Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/WtpZ9QqAMsxH4uZO0ZLovzCu2Aw.roa
File: WtpZ9QqAMsxH4uZO0ZLovzCu2Aw.roa (raw, json)
Hash identifier: OE+JTBoBfXhm9Q7Zg1VVb0rxTNclU84bQG3ZD1dwmog=
Subject key identifier: 5A:DA:59:F5:0A:80:32:CC:47:E2:E6:4E:D1:92:E8:BF:30:AE:D8:0C
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C8B
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/WtpZ9QqAMsxH4uZO0ZLovzCu2Aw.roa
Signing time: Tue 27 May 2025 11:08:11 +0000
ROA not before: Tue 27 May 2025 11:08:11 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7307 (0x1c8b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 27 11:08:11 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5ADA59F50A8032CC47E2E64ED192E8BF30AED80C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:47:82:8f:c3:49:e0:e7:8a:78:da:d2:24:8d:
34:54:e2:34:dd:46:97:d5:a2:fa:75:0e:22:35:7e:
a0:80:3b:d3:e6:2f:10:15:e5:bd:5c:90:ff:b6:d5:
37:8c:30:ab:d9:c0:ae:76:a6:c0:98:cc:70:ff:08:
3d:04:2e:b2:9b:ab:cc:46:7d:fb:b7:79:c0:85:5e:
8b:57:24:be:52:cf:4d:42:93:16:60:46:1c:a1:e4:
7d:ce:8b:09:4d:8d:09:d1:8f:f3:50:b0:35:18:e1:
c3:46:eb:0a:0b:1e:33:85:67:06:68:fd:f0:53:14:
f7:46:9f:85:8a:5a:e2:64:11:92:fd:0f:5f:ba:7f:
a1:cc:c0:a8:cf:68:9f:42:ed:93:01:7f:31:50:81:
dd:ab:0c:32:2f:c8:07:6a:49:35:b3:d4:c1:fd:35:
8e:18:57:0b:c6:f7:4a:be:08:7d:76:f9:79:48:d4:
eb:f2:3a:7a:8f:6c:bb:45:5e:f2:94:9b:ee:5d:00:
0c:ce:04:52:a8:9f:2d:6d:2f:f9:95:b5:8e:9b:39:
b1:bb:16:dd:e0:dc:99:35:13:b0:89:df:f0:b0:f3:
a4:9a:81:8b:53:aa:a1:23:96:66:c9:c4:75:5c:c3:
88:6f:ab:96:56:4d:eb:4d:6c:13:1f:ea:be:af:25:
8c:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:DA:59:F5:0A:80:32:CC:47:E2:E6:4E:D1:92:E8:BF:30:AE:D8:0C
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/WtpZ9QqAMsxH4uZO0ZLovzCu2Aw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
af:4e:22:0f:f3:56:e2:38:44:58:47:fb:03:ff:36:f7:f7:3e:
66:4c:13:3e:f4:a5:78:47:a1:11:6b:54:7b:9d:f6:1b:6e:ff:
cf:a6:4b:4a:04:e0:e3:2f:86:d8:76:38:91:d3:20:70:9b:f5:
05:e7:2d:d2:5e:62:5f:25:fa:07:73:d7:f8:18:c8:ef:ba:2e:
58:c8:59:bb:3e:c6:f2:09:23:46:a3:2d:7b:51:14:29:e4:98:
1b:a2:7b:6f:08:46:ec:51:2d:cf:a0:b1:82:6b:02:8c:1e:da:
b9:c8:a3:4c:04:ec:8d:26:71:4f:fc:85:e6:53:6c:18:68:91:
fc:a6:45:1c:13:0d:45:42:61:58:81:00:53:64:00:e4:64:85:
d7:6c:a1:17:79:1b:54:9d:84:23:1e:e2:4b:58:96:61:07:57:
0d:44:1e:5f:da:f3:6d:06:20:de:c3:27:54:16:e3:ed:87:a0:
a7:ac:fd:3e:56:aa:ab:5e:ad:21:48:59:bf:5d:1a:a1:b8:a5:
8e:2b:91:ae:96:5a:dc:9a:85:ad:91:6d:67:e3:70:9b:6b:8a:
8c:64:32:12:6b:21:f5:54:46:40:67:6c:22:08:46:36:a8:1f:
8e:83:df:40:25:0c:c0:00:83:41:51:44:e3:3b:f7:e8:be:2e:
c4:a8:e9:1d
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHIswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1Mjcx
MTA4MTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVBREE1OUY1MEE4MDMy
Q0M0N0UyRTY0RUQxOTJFOEJGMzBBRUQ4MEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQChR4KPw0ng54p42tIkjTRU4jTdRpfVovp1DiI1fqCAO9PmLxAV
5b1ckP+21TeMMKvZwK52psCYzHD/CD0ELrKbq8xGffu3ecCFXotXJL5Sz01CkxZg
Rhyh5H3OiwlNjQnRj/NQsDUY4cNG6woLHjOFZwZo/fBTFPdGn4WKWuJkEZL9D1+6
f6HMwKjPaJ9C7ZMBfzFQgd2rDDIvyAdqSTWz1MH9NY4YVwvG90q+CH12+XlI1Ovy
OnqPbLtFXvKUm+5dAAzOBFKony1tL/mVtY6bObG7Ft3g3Jk1E7CJ3/Cw86SagYtT
qqEjlmbJxHVcw4hvq5ZWTetNbBMf6r6vJYwbAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUWtpZ9QqAMsxH4uZO0ZLovzCu2AwwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvV3RwWjlRcUFNc3hI
NHVaTzBaTG92ekN1MkF3LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAK9OIg/zVuI4RFhH+wP/Nvf3PmZM
Ez70pXhHoRFrVHud9htu/8+mS0oE4OMvhth2OJHTIHCb9QXnLdJeYl8l+gdz1/gY
yO+6LljIWbs+xvIJI0ajLXtRFCnkmBuie28IRuxRLc+gsYJrAowe2rnIo0wE7I0m
cU/8heZTbBhokfymRRwTDUVCYViBAFNkAORkhddsoRd5G1SdhCMe4ktYlmEHVw1E
Hl/a820GIN7DJ1QW4+2HoKes/T5WqqterSFIWb9dGqG4pY4rka6WWtyaha2RbWfj
cJtrioxkMhJrIfVURkBnbCIIRjaoH46D30AlDMAAg0FRROM79+i+LsSo6R0=
-----END CERTIFICATE-----
Generated at Sat Jun 21 01:49:11 2025 by rpki-client