Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/YW7rCQaItl9KsHRNq2BFfK9E6D8.roa
File: YW7rCQaItl9KsHRNq2BFfK9E6D8.roa (raw, json)
Hash identifier: 6WB6qDLZz70uhf1G4KECZ+mR/aYlEgYo40BLVWFEC1o=
Subject key identifier: 61:6E:EB:09:06:88:B6:5F:4A:B0:74:4D:AB:60:45:7C:AF:44:E8:3F
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1F95
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/YW7rCQaItl9KsHRNq2BFfK9E6D8.roa
Signing time: Sun 01 Jun 2025 20:38:35 +0000
ROA not before: Sun 01 Jun 2025 20:38:35 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8085 (0x1f95)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 1 20:38:35 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=616EEB090688B65F4AB0744DAB60457CAF44E83F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:cb:e1:25:39:78:c8:c5:16:c4:09:b9:ba:03:
1b:48:21:37:7f:46:73:2b:5c:11:a2:5b:c3:58:f4:
0b:1f:30:5f:3c:a8:c4:69:57:73:b8:88:23:de:ae:
04:e0:5f:f2:16:02:f1:5f:6a:88:99:4a:9c:1e:bc:
23:d8:cd:fe:25:8e:12:e4:e0:ae:51:c7:be:b8:dd:
3c:f1:cb:2e:0c:e6:7e:af:27:9e:b6:ff:36:92:47:
74:94:ca:62:b6:65:bf:86:67:95:1c:a5:d5:46:b8:
96:fa:c8:93:0d:36:b4:6f:cd:d5:86:c7:70:19:71:
bc:14:f2:f6:f7:73:89:9c:c1:18:7a:e7:e1:bd:d3:
24:2d:15:b4:c9:c1:0f:35:0a:cd:ed:a4:11:01:1f:
02:5f:a0:b7:35:e9:6d:c3:8b:58:1a:7d:16:ee:5a:
e8:bb:32:79:5d:64:17:90:73:f1:51:68:7c:70:f6:
71:17:e3:f2:61:75:8f:ad:98:7a:ea:69:70:c7:e3:
e3:92:60:0b:e7:bf:0f:8a:c7:8e:7f:55:e1:85:0d:
3b:51:11:a5:2c:72:63:4d:22:58:fc:f6:cf:41:15:
6a:db:f8:25:37:c7:7e:9c:8a:f4:e5:44:fc:ff:e0:
fe:36:7b:a2:41:e6:eb:e5:a1:05:f4:2c:11:64:fc:
3f:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:6E:EB:09:06:88:B6:5F:4A:B0:74:4D:AB:60:45:7C:AF:44:E8:3F
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/YW7rCQaItl9KsHRNq2BFfK9E6D8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
9b:1b:74:cb:46:2d:87:53:a0:0b:8b:21:db:24:79:7c:39:14:
6b:ab:50:28:06:43:d8:bc:1f:9a:3c:bf:b5:da:d1:dd:4a:40:
31:b4:93:dc:2d:86:4f:06:77:bb:54:18:b4:3c:65:10:a6:c2:
47:64:b3:6b:7c:2c:bc:f2:2b:d6:71:5b:0c:eb:45:bd:ee:9e:
0a:4c:a0:a2:bd:27:2c:59:0a:fa:37:66:e1:d3:eb:e6:8d:cf:
7d:46:71:e5:cf:0e:19:99:ec:d7:c9:8c:cc:b3:85:a2:c5:f2:
7e:9a:70:84:dc:8e:ef:b2:4e:f5:7f:29:f2:29:2c:f7:e5:f1:
2c:1c:8d:56:f9:48:05:5d:af:48:fe:81:24:f9:83:b4:ac:cd:
b6:39:1e:cf:f9:e2:95:c9:cc:98:8e:3d:ad:08:5b:f5:90:e8:
69:16:69:93:c3:b6:03:2b:e6:10:ed:14:78:0e:bc:e3:0f:04:
34:b3:8e:d8:04:cc:3c:ea:f2:90:f9:de:dc:22:43:e9:3f:67:
5f:18:00:83:d9:20:b2:64:9c:98:97:3c:dd:2a:19:4a:94:f6:
50:ea:61:87:50:8c:e3:fb:e8:9c:07:13:81:45:cd:cf:71:55:
3d:f4:51:ef:97:98:a1:e9:49:0b:9c:6f:70:cc:4e:05:64:88:
fb:f7:17:23
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICH5UwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDEy
MDM4MzVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDYxNkVFQjA5MDY4OEI2
NUY0QUIwNzQ0REFCNjA0NTdDQUY0NEU4M0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCby+ElOXjIxRbECbm6AxtIITd/RnMrXBGiW8NY9AsfMF88qMRp
V3O4iCPergTgX/IWAvFfaoiZSpwevCPYzf4ljhLk4K5Rx7643Tzxyy4M5n6vJ562
/zaSR3SUymK2Zb+GZ5UcpdVGuJb6yJMNNrRvzdWGx3AZcbwU8vb3c4mcwRh65+G9
0yQtFbTJwQ81Cs3tpBEBHwJfoLc16W3Di1gafRbuWui7MnldZBeQc/FRaHxw9nEX
4/JhdY+tmHrqaXDH4+OSYAvnvw+Kx45/VeGFDTtREaUscmNNIlj89s9BFWrb+CU3
x36civTlRPz/4P42e6JB5uvloQX0LBFk/D8bAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUYW7rCQaItl9KsHRNq2BFfK9E6D8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvWVc3ckNRYUl0bDlL
c0hSTnEyQkZmSzlFNkQ4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAJsbdMtGLYdToAuLIdskeXw5FGur
UCgGQ9i8H5o8v7Xa0d1KQDG0k9wthk8Gd7tUGLQ8ZRCmwkdks2t8LLzyK9ZxWwzr
Rb3ungpMoKK9JyxZCvo3ZuHT6+aNz31GceXPDhmZ7NfJjMyzhaLF8n6acITcju+y
TvV/KfIpLPfl8SwcjVb5SAVdr0j+gST5g7SszbY5Hs/54pXJzJiOPa0IW/WQ6GkW
aZPDtgMr5hDtFHgOvOMPBDSzjtgEzDzq8pD53twiQ+k/Z18YAIPZILJknJiXPN0q
GUqU9lDqYYdQjOP76JwHE4FFzc9xVT30Ue+XmKHpSQucb3DMTgVkiPv3FyM=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:10:12 2025 by rpki-client