Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/VmgKhDym84rqn909kKGDfQMCP0k.roa
File: VmgKhDym84rqn909kKGDfQMCP0k.roa (raw, json)
Hash identifier: Ar6F50vsNcMg1uvdNRQ6nWlvKe35nfnJKKtOHhiaEPc=
Subject key identifier: 56:68:0A:84:3C:A6:F3:8A:EA:9F:DD:3D:90:A1:83:7D:03:02:3F:49
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 239C
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/VmgKhDym84rqn909kKGDfQMCP0k.roa
Signing time: Mon 09 Jun 2025 00:38:57 +0000
ROA not before: Mon 09 Jun 2025 00:38:57 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9116 (0x239c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 9 00:38:57 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=56680A843CA6F38AEA9FDD3D90A1837D03023F49
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:1b:c1:3f:bd:4a:cc:8b:76:d9:15:92:29:57:
44:8b:b7:96:3e:4d:d5:bb:7f:d8:07:1b:2a:47:89:
dd:27:6e:eb:84:9e:84:36:2f:bd:55:a9:c9:e2:4b:
c6:07:fa:83:db:26:5f:89:66:91:ca:92:4e:87:19:
02:6c:85:7b:97:12:ec:a4:9c:ff:d8:83:f1:b2:43:
74:39:17:49:34:09:7c:35:61:e0:50:25:7f:bd:81:
33:ab:3b:c5:91:bd:35:02:3d:e2:f4:07:68:ff:56:
ca:4e:5b:c7:3e:8a:d5:b1:04:31:47:18:ee:64:b9:
dd:18:96:e6:44:00:99:2a:0e:c6:80:d0:81:3d:aa:
b5:32:d6:e9:78:a5:89:9f:31:ad:21:0f:ca:e6:8a:
be:38:5a:df:43:11:90:80:cf:c5:0b:97:5b:64:d6:
26:aa:f7:39:06:98:71:f1:cf:48:b8:21:cf:b3:6b:
53:a3:a5:8f:97:14:d2:be:37:66:7d:30:20:90:be:
5e:87:21:8e:2d:35:f0:81:d9:66:35:e1:3a:fb:38:
6d:1e:2a:7a:68:b4:e5:77:9f:25:41:39:9d:54:9e:
9a:95:a8:4a:b9:94:d2:9e:90:93:78:13:ef:7b:fb:
29:77:33:b0:22:50:94:ed:96:cf:72:51:09:68:cb:
86:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:68:0A:84:3C:A6:F3:8A:EA:9F:DD:3D:90:A1:83:7D:03:02:3F:49
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/VmgKhDym84rqn909kKGDfQMCP0k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
0d:eb:23:7b:a2:3a:8a:da:fb:f3:43:b9:14:b5:ca:31:5a:0b:
9e:ee:77:c2:35:7b:d9:96:a4:56:7b:93:9d:b9:39:1f:99:30:
56:d9:70:21:55:a6:67:6a:b0:6f:66:bc:a6:d1:2b:2a:b2:8e:
5e:ea:35:87:7d:bc:05:ab:62:31:96:6c:b6:37:d8:1b:3e:1c:
5c:9b:25:c0:5e:2e:00:bc:0e:b3:f5:6b:43:f6:ef:34:f4:c9:
56:4f:ec:9d:48:5f:3a:3a:8d:4d:94:ec:34:d2:09:1e:41:00:
72:28:b6:a6:83:a4:d5:7a:7d:2f:12:c6:f4:bd:60:9a:64:a7:
9b:0b:4d:f7:ce:e5:ba:5e:c8:0a:d2:cc:33:29:42:d3:9d:28:
49:8b:6f:52:1c:e5:ae:a1:97:c5:4d:0f:cb:30:d0:bc:ea:72:
c8:20:2b:8d:d6:40:d3:3b:c6:8f:3e:67:97:d7:c3:3b:09:af:
4a:f2:9f:04:96:f7:14:07:a3:0f:55:16:5d:b1:be:f1:d2:74:
7e:dd:01:37:ee:96:09:2e:07:99:79:a4:d4:d1:dd:c0:c5:7b:
fd:4c:0d:14:53:28:d0:0e:b4:51:b4:64:b5:88:d8:bd:7e:81:
d3:27:62:72:43:39:ea:f8:7c:60:91:d0:30:32:2d:4f:f2:9a:
74:86:9e:66
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICI5wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDkw
MDM4NTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDU2NjgwQTg0M0NBNkYz
OEFFQTlGREQzRDkwQTE4MzdEMDMwMjNGNDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOG8E/vUrMi3bZFZIpV0SLt5Y+TdW7f9gHGypHid0nbuuEnoQ2
L71VqcniS8YH+oPbJl+JZpHKkk6HGQJshXuXEuyknP/Yg/GyQ3Q5F0k0CXw1YeBQ
JX+9gTOrO8WRvTUCPeL0B2j/VspOW8c+itWxBDFHGO5kud0YluZEAJkqDsaA0IE9
qrUy1ul4pYmfMa0hD8rmir44Wt9DEZCAz8ULl1tk1iaq9zkGmHHxz0i4Ic+za1Oj
pY+XFNK+N2Z9MCCQvl6HIY4tNfCB2WY14Tr7OG0eKnpotOV3nyVBOZ1UnpqVqEq5
lNKekJN4E+97+yl3M7AiUJTtls9yUQloy4YtAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUVmgKhDym84rqn909kKGDfQMCP0kwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvVm1nS2hEeW04NHJx
bjkwOWtLR0RmUU1DUDBrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAA3rI3uiOora+/NDuRS1yjFaC57u
d8I1e9mWpFZ7k525OR+ZMFbZcCFVpmdqsG9mvKbRKyqyjl7qNYd9vAWrYjGWbLY3
2Bs+HFybJcBeLgC8DrP1a0P27zT0yVZP7J1IXzo6jU2U7DTSCR5BAHIotqaDpNV6
fS8SxvS9YJpkp5sLTffO5bpeyArSzDMpQtOdKEmLb1Ic5a6hl8VND8sw0Lzqcsgg
K43WQNM7xo8+Z5fXwzsJr0rynwSW9xQHow9VFl2xvvHSdH7dATfulgkuB5l5pNTR
3cDFe/1MDRRTKNAOtFG0ZLWI2L1+gdMnYnJDOer4fGCR0DAyLU/ymnSGnmY=
-----END CERTIFICATE-----
Generated at Sat Jun 21 08:47:49 2025 by rpki-client