNsX//mBcHB8iWJhUiWATX3084lI2ywocyWY13AB6ObjjBd9O9iF2nT+2c=
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:11:45 2025 by rpki-client