Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Y-3ek4PzZrJTCitnr1AezWN06os.roa
File: Y-3ek4PzZrJTCitnr1AezWN06os.roa (raw, json)
Hash identifier: hNzVAwWqRJV1dhHJ1u543azAQyxBIcoqw4dRS8YnjFA=
Subject key identifier: 63:ED:DE:93:83:F3:66:B2:53:0A:2B:67:AF:50:1E:CD:63:74:EA:8B
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1FEF
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Y-3ek4PzZrJTCitnr1AezWN06os.roa
Signing time: Mon 02 Jun 2025 11:38:36 +0000
ROA not before: Mon 02 Jun 2025 11:38:36 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8175 (0x1fef)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 2 11:38:36 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=63EDDE9383F366B2530A2B67AF501ECD6374EA8B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:cf:3e:25:2b:82:f9:cb:c8:2c:e3:2e:c9:b0:
b8:f5:c8:00:50:58:3a:8a:a6:ca:91:97:f0:1b:13:
b2:59:d0:58:c2:9e:26:25:c7:f6:0c:92:25:a3:d1:
5b:b9:bf:0d:88:a3:08:fb:98:d7:04:aa:79:b4:e8:
f3:96:f8:d7:41:fd:ea:15:86:99:de:1f:c0:63:79:
12:24:78:20:29:49:4a:1a:c7:9d:74:b6:92:71:54:
66:9d:21:ef:6e:3a:2e:56:07:6c:d8:99:5e:dc:9c:
a5:89:18:8d:c2:3a:94:78:32:a3:02:00:83:fe:c8:
c7:ba:e8:92:1b:4d:83:11:aa:6c:89:74:42:08:09:
82:1f:cd:75:24:0b:97:03:da:d7:b2:dc:5e:44:55:
45:4d:0c:ee:a3:d2:6a:d6:ed:7c:aa:02:2b:3f:ef:
c3:59:dd:e6:cc:34:56:f2:ad:fd:8a:49:25:66:24:
87:0d:81:2a:93:80:6f:dc:1e:a0:d5:d6:17:f4:33:
2b:3f:aa:36:4d:c5:8f:71:8d:7a:15:88:89:39:c8:
96:23:c8:53:55:01:11:79:ec:c5:1c:fb:38:26:50:
d0:55:d2:cd:24:31:06:a0:ed:49:e2:fb:d1:4f:00:
cb:42:96:62:4f:6e:d5:7b:e0:3e:54:a4:a1:4a:bd:
91:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:ED:DE:93:83:F3:66:B2:53:0A:2B:67:AF:50:1E:CD:63:74:EA:8B
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Y-3ek4PzZrJTCitnr1AezWN06os.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
04:fb:af:aa:e0:9d:76:ae:f4:b0:ee:f1:ed:92:c9:27:82:12:
e5:ed:be:d1:76:0e:36:5d:5d:d6:33:82:00:cf:f5:5f:49:c8:
31:ad:31:05:1d:ec:59:cb:d7:d9:e3:97:78:6f:d1:53:7b:8a:
4c:b5:df:76:51:fc:56:22:46:2f:1b:06:0d:11:26:12:b5:17:
6a:02:af:05:60:a9:f5:2b:2a:a8:ce:f8:b3:86:a4:89:f7:90:
65:30:d7:76:57:b2:c2:3a:e7:92:4b:39:33:78:45:1f:06:d8:
bb:51:00:d7:59:1c:51:70:06:fe:a5:29:db:a7:34:a0:6f:99:
6e:c3:21:e3:1a:5c:d8:f0:b9:fd:9d:93:f5:a6:71:36:5a:a9:
43:6e:47:d4:af:6c:2a:49:d7:25:50:1f:f6:c6:b3:69:1e:16:
d6:14:3f:3c:ad:26:cb:47:6d:8a:60:07:85:38:d7:6d:02:c6:
d0:cd:d0:ed:df:a7:cb:b7:26:77:63:fd:75:25:b3:3f:9b:c0:
b1:2d:59:9f:d2:fe:db:0a:a5:67:cc:c3:8c:8e:8b:e9:bb:5d:
25:03:4e:9d:e5:cc:fa:fd:56:81:eb:c3:f3:51:d3:b9:d2:21:
f6:6e:26:7d:d1:25:70:59:34:e6:8c:71:64:b6:e6:69:71:16:
73:18:62:00
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICH+8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDIx
MTM4MzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDYzRURERTkzODNGMzY2
QjI1MzBBMkI2N0FGNTAxRUNENjM3NEVBOEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYzz4lK4L5y8gs4y7JsLj1yABQWDqKpsqRl/AbE7JZ0FjCniYl
x/YMkiWj0Vu5vw2Iowj7mNcEqnm06POW+NdB/eoVhpneH8BjeRIkeCApSUoax510
tpJxVGadIe9uOi5WB2zYmV7cnKWJGI3COpR4MqMCAIP+yMe66JIbTYMRqmyJdEII
CYIfzXUkC5cD2tey3F5EVUVNDO6j0mrW7XyqAis/78NZ3ebMNFbyrf2KSSVmJIcN
gSqTgG/cHqDV1hf0Mys/qjZNxY9xjXoViIk5yJYjyFNVARF57MUc+zgmUNBV0s0k
MQag7Uni+9FPAMtClmJPbtV74D5UpKFKvZHzAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUY+3ek4PzZrJTCitnr1AezWN06oswHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvWS0zZWs0UHpackpU
Q2l0bnIxQWV6V04wNm9zLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAAT7r6rgnXau9LDu8e2SySeCEuXt
vtF2DjZdXdYzggDP9V9JyDGtMQUd7FnL19njl3hv0VN7iky133ZR/FYiRi8bBg0R
JhK1F2oCrwVgqfUrKqjO+LOGpIn3kGUw13ZXssI655JLOTN4RR8G2LtRANdZHFFw
Bv6lKdunNKBvmW7DIeMaXNjwuf2dk/WmcTZaqUNuR9SvbCpJ1yVQH/bGs2keFtYU
PzytJstHbYpgB4U4120CxtDN0O3fp8u3Jndj/XUlsz+bwLEtWZ/S/tsKpWfMw4yO
i+m7XSUDTp3lzPr9VoHrw/NR07nSIfZuJn3RJXBZNOaMcWS25mlxFnMYYgA=
-----END CERTIFICATE-----
Generated at Fri Jun 20 10:17:00 2025 by rpki-client