Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/VTcBY8o55BU6IvshIHoBXAmJ7gw.roa
File: VTcBY8o55BU6IvshIHoBXAmJ7gw.roa (raw, json)
Hash identifier: 0kGZg/624Xu7ugdWrdBQ3WcVCCJYrzyeHVY20n5mGfs=
Subject key identifier: 55:37:01:63:CA:39:E4:15:3A:22:FB:21:20:7A:01:5C:09:89:EE:0C
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 23C1
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/VTcBY8o55BU6IvshIHoBXAmJ7gw.roa
Signing time: Mon 09 Jun 2025 06:38:59 +0000
ROA not before: Mon 09 Jun 2025 06:38:59 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9153 (0x23c1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 9 06:38:59 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=55370163CA39E4153A22FB21207A015C0989EE0C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:f6:9d:76:4d:e5:e8:ef:31:4f:76:6c:96:4f:
71:18:1b:9b:62:9e:63:9b:c0:d9:e5:61:50:f2:1d:
d1:7b:8a:b5:4a:9c:aa:ae:af:25:01:dd:2e:8e:66:
a8:96:82:46:6c:2b:0e:1e:9e:bb:e3:13:42:68:f4:
3d:5f:27:98:87:51:0f:b7:44:70:e1:36:00:62:e9:
8b:fd:c0:57:55:2c:10:f8:26:eb:26:eb:0f:4e:aa:
d9:88:01:11:c0:93:fd:bf:84:05:cc:d5:1b:9a:cb:
5c:7d:b8:1a:0d:53:c1:7b:fb:d2:0c:82:32:be:32:
32:dc:bd:1d:92:d6:2d:21:06:37:ee:ed:bb:be:ad:
e6:4d:3e:33:4f:70:c6:a4:7f:3d:8a:81:c9:51:bc:
e0:1f:a4:e7:06:86:c6:c3:a6:8d:05:a6:51:ff:f4:
6d:36:a9:13:d5:0a:f5:4a:dc:9d:fa:b8:48:06:5c:
97:4c:51:3d:fb:76:6c:cb:67:8d:b0:ec:e4:e7:bf:
2e:0b:86:9e:15:8a:66:04:55:15:8f:79:dd:2c:28:
e5:a2:f0:06:2b:64:a5:04:6a:7a:b7:05:44:34:a3:
e3:c6:51:75:cf:04:a8:be:19:ca:76:29:f8:66:0f:
eb:5c:2c:aa:02:5a:77:71:d3:fe:21:1b:d6:82:1e:
5a:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:37:01:63:CA:39:E4:15:3A:22:FB:21:20:7A:01:5C:09:89:EE:0C
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/VTcBY8o55BU6IvshIHoBXAmJ7gw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
67:e8:d1:fd:9e:2f:37:69:24:0d:34:55:29:b4:21:93:07:27:
d5:b5:e3:58:5f:ed:25:c7:29:45:c5:5c:7b:ae:d1:40:e9:65:
0e:15:4c:9a:9a:17:09:42:94:ca:47:e4:79:fc:72:05:8f:72:
fc:7f:6f:c9:c0:a1:83:72:eb:ca:c6:fb:45:7e:62:de:a1:23:
cd:95:1a:4a:22:75:71:b1:e1:28:42:5a:1c:b7:17:58:3d:5d:
aa:38:be:83:39:e2:b1:28:f2:ea:6f:7a:07:53:89:b3:38:f8:
d4:12:a8:5f:89:c2:11:88:3d:7d:ce:02:3e:20:b6:a8:d0:48:
ea:07:ce:74:b5:73:70:5f:e9:2c:13:55:ad:ef:ff:51:1e:95:
80:e7:2f:0f:5f:86:31:0b:ac:07:a2:93:7e:c4:5f:16:9b:ca:
b5:7a:3f:81:72:9d:9b:ca:b0:65:5f:c8:38:41:1c:af:20:49:
27:8b:a1:12:35:bb:42:e4:7f:56:64:f8:53:f9:d1:81:ac:37:
41:34:2e:20:30:61:21:89:87:36:4f:c6:f7:fd:76:70:57:68:
e2:21:71:a7:37:3e:ed:b5:18:2d:62:84:05:01:5c:bb:46:a6:
8a:64:63:37:7c:f3:b7:66:48:9f:2a:12:3b:e6:19:81:7e:a0:
54:97:a8:50
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICI8EwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDkw
NjM4NTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDU1MzcwMTYzQ0EzOUU0
MTUzQTIyRkIyMTIwN0EwMTVDMDk4OUVFMEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDj9p12TeXo7zFPdmyWT3EYG5tinmObwNnlYVDyHdF7irVKnKqu
ryUB3S6OZqiWgkZsKw4enrvjE0Jo9D1fJ5iHUQ+3RHDhNgBi6Yv9wFdVLBD4Jusm
6w9OqtmIARHAk/2/hAXM1Ruay1x9uBoNU8F7+9IMgjK+MjLcvR2S1i0hBjfu7bu+
reZNPjNPcMakfz2KgclRvOAfpOcGhsbDpo0FplH/9G02qRPVCvVK3J36uEgGXJdM
UT37dmzLZ42w7OTnvy4Lhp4VimYEVRWPed0sKOWi8AYrZKUEanq3BUQ0o+PGUXXP
BKi+Gcp2KfhmD+tcLKoCWndx0/4hG9aCHlqRAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUVTcBY8o55BU6IvshIHoBXAmJ7gwwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvVlRjQlk4bzU1QlU2
SXZzaElIb0JYQW1KN2d3LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGfo0f2eLzdpJA00VSm0IZMHJ9W1
41hf7SXHKUXFXHuu0UDpZQ4VTJqaFwlClMpH5Hn8cgWPcvx/b8nAoYNy68rG+0V+
Yt6hI82VGkoidXGx4ShCWhy3F1g9Xao4voM54rEo8upvegdTibM4+NQSqF+JwhGI
PX3OAj4gtqjQSOoHznS1c3Bf6SwTVa3v/1EelYDnLw9fhjELrAeik37EXxabyrV6
P4FynZvKsGVfyDhBHK8gSSeLoRI1u0Lkf1Zk+FP50YGsN0E0LiAwYSGJhzZPxvf9
dnBXaOIhcac3Pu21GC1ihAUBXLtGpopkYzd887dmSJ8qEjvmGYF+oFSXqFA=
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:34:25 2025 by rpki-client