Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/X3Y6VqjzgjZU__RlYGHIULDSTlA.roa
File: X3Y6VqjzgjZU__RlYGHIULDSTlA.roa (raw, json)
Hash identifier: ebVTJW13uohjxkbdLbYUllJC0HPkKJQPpU06msjj5B8=
Subject key identifier: 5F:76:3A:56:A8:F3:82:36:54:FF:F4:65:60:61:C8:50:B0:D2:4E:50
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C8C
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/X3Y6VqjzgjZU__RlYGHIULDSTlA.roa
Signing time: Tue 27 May 2025 11:08:11 +0000
ROA not before: Tue 27 May 2025 11:08:11 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7308 (0x1c8c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 27 11:08:11 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5F763A56A8F3823654FFF4656061C850B0D24E50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:c8:14:7c:e2:24:25:77:72:40:60:17:84:27:
30:07:e0:9a:dd:fd:42:bb:33:93:07:cc:ca:76:51:
87:6c:d3:b8:47:06:26:59:e1:ed:ae:74:ab:02:f9:
7c:89:e4:a5:15:a6:dd:ec:df:80:85:f9:d3:f9:8c:
11:2a:65:9b:4f:d5:6f:01:43:02:37:25:fb:a5:f7:
39:dc:94:33:9b:47:23:8d:31:2c:3d:21:9d:71:da:
32:83:e8:84:a0:46:5a:d3:60:8f:76:fa:ce:6a:a6:
3b:32:76:84:84:ef:03:93:f5:41:05:c8:a4:5a:c8:
aa:49:e1:45:8e:9c:df:25:28:f8:ec:bd:25:cb:e0:
5a:ba:d0:8b:dc:cc:ad:1f:32:dc:84:57:b4:e5:d8:
8d:50:f4:3b:c8:0b:22:01:e1:61:4b:b1:a5:1c:55:
b8:ea:45:46:6e:a4:21:53:14:02:b0:9b:01:b1:0d:
d6:87:0b:98:e8:81:7a:88:1a:8d:a6:85:0a:8e:46:
6a:2a:09:ba:c2:d1:fa:b9:4b:3e:ab:31:21:42:3e:
b2:dc:9a:f0:42:b4:fc:76:0f:d7:d0:70:f3:63:3d:
c3:48:73:b7:84:99:67:8b:58:b2:a7:24:f9:4b:ff:
9a:5f:df:b0:f5:28:7a:e4:89:2b:68:83:8c:1b:c0:
b8:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:76:3A:56:A8:F3:82:36:54:FF:F4:65:60:61:C8:50:B0:D2:4E:50
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/X3Y6VqjzgjZU__RlYGHIULDSTlA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
6f:fd:09:66:a2:b0:ed:42:88:27:1f:3c:23:89:2f:24:16:5b:
1a:4a:44:9a:86:07:c3:b6:bd:22:35:e1:8d:9f:e7:30:4d:63:
98:6b:93:91:41:a2:c5:1d:d2:b3:21:2f:57:5f:21:ac:f1:16:
4a:a2:04:36:74:15:86:00:99:69:a3:4a:6b:4e:9c:11:b3:76:
dd:21:4f:7e:65:2f:a0:0b:d8:0c:5a:4c:e1:b0:69:d2:ba:80:
c0:1a:72:bb:63:25:3d:28:dd:d0:05:79:b4:ca:22:60:b9:82:
0d:a7:ca:79:db:2a:7e:46:f6:7c:ea:ec:94:1b:e3:21:d3:ae:
14:15:f8:6d:08:95:3c:48:e4:58:89:a0:bd:d0:ed:d5:d9:c6:
2d:00:a5:46:72:1e:ca:ed:97:33:6c:7a:9f:f3:a9:4e:f8:15:
a9:f1:18:74:f1:dc:35:11:6b:2a:2c:29:70:ad:23:ea:10:ef:
71:99:a1:33:5d:3a:fe:5f:7a:d6:87:a0:10:ee:70:e2:34:82:
f7:3c:c5:2a:0c:c3:6b:e4:63:1e:d0:bc:56:fc:87:6f:93:12:
79:99:54:08:b7:ef:fc:d7:ea:ca:40:4d:b4:65:4e:6d:79:ed:
6d:59:82:cb:a1:2f:26:f6:f1:ac:63:07:17:59:ff:66:85:b2:
9f:ba:ac:c0
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHIwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1Mjcx
MTA4MTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVGNzYzQTU2QThGMzgy
MzY1NEZGRjQ2NTYwNjFDODUwQjBEMjRFNTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQClyBR84iQld3JAYBeEJzAH4Jrd/UK7M5MHzMp2UYds07hHBiZZ
4e2udKsC+XyJ5KUVpt3s34CF+dP5jBEqZZtP1W8BQwI3Jful9znclDObRyONMSw9
IZ1x2jKD6ISgRlrTYI92+s5qpjsydoSE7wOT9UEFyKRayKpJ4UWOnN8lKPjsvSXL
4Fq60IvczK0fMtyEV7Tl2I1Q9DvICyIB4WFLsaUcVbjqRUZupCFTFAKwmwGxDdaH
C5jogXqIGo2mhQqORmoqCbrC0fq5Sz6rMSFCPrLcmvBCtPx2D9fQcPNjPcNIc7eE
mWeLWLKnJPlL/5pf37D1KHrkiStog4wbwLg7AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUX3Y6VqjzgjZU//RlYGHIULDSTlAwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvWDNZNlZxanpnalpV
X19SbFlHSElVTERTVGxBLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAG/9CWaisO1CiCcfPCOJLyQWWxpK
RJqGB8O2vSI14Y2f5zBNY5hrk5FBosUd0rMhL1dfIazxFkqiBDZ0FYYAmWmjSmtO
nBGzdt0hT35lL6AL2AxaTOGwadK6gMAacrtjJT0o3dAFebTKImC5gg2nynnbKn5G
9nzq7JQb4yHTrhQV+G0IlTxI5FiJoL3Q7dXZxi0ApUZyHsrtlzNsep/zqU74Fanx
GHTx3DURayosKXCtI+oQ73GZoTNdOv5fetaHoBDucOI0gvc8xSoMw2vkYx7QvFb8
h2+TEnmZVAi37/zX6spATbRlTm157W1ZgsuhLyb28axjBxdZ/2aFsp+6rMA=
-----END CERTIFICATE-----
Generated at Fri Jun 20 19:20:39 2025 by rpki-client