Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/XA_Rrhk4wkJQXzJvgMFUmjc7FH8.roa
File: XA_Rrhk4wkJQXzJvgMFUmjc7FH8.roa (raw, json)
Hash identifier: ggaJPrtljbpJWReuZJ9kv8ZU6EkbK+cncCF0uzDWEvc=
Subject key identifier: 5C:0F:D1:AE:19:38:C2:42:50:5F:32:6F:80:C1:54:9A:37:3B:14:7F
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 201E
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/XA_Rrhk4wkJQXzJvgMFUmjc7FH8.roa
Signing time: Mon 02 Jun 2025 19:38:37 +0000
ROA not before: Mon 02 Jun 2025 19:38:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8222 (0x201e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 2 19:38:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5C0FD1AE1938C242505F326F80C1549A373B147F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:72:1d:be:98:e7:ab:df:10:19:2e:14:7f:19:
65:e4:4a:1c:35:d1:b1:29:1e:84:a9:29:15:a0:33:
9a:7d:63:8c:fc:6d:37:fc:4d:21:02:02:4c:62:1a:
3e:29:77:80:dd:ae:c0:f3:d7:9d:ad:85:8c:02:4c:
19:5f:1c:6b:18:6b:ad:5e:ed:d9:60:81:81:56:53:
2a:88:d2:fe:a0:b7:ac:63:5e:76:13:a6:28:f7:a6:
f3:34:f7:62:cf:72:76:00:d1:02:c6:9c:99:b1:0f:
55:3d:fc:0a:2e:74:04:4e:16:aa:e8:5d:7c:3c:57:
8b:a7:dc:a7:a7:3c:ea:51:4a:5d:42:37:3a:29:59:
7c:c0:f0:07:e0:6e:e2:d8:94:51:7a:5d:bb:5e:91:
d8:05:f5:72:2e:ed:e9:3f:64:13:12:b2:51:7b:6a:
0d:0b:03:a7:01:fa:0c:b7:6f:4e:e5:c3:ec:3a:0c:
5e:e4:31:63:42:04:6a:ad:dd:f8:83:d9:6c:a5:d3:
79:7b:f6:d4:31:a9:85:08:fc:c5:ad:9c:c7:5f:b3:
d3:d6:48:95:92:30:c6:28:cb:b3:3e:13:6b:e6:07:
11:09:41:a1:65:9a:16:50:d5:1e:7f:2a:ef:51:ec:
de:bf:aa:c2:4a:7b:77:18:47:4f:55:63:61:06:18:
07:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:0F:D1:AE:19:38:C2:42:50:5F:32:6F:80:C1:54:9A:37:3B:14:7F
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/XA_Rrhk4wkJQXzJvgMFUmjc7FH8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
7b:aa:be:2d:45:22:f1:7c:bc:6b:9d:74:b5:5c:94:20:b2:e1:
37:e9:1c:c8:7f:e8:49:43:71:47:7c:ac:9b:2b:c8:20:6c:28:
94:22:3c:37:04:67:e3:13:05:e3:ee:f3:72:a0:b8:d8:51:25:
51:10:c3:35:17:92:1f:c5:a5:b3:02:bb:6e:58:e9:9e:fb:54:
c3:32:f1:ba:99:3f:b7:2a:8a:db:33:d3:c1:5e:1d:e0:2e:91:
e2:9c:a3:33:3c:ce:f4:8c:a9:70:a8:30:2a:e4:00:60:a2:90:
3b:16:6a:db:dc:a3:52:ed:29:d3:76:08:77:4b:5b:bb:71:fe:
65:b2:42:cb:94:93:cc:79:f9:b6:11:cf:c5:73:e6:70:9d:26:
07:88:9c:56:c8:0a:fa:c5:b9:d2:f0:c2:4b:89:67:fa:1a:6f:
84:27:73:ad:b6:23:39:2a:e7:e9:b8:e3:7d:d1:b4:72:a5:fc:
38:7f:df:df:fa:b1:aa:3b:f1:4d:b1:7b:27:15:22:01:c6:28:
ea:0c:94:a5:46:ee:7a:da:5b:70:cf:b2:fa:6d:c8:0b:9f:99:
17:52:ab:f7:b8:22:85:43:b1:ff:41:36:8a:a1:36:c6:4f:d0:
77:55:8c:6a:cc:3c:f1:e6:5c:4f:dd:f2:f9:e6:30:aa:84:82:
1a:fd:68:0c
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIB4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDIx
OTM4MzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVDMEZEMUFFMTkzOEMy
NDI1MDVGMzI2RjgwQzE1NDlBMzczQjE0N0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMch2+mOer3xAZLhR/GWXkShw10bEpHoSpKRWgM5p9Y4z8bTf8
TSECAkxiGj4pd4DdrsDz152thYwCTBlfHGsYa61e7dlggYFWUyqI0v6gt6xjXnYT
pij3pvM092LPcnYA0QLGnJmxD1U9/AoudAROFqroXXw8V4un3KenPOpRSl1CNzop
WXzA8AfgbuLYlFF6XbtekdgF9XIu7ek/ZBMSslF7ag0LA6cB+gy3b07lw+w6DF7k
MWNCBGqt3fiD2Wyl03l79tQxqYUI/MWtnMdfs9PWSJWSMMYoy7M+E2vmBxEJQaFl
mhZQ1R5/Ku9R7N6/qsJKe3cYR09VY2EGGAcDAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUXA/Rrhk4wkJQXzJvgMFUmjc7FH8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvWEFfUnJoazR3a0pR
WHpKdmdNRlVtamM3Rkg4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAHuqvi1FIvF8vGuddLVclCCy4Tfp
HMh/6ElDcUd8rJsryCBsKJQiPDcEZ+MTBePu83KguNhRJVEQwzUXkh/FpbMCu25Y
6Z77VMMy8bqZP7cqitsz08FeHeAukeKcozM8zvSMqXCoMCrkAGCikDsWatvco1Lt
KdN2CHdLW7tx/mWyQsuUk8x5+bYRz8Vz5nCdJgeInFbICvrFudLwwkuJZ/oab4Qn
c622Izkq5+m4433RtHKl/Dh/39/6sao78U2xeycVIgHGKOoMlKVG7nraW3DPsvpt
yAufmRdSq/e4IoVDsf9BNoqhNsZP0HdVjGrMPPHmXE/d8vnmMKqEghr9aAw=
-----END CERTIFICATE-----
Generated at Sat Jun 21 22:58:33 2025 by rpki-client