Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/XjYhcNhmmH3asE8cz04zbIqEOr8.roa
File: XjYhcNhmmH3asE8cz04zbIqEOr8.roa (raw, json)
Hash identifier: rC/5/hMr294uRPBHLx5+/qGeqAqn3kvRE/JqVkHf0do=
Subject key identifier: 5E:36:21:70:D8:66:98:7D:DA:B0:4F:1C:CF:4E:33:6C:8A:84:3A:BF
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2553
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/XjYhcNhmmH3asE8cz04zbIqEOr8.roa
Signing time: Thu 12 Jun 2025 01:39:11 +0000
ROA not before: Thu 12 Jun 2025 01:39:11 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9555 (0x2553)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 01:39:11 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5E362170D866987DDAB04F1CCF4E336C8A843ABF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:52:2e:a4:15:67:dc:98:bd:ac:57:ad:bd:f2:
db:60:44:ef:ed:e1:6b:47:86:1f:c5:c3:f8:a5:29:
ea:79:6c:a6:3a:43:12:7a:92:d7:f1:6e:ba:55:f7:
34:c4:ff:66:df:24:57:5a:48:bd:b0:10:08:c6:35:
ab:be:07:30:2c:30:e6:ae:67:df:8e:d7:18:e8:b0:
46:d4:d4:33:26:da:a5:39:82:e8:ee:db:3e:4d:bb:
c3:aa:8e:f9:18:f0:13:02:0a:e2:8e:a3:03:91:f3:
c6:27:34:e7:83:90:1b:fa:f3:71:cf:4b:ca:86:b9:
c9:d1:a0:31:e4:70:3d:8d:0f:6d:76:a1:c4:f9:8a:
d5:12:21:da:10:4b:0b:74:80:7a:bc:06:f4:15:4a:
9e:fb:8f:58:7b:10:0a:6c:fe:d8:3f:dd:10:52:18:
1e:f4:c1:f6:c5:69:35:0d:dd:4b:af:76:d4:21:8d:
d5:36:2c:7c:cf:58:fc:f1:e1:28:82:ff:5b:97:f7:
28:d7:3f:91:ee:32:ac:11:6c:4a:09:0a:0b:d5:af:
b8:70:41:0d:14:81:01:52:05:a1:1d:43:14:1c:0a:
43:71:86:78:5f:41:88:c0:f1:8f:50:20:25:b1:4b:
42:66:64:50:ce:8d:73:07:8b:c7:9e:dc:d0:ad:2c:
77:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:36:21:70:D8:66:98:7D:DA:B0:4F:1C:CF:4E:33:6C:8A:84:3A:BF
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/XjYhcNhmmH3asE8cz04zbIqEOr8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
3e:dd:4d:a2:e9:b4:dd:9b:86:1a:62:a1:89:cc:8a:b6:61:e0:
40:38:5c:0a:1e:53:c4:3c:7a:a8:a3:d8:5f:52:a1:bb:4b:b0:
1c:f1:0d:9c:9c:df:31:2a:80:74:39:25:1d:31:5a:ef:44:39:
39:a2:7e:2c:f6:c5:40:c5:76:57:3c:c6:d7:03:9f:98:4e:0b:
26:3c:e2:cc:d0:93:1f:f0:3a:4d:7a:ef:3b:3f:d7:ef:d5:3e:
99:ee:9d:1f:07:9d:40:50:eb:63:68:f4:fb:3f:42:4d:d8:a9:
e6:14:9d:42:b3:38:d0:5b:19:8d:b0:e1:7f:25:bc:c2:8f:bc:
67:5f:c7:20:27:04:33:57:61:5f:3b:b3:95:76:b7:28:2a:87:
e6:02:f2:ce:7f:13:b7:a9:f7:01:bc:03:f5:5e:dd:13:bf:ed:
6b:73:08:e0:8d:fb:79:f4:49:60:ff:95:b4:4f:a2:64:9f:b5:
e5:d0:f2:ec:ce:22:8a:ef:22:95:9f:ce:bb:ba:a9:1f:60:df:
95:ae:c0:e7:2d:aa:bd:ed:ef:23:18:9f:40:e9:a2:b4:54:d8:
70:84:5a:a3:9b:fb:d5:5c:b4:2d:da:b3:d4:59:0b:cf:e7:13:
94:d0:90:db:5b:ef:d9:e8:35:a5:69:f1:e6:be:b1:cb:8d:15:
f2:4c:31:a4
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJVMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIw
MTM5MTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVFMzYyMTcwRDg2Njk4
N0REQUIwNEYxQ0NGNEUzMzZDOEE4NDNBQkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVUi6kFWfcmL2sV6298ttgRO/t4WtHhh/Fw/ilKep5bKY6QxJ6
ktfxbrpV9zTE/2bfJFdaSL2wEAjGNau+BzAsMOauZ9+O1xjosEbU1DMm2qU5guju
2z5Nu8OqjvkY8BMCCuKOowOR88YnNOeDkBv683HPS8qGucnRoDHkcD2ND212ocT5
itUSIdoQSwt0gHq8BvQVSp77j1h7EAps/tg/3RBSGB70wfbFaTUN3UuvdtQhjdU2
LHzPWPzx4SiC/1uX9yjXP5HuMqwRbEoJCgvVr7hwQQ0UgQFSBaEdQxQcCkNxhnhf
QYjA8Y9QICWxS0JmZFDOjXMHi8ee3NCtLHfBAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUXjYhcNhmmH3asE8cz04zbIqEOr8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvWGpZaGNOaG1tSDNh
c0U4Y3owNHpiSXFFT3I4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAD7dTaLptN2bhhpioYnMirZh4EA4
XAoeU8Q8eqij2F9SobtLsBzxDZyc3zEqgHQ5JR0xWu9EOTmifiz2xUDFdlc8xtcD
n5hOCyY84szQkx/wOk167zs/1+/VPpnunR8HnUBQ62No9Ps/Qk3YqeYUnUKzONBb
GY2w4X8lvMKPvGdfxyAnBDNXYV87s5V2tygqh+YC8s5/E7ep9wG8A/Ve3RO/7Wtz
COCN+3n0SWD/lbRPomSfteXQ8uzOIorvIpWfzru6qR9g35WuwOctqr3t7yMYn0Dp
orRU2HCEWqOb+9VctC3as9RZC8/nE5TQkNtb79noNaVp8ea+scuNFfJMMaQ=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:17:45 2025 by rpki-client