Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/X0Fj0Tb1JfcWmICesn9KXuLGCT0.roa
File: X0Fj0Tb1JfcWmICesn9KXuLGCT0.roa (raw, json)
Hash identifier: Qw4IBvpN2hd9xElrj/z6zNG5aNMLGxQXBH9JGv37PJs=
Subject key identifier: 5F:41:63:D1:36:F5:25:F7:16:98:80:9E:B2:7F:4A:5E:E2:C6:09:3D
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2169
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/X0Fj0Tb1JfcWmICesn9KXuLGCT0.roa
Signing time: Thu 05 Jun 2025 02:38:45 +0000
ROA not before: Thu 05 Jun 2025 02:38:45 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8553 (0x2169)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 02:38:45 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5F4163D136F525F71698809EB27F4A5EE2C6093D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:12:84:d5:78:d5:1f:96:77:9c:aa:c5:c4:82:
ec:e5:8a:f2:0a:35:d7:94:8d:4a:41:45:db:ef:a9:
eb:16:a9:2d:dc:b6:92:bb:14:94:ea:af:7a:5b:63:
89:30:2d:79:d9:74:49:b8:1c:47:3a:bd:17:98:5c:
ad:b8:00:cd:49:a7:bb:0c:1b:48:4c:ee:93:07:6e:
8e:6a:e7:1d:e9:e9:d2:3a:93:92:80:f5:43:42:da:
76:6e:de:be:ec:21:26:9e:e2:61:09:f0:dc:dc:b4:
61:11:d7:4b:63:c4:db:26:ef:cf:7e:a2:3e:4e:2e:
2c:10:3e:99:5c:e2:e2:c4:58:73:e5:5f:f3:45:dd:
1c:ca:bf:dd:c7:00:dc:f7:43:3c:1b:b4:11:57:dd:
c1:7d:d2:d3:fc:b2:df:56:34:14:f8:d7:ad:c3:1c:
ab:ed:c3:bf:b9:f5:2b:7b:4f:e1:0f:6f:a9:94:95:
d8:c5:92:a3:d9:23:14:68:a3:3b:32:27:99:20:e9:
a5:ee:ec:a4:97:03:86:29:f5:b6:0d:7a:2a:6a:d1:
03:76:ee:a1:28:53:36:93:cf:12:af:4d:ee:4d:6a:
6d:80:2a:13:8d:fd:fc:cf:dc:49:b6:bd:38:cb:57:
9a:61:71:3b:ec:60:21:c4:19:68:76:ee:ff:c4:3e:
50:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:41:63:D1:36:F5:25:F7:16:98:80:9E:B2:7F:4A:5E:E2:C6:09:3D
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/X0Fj0Tb1JfcWmICesn9KXuLGCT0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
56:86:f6:2a:bc:b1:40:8c:51:12:0f:7a:30:0a:f8:9c:98:94:
48:75:39:29:fa:4d:3c:01:ce:f3:2a:8e:0e:56:31:b2:5b:a0:
ab:17:f3:0e:33:54:58:40:83:39:9b:f6:b1:09:28:7d:fb:c6:
ce:bc:89:ea:09:7f:90:02:5a:57:cf:6f:c7:bd:11:70:b7:3e:
9a:a2:69:65:b4:d6:7e:a1:f8:f2:b2:34:fe:86:f1:32:5f:aa:
4a:2f:3d:c6:76:91:0c:89:83:d6:76:05:93:88:0c:f7:20:da:
23:17:a0:9a:2e:b2:aa:64:7a:7d:90:d3:1b:5b:30:25:2b:7f:
33:90:c6:57:48:41:55:0d:40:5d:f4:d1:05:21:a6:82:f6:e3:
55:17:44:2f:02:54:bf:41:68:e6:60:7c:dd:a5:45:0d:ed:ad:
c1:95:d0:95:58:ab:1d:1a:2d:44:80:a9:c8:af:a6:17:a6:dc:
f2:60:d0:98:e9:0b:c8:d7:47:df:c2:d8:5e:7d:ff:c0:fd:d3:
69:fa:f1:0d:5c:16:e7:b6:89:4e:b2:2a:f2:72:20:9c:39:fa:
91:65:0f:84:f1:93:a2:47:fe:38:4f:86:ee:44:b2:f9:c2:1e:
0e:0d:0e:ee:56:c9:74:6d:a7:8e:ae:9a:c1:af:d8:51:68:96:
b8:15:88:0c
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIWkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUw
MjM4NDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVGNDE2M0QxMzZGNTI1
RjcxNjk4ODA5RUIyN0Y0QTVFRTJDNjA5M0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCjEoTVeNUflnecqsXEguzlivIKNdeUjUpBRdvvqesWqS3ctpK7
FJTqr3pbY4kwLXnZdEm4HEc6vReYXK24AM1Jp7sMG0hM7pMHbo5q5x3p6dI6k5KA
9UNC2nZu3r7sISae4mEJ8NzctGER10tjxNsm789+oj5OLiwQPplc4uLEWHPlX/NF
3RzKv93HANz3QzwbtBFX3cF90tP8st9WNBT4163DHKvtw7+59St7T+EPb6mUldjF
kqPZIxRoozsyJ5kg6aXu7KSXA4Yp9bYNeipq0QN27qEoUzaTzxKvTe5Nam2AKhON
/fzP3Em2vTjLV5phcTvsYCHEGWh27v/EPlB1AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUX0Fj0Tb1JfcWmICesn9KXuLGCT0wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvWDBGajBUYjFKZmNX
bUlDZXNuOUtYdUxHQ1QwLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAFaG9iq8sUCMURIPejAK+JyYlEh1
OSn6TTwBzvMqjg5WMbJboKsX8w4zVFhAgzmb9rEJKH37xs68ieoJf5ACWlfPb8e9
EXC3PpqiaWW01n6h+PKyNP6G8TJfqkovPcZ2kQyJg9Z2BZOIDPcg2iMXoJousqpk
en2Q0xtbMCUrfzOQxldIQVUNQF300QUhpoL241UXRC8CVL9BaOZgfN2lRQ3trcGV
0JVYqx0aLUSAqcivphem3PJg0JjpC8jXR9/C2F59/8D902n68Q1cFue2iU6yKvJy
IJw5+pFlD4Txk6JH/jhPhu5EsvnCHg4NDu5WyXRtp46umsGv2FFolrgViAw=
-----END CERTIFICATE-----
Generated at Sat Jun 21 04:14:52 2025 by rpki-client