Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/XuPSNUMJoDf91Uew5hCZjnmTt9Y.roa
File: XuPSNUMJoDf91Uew5hCZjnmTt9Y.roa (raw, json)
Hash identifier: 1IRmJqrdWRZdr4ehhed3SPMzMXCwe3fVIfHyF9Lt1Gg=
Subject key identifier: 5E:E3:D2:35:43:09:A0:37:FD:D5:47:B0:E6:10:99:8E:79:93:B7:D6
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2121
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/XuPSNUMJoDf91Uew5hCZjnmTt9Y.roa
Signing time: Wed 04 Jun 2025 14:38:44 +0000
ROA not before: Wed 04 Jun 2025 14:38:44 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8481 (0x2121)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 4 14:38:44 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5EE3D2354309A037FDD547B0E610998E7993B7D6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:7d:83:91:69:89:23:16:c6:86:d9:c3:c0:23:
f0:e2:18:0d:05:62:cc:92:e6:14:a7:a2:69:f3:58:
f0:f2:2d:2b:19:f4:46:99:9f:5b:3e:0b:94:17:83:
20:e7:4e:95:a7:cd:a2:01:7f:b3:bd:e1:a6:a1:1c:
19:30:60:d7:e3:7c:90:f9:88:ea:3a:56:a6:24:3a:
93:f0:ef:42:ae:2a:80:b5:92:d0:9b:7b:e5:40:39:
7f:10:ea:2d:e4:79:bd:46:eb:87:97:77:3f:61:93:
4b:54:cb:52:83:5e:1c:da:90:90:02:d4:b1:e3:a4:
0a:b0:1f:27:ab:eb:99:9f:28:41:71:7c:ef:bd:9a:
4d:12:c8:30:ce:b3:a2:c0:cf:95:5e:f5:4d:ae:54:
3d:98:17:e2:f8:f2:0a:1e:e8:d8:41:af:77:e2:58:
b5:3e:73:7b:3a:73:7a:11:0f:00:c8:e2:61:41:cb:
90:55:35:1c:63:21:6a:83:ef:82:d8:d8:4f:b6:29:
66:06:8b:b1:09:2e:6c:55:f5:8d:67:4d:59:a7:73:
c3:48:a6:10:28:07:7f:a6:9e:77:87:3f:c3:bd:59:
32:31:4c:8c:8c:9e:62:d5:7b:cb:38:0f:11:2a:c2:
7a:b7:19:7f:10:fc:ed:2e:f1:1f:09:7f:74:77:d4:
17:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:E3:D2:35:43:09:A0:37:FD:D5:47:B0:E6:10:99:8E:79:93:B7:D6
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/XuPSNUMJoDf91Uew5hCZjnmTt9Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
21:94:7d:8f:c1:2a:52:ce:d8:dd:04:61:4d:36:62:4e:47:f2:
d2:98:c5:a8:9a:74:ba:20:0a:c4:a6:25:a0:e8:c9:a0:96:61:
9c:1b:1d:bf:d8:32:a0:df:37:a7:8a:35:be:8d:bf:84:99:3c:
a3:26:df:b9:8c:23:0e:57:de:ca:2d:9b:a6:97:17:45:6f:55:
12:23:78:4e:b8:7b:92:99:3b:91:4b:ec:8c:7c:71:53:0c:5c:
c7:8f:a9:53:b0:fd:51:6c:2f:04:da:91:04:71:94:6e:c1:bc:
d1:6e:06:c5:52:5b:bd:c1:45:45:2c:f3:bb:65:1f:06:3f:18:
eb:6f:60:c4:4a:a2:e3:dc:e3:2f:c0:33:81:d6:73:3b:da:d1:
2e:61:ab:a1:15:69:84:75:d7:28:e8:32:4d:5e:b1:c9:a5:08:
38:4a:da:71:1a:49:78:6d:b2:22:23:84:17:31:8b:e6:9b:23:
f0:5a:c0:b5:53:d8:7b:f7:36:2a:c9:d9:4f:6d:25:6e:c6:35:
e2:df:5b:cb:9c:d2:03:52:1a:2c:d7:2b:81:23:99:a6:e4:19:
86:e8:31:42:9a:d1:55:fa:7b:3f:8f:dc:f8:c9:c7:c0:07:0d:
fa:ce:b2:37:95:47:0b:07:07:62:f2:5d:14:3d:4b:8d:04:16:
0c:0b:21:d7
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICISEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDQx
NDM4NDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVFRTNEMjM1NDMwOUEw
MzdGREQ1NDdCMEU2MTA5OThFNzk5M0I3RDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDcfYORaYkjFsaG2cPAI/DiGA0FYsyS5hSnomnzWPDyLSsZ9EaZ
n1s+C5QXgyDnTpWnzaIBf7O94aahHBkwYNfjfJD5iOo6VqYkOpPw70KuKoC1ktCb
e+VAOX8Q6i3keb1G64eXdz9hk0tUy1KDXhzakJAC1LHjpAqwHyer65mfKEFxfO+9
mk0SyDDOs6LAz5Ve9U2uVD2YF+L48goe6NhBr3fiWLU+c3s6c3oRDwDI4mFBy5BV
NRxjIWqD74LY2E+2KWYGi7EJLmxV9Y1nTVmnc8NIphAoB3+mnneHP8O9WTIxTIyM
nmLVe8s4DxEqwnq3GX8Q/O0u8R8Jf3R31BdtAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUXuPSNUMJoDf91Uew5hCZjnmTt9YwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvWHVQU05VTUpvRGY5
MVVldzVoQ1pqbm1UdDlZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBACGUfY/BKlLO2N0EYU02Yk5H8tKY
xaiadLogCsSmJaDoyaCWYZwbHb/YMqDfN6eKNb6Nv4SZPKMm37mMIw5X3sotm6aX
F0VvVRIjeE64e5KZO5FL7Ix8cVMMXMePqVOw/VFsLwTakQRxlG7BvNFuBsVSW73B
RUUs87tlHwY/GOtvYMRKouPc4y/AM4HWczva0S5hq6EVaYR11yjoMk1escmlCDhK
2nEaSXhtsiIjhBcxi+abI/BawLVT2Hv3NirJ2U9tJW7GNeLfW8uc0gNSGizXK4Ej
mabkGYboMUKa0VX6ez+P3PjJx8AHDfrOsjeVRwsHB2LyXRQ9S40EFgwLIdc=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:58:26 2025 by rpki-client