Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/WU4sIeYt8r-zVF4wzFuKB1qiC0E.roa
File: WU4sIeYt8r-zVF4wzFuKB1qiC0E.roa (raw, json)
Hash identifier: GHw6bf2H+Waj0jFMA/mluLUEq+UK55EAQTUtFuXMljk=
Subject key identifier: 59:4E:2C:21:E6:2D:F2:BF:B3:54:5E:30:CC:5B:8A:07:5A:A2:0B:41
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2058
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/WU4sIeYt8r-zVF4wzFuKB1qiC0E.roa
Signing time: Tue 03 Jun 2025 05:08:46 +0000
ROA not before: Tue 03 Jun 2025 05:08:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8280 (0x2058)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 3 05:08:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=594E2C21E62DF2BFB3545E30CC5B8A075AA20B41
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:0a:8d:74:2d:6e:60:e9:31:3c:b1:69:0c:17:
9c:28:eb:fb:f3:f5:5c:b4:b1:08:39:ab:bd:8f:50:
a0:44:a3:f2:c2:8a:79:ac:26:91:6a:ca:90:48:c7:
5a:b3:81:3c:38:4f:22:de:c0:1a:90:70:01:6a:0a:
34:72:71:2a:3b:d5:42:b8:ba:c8:5d:2b:73:da:c0:
df:0e:af:8e:7c:5c:d5:d7:eb:b6:de:d5:66:92:13:
7a:94:78:d4:1b:b8:61:24:55:72:b7:2c:02:b2:8b:
60:c3:75:13:dc:c5:40:db:38:72:36:0b:a9:8c:e9:
f4:04:70:3b:24:3f:7a:f7:57:1c:30:35:d2:22:e9:
f4:35:d4:6b:37:94:54:86:00:7e:c5:33:71:66:20:
41:1a:12:4d:ee:a1:2e:9d:45:61:cc:48:53:db:fc:
5e:cd:6b:8b:05:58:e3:9d:5f:4f:cc:3c:78:70:6c:
a0:4d:6f:c8:21:0a:35:6e:4d:de:0b:e5:1b:ab:78:
00:89:0d:59:12:a8:1d:36:17:a5:5c:19:eb:d1:51:
d9:64:c7:b8:42:d5:c5:31:48:53:3f:74:55:45:f4:
ad:a6:92:ca:d9:38:af:88:75:74:39:8f:02:92:77:
45:9b:5c:36:ae:3c:90:7d:c5:64:a4:17:02:5a:72:
fd:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:4E:2C:21:E6:2D:F2:BF:B3:54:5E:30:CC:5B:8A:07:5A:A2:0B:41
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/WU4sIeYt8r-zVF4wzFuKB1qiC0E.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
14:9e:00:4a:3f:15:9d:99:31:c5:83:a4:a8:68:6b:19:99:be:
ed:86:2c:91:a2:2e:c6:37:56:15:6f:9c:e6:dc:f9:ea:98:82:
b1:a5:b3:0a:8a:b5:ce:f7:4a:cb:7e:38:b7:30:bb:5e:d5:91:
c8:7b:d0:0c:e9:1c:9e:f6:e2:49:5e:39:1c:ce:b7:54:47:a0:
1d:6a:d3:9d:59:84:1a:d5:93:5c:e0:da:8f:b9:eb:f1:50:fc:
ce:e2:16:29:5c:60:e9:9b:18:48:29:e8:1a:8e:65:e6:69:e7:
19:86:4a:f9:b2:41:7d:6e:6b:64:81:a4:3e:c6:ef:d5:2e:df:
e4:66:49:04:35:fc:1b:1f:5b:d9:31:1c:ea:da:fa:e7:b7:f7:
3c:97:d1:bc:2d:53:80:6b:97:cf:4c:34:ea:81:90:b3:1d:c0:
fc:ab:9e:52:6a:5a:29:d1:78:a8:d2:26:9a:83:58:4a:22:c4:
a1:ff:fb:ca:d0:0f:0c:b1:76:d9:61:6b:c7:2d:24:fc:cc:51:
6a:ff:bd:bf:12:ca:55:c0:bf:b0:d0:8e:db:f8:ca:6a:8f:dd:
d1:0f:30:00:62:ac:93:ce:2f:f2:47:b8:e4:f6:50:8b:49:0a:
b9:f9:bf:ba:0f:1c:3d:22:b5:c0:58:cc:da:17:4a:b8:ba:cf:
c4:9a:1d:6f
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIFgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDMw
NTA4NDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDU5NEUyQzIxRTYyREYy
QkZCMzU0NUUzMENDNUI4QTA3NUFBMjBCNDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPCo10LW5g6TE8sWkMF5wo6/vz9Vy0sQg5q72PUKBEo/LCinms
JpFqypBIx1qzgTw4TyLewBqQcAFqCjRycSo71UK4ushdK3PawN8Or458XNXX67be
1WaSE3qUeNQbuGEkVXK3LAKyi2DDdRPcxUDbOHI2C6mM6fQEcDskP3r3VxwwNdIi
6fQ11Gs3lFSGAH7FM3FmIEEaEk3uoS6dRWHMSFPb/F7Na4sFWOOdX0/MPHhwbKBN
b8ghCjVuTd4L5RureACJDVkSqB02F6VcGevRUdlkx7hC1cUxSFM/dFVF9K2mksrZ
OK+IdXQ5jwKSd0WbXDauPJB9xWSkFwJacv19AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUWU4sIeYt8r+zVF4wzFuKB1qiC0EwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvV1U0c0llWXQ4ci16
VkY0d3pGdUtCMXFpQzBFLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABSeAEo/FZ2ZMcWDpKhoaxmZvu2G
LJGiLsY3VhVvnObc+eqYgrGlswqKtc73Sst+OLcwu17Vkch70AzpHJ724kleORzO
t1RHoB1q051ZhBrVk1zg2o+56/FQ/M7iFilcYOmbGEgp6BqOZeZp5xmGSvmyQX1u
a2SBpD7G79Uu3+RmSQQ1/BsfW9kxHOra+ue39zyX0bwtU4Brl89MNOqBkLMdwPyr
nlJqWinReKjSJpqDWEoixKH/+8rQDwyxdtlha8ctJPzMUWr/vb8SylXAv7DQjtv4
ymqP3dEPMABirJPOL/JHuOT2UItJCrn5v7oPHD0itcBYzNoXSri6z8SaHW8=
-----END CERTIFICATE-----
Generated at Fri Jun 20 19:12:36 2025 by rpki-client