Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/YpD4Yzoco-8TKDy4CCk6j-xQAFY.roa
File: YpD4Yzoco-8TKDy4CCk6j-xQAFY.roa (raw, json)
Hash identifier: mBAiX/nhaOGi+ciGfZ9WhZK7kCmaOUqlQZVp5UMbq3o=
Subject key identifier: 62:90:F8:63:3A:1C:A3:EF:13:28:3C:B8:08:29:3A:8F:EC:50:00:56
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 21D2
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/YpD4Yzoco-8TKDy4CCk6j-xQAFY.roa
Signing time: Thu 05 Jun 2025 20:08:48 +0000
ROA not before: Thu 05 Jun 2025 20:08:48 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8658 (0x21d2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 20:08:48 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6290F8633A1CA3EF13283CB808293A8FEC500056
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:97:55:2d:ea:bc:e1:60:ae:48:3a:e2:77:8d:
1c:44:fa:73:6d:54:6b:df:6f:3c:df:53:9a:73:99:
13:a6:bd:5e:f9:e3:75:1c:be:f3:26:6e:7e:f4:56:
d4:32:e5:9e:cf:38:9d:48:f9:00:7c:c6:db:c2:54:
fa:ce:c2:a0:d1:12:9b:69:69:f9:2f:5b:b7:78:99:
3e:68:a8:0d:61:f4:4b:d4:d5:9d:18:dc:78:23:c9:
65:c4:7d:2a:f3:fd:3e:71:9e:d6:ca:8a:7d:84:37:
d4:fa:c4:f8:8d:35:20:62:b8:2c:e3:c6:76:ad:38:
5d:d9:04:03:2e:54:84:2a:04:ac:ec:c5:e4:4f:be:
fa:c0:8f:97:5f:e6:8b:0e:b5:ac:8c:37:62:a3:e0:
4a:9b:f6:37:7c:32:0a:3d:f3:55:a7:d4:c8:53:16:
6e:7a:e2:23:d5:10:15:42:23:93:5e:e5:ff:38:f4:
3f:f8:66:38:78:03:96:d2:49:18:72:bf:b0:22:f6:
32:1b:13:56:f3:cb:1f:e1:73:f1:1a:a3:db:19:1c:
e9:f5:a6:81:d1:48:bf:94:79:d6:37:87:24:45:a8:
46:fd:2b:5d:07:b1:ea:7b:90:02:e1:6c:49:d1:56:
3a:6e:4f:51:c1:48:ce:aa:3a:eb:fb:22:d4:44:e1:
54:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:90:F8:63:3A:1C:A3:EF:13:28:3C:B8:08:29:3A:8F:EC:50:00:56
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/YpD4Yzoco-8TKDy4CCk6j-xQAFY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
87:ce:3e:80:0e:cb:5c:05:3b:35:f7:50:b7:8f:2c:8f:8c:35:
98:db:83:23:22:13:26:b7:42:58:0f:cc:fb:0f:2b:a4:1a:e5:
57:31:fa:b8:1b:cc:87:01:b4:84:a7:16:9d:8f:c4:e5:17:85:
05:08:11:1a:e8:9a:8b:79:3c:cf:bb:b3:dd:a8:b6:5a:ac:e6:
2e:95:92:26:ee:05:42:29:6e:ae:18:b5:de:7b:3c:18:07:9f:
c9:99:d8:37:35:50:40:29:ec:a5:41:8e:11:db:8e:1a:18:93:
8b:e3:a4:c6:de:97:3e:7e:dc:42:11:3a:3c:a9:f9:0d:12:1a:
ab:85:42:c5:bc:07:9c:4c:64:8b:cd:11:29:28:09:bb:7e:50:
13:9e:4a:98:a9:64:b0:27:ef:17:b4:7c:71:5f:57:c1:24:2e:
88:5d:eb:7f:d8:d3:f6:ff:1d:a3:3c:b0:a5:e5:51:ef:b6:c1:
2f:fb:09:1a:a1:ae:b1:4b:ce:bf:6e:b9:ef:32:ff:77:19:48:
a2:67:1f:01:cb:ed:ba:8d:a4:6d:95:1b:53:d6:11:60:3e:a4:
7f:54:9d:72:c5:bc:15:7c:68:7b:53:c3:a4:ec:66:ad:88:c8:
64:05:76:40:0d:9d:73:a9:ed:7e:15:0c:53:7e:48:c8:14:17:
54:31:35:26
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIdIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUy
MDA4NDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDYyOTBGODYzM0ExQ0Ez
RUYxMzI4M0NCODA4MjkzQThGRUM1MDAwNTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCVl1Ut6rzhYK5IOuJ3jRxE+nNtVGvfbzzfU5pzmROmvV7543Uc
vvMmbn70VtQy5Z7POJ1I+QB8xtvCVPrOwqDREptpafkvW7d4mT5oqA1h9EvU1Z0Y
3HgjyWXEfSrz/T5xntbKin2EN9T6xPiNNSBiuCzjxnatOF3ZBAMuVIQqBKzsxeRP
vvrAj5df5osOtayMN2Kj4Eqb9jd8Mgo981Wn1MhTFm564iPVEBVCI5Ne5f849D/4
Zjh4A5bSSRhyv7Ai9jIbE1bzyx/hc/Eao9sZHOn1poHRSL+UedY3hyRFqEb9K10H
sep7kALhbEnRVjpuT1HBSM6qOuv7ItRE4VR1AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUYpD4Yzoco+8TKDy4CCk6j+xQAFYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvWXBENFl6b2NvLThU
S0R5NENDazZqLXhRQUZZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAIfOPoAOy1wFOzX3ULePLI+MNZjb
gyMiEya3QlgPzPsPK6Qa5Vcx+rgbzIcBtISnFp2PxOUXhQUIERromot5PM+7s92o
tlqs5i6VkibuBUIpbq4Ytd57PBgHn8mZ2Dc1UEAp7KVBjhHbjhoYk4vjpMbelz5+
3EIROjyp+Q0SGquFQsW8B5xMZIvNESkoCbt+UBOeSpipZLAn7xe0fHFfV8EkLohd
63/Y0/b/HaM8sKXlUe+2wS/7CRqhrrFLzr9uue8y/3cZSKJnHwHL7bqNpG2VG1PW
EWA+pH9UnXLFvBV8aHtTw6TsZq2IyGQFdkANnXOp7X4VDFN+SMgUF1QxNSY=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:39:46 2025 by rpki-client