Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Z0IBA3MHGmSaX55Rwc1ky7zbwmw.roa
File: Z0IBA3MHGmSaX55Rwc1ky7zbwmw.roa (raw, json)
Hash identifier: nkCE95fkWRwKvWw8BVq9O56rNDbjGsNaefKMJ8CU+Fk=
Subject key identifier: 67:42:01:03:73:07:1A:64:9A:5F:9E:51:C1:CD:64:CB:BC:DB:C2:6C
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C5F
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Z0IBA3MHGmSaX55Rwc1ky7zbwmw.roa
Signing time: Tue 27 May 2025 03:38:09 +0000
ROA not before: Tue 27 May 2025 03:38:09 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7263 (0x1c5f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 27 03:38:09 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6742010373071A649A5F9E51C1CD64CBBCDBC26C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:06:6e:b6:e6:96:15:db:ac:db:10:f8:bf:fa:
3d:b7:54:65:0b:24:ae:46:85:ca:bb:88:06:71:43:
02:03:dc:75:ae:56:45:48:8e:a6:87:e5:25:1d:46:
0b:3c:0f:4b:73:03:c6:1d:6e:4c:7f:bb:0c:7e:fa:
ef:bc:98:6b:6e:98:b1:5d:97:8f:35:1b:aa:71:76:
78:f9:0e:76:4b:ac:38:10:30:af:21:37:f5:05:14:
52:33:44:c4:66:ab:1e:0c:7a:2f:b4:17:f2:46:17:
44:7a:90:db:66:f0:e6:c1:7c:06:42:e5:f3:df:4a:
8f:76:9b:e3:8e:a6:b0:c3:09:dc:c2:c3:30:8f:99:
50:0c:e7:87:2a:77:47:e7:dd:71:cf:49:1a:ac:51:
ab:64:63:1f:5b:45:40:bd:44:55:2e:5b:85:6d:97:
4d:d3:bc:10:a5:9d:73:4c:5e:61:39:8f:81:66:ef:
fc:b2:c2:38:8b:95:72:b4:fa:f9:7a:38:4f:84:ab:
17:37:3c:f4:ad:ca:46:84:68:78:f6:b0:a9:a9:e1:
2b:23:e2:48:cf:8e:67:6e:23:81:a5:06:2d:bf:68:
16:7c:8d:13:ab:42:e5:b1:59:65:10:4f:0f:00:47:
15:fd:63:c3:8f:f7:a6:35:83:23:cc:6d:b3:e9:21:
00:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:42:01:03:73:07:1A:64:9A:5F:9E:51:C1:CD:64:CB:BC:DB:C2:6C
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Z0IBA3MHGmSaX55Rwc1ky7zbwmw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
00:d1:d2:35:74:8d:28:8e:89:38:88:51:6a:e6:a5:86:41:f7:
54:f3:54:f0:57:74:2d:b3:32:ae:2d:d7:f9:ce:a0:47:6d:b7:
c5:9e:42:00:b1:cf:b9:62:02:c7:de:2a:d7:47:a7:2f:21:33:
ba:eb:c2:9b:fd:65:00:bc:3a:eb:ce:0e:7c:7e:a4:49:cc:07:
96:cb:5a:ed:a4:87:8d:bf:19:51:4b:80:2d:9a:f1:30:be:1b:
26:07:55:29:c6:3a:47:ad:ff:c9:80:a4:a0:8b:c1:a7:f5:4a:
57:50:ab:7a:3a:1d:8a:31:d4:ac:df:22:ba:97:d0:58:74:3e:
6b:74:4d:97:e9:f2:1b:03:78:8b:81:d3:ea:f4:e0:ed:2a:38:
c4:0b:76:0d:e8:9f:da:bf:0e:f5:00:a2:d8:da:c2:0e:1a:40:
21:17:e8:04:05:4a:8a:14:67:7d:bd:18:2d:fa:97:ba:9e:4f:
f5:46:2c:fa:d7:ef:d7:44:a5:6d:51:32:b5:f2:ea:55:b1:b8:
5a:89:9b:dc:dd:8a:0a:b7:2d:ab:99:fe:fd:b2:a6:c9:0c:45:
72:a0:8b:47:df:fc:27:75:41:7d:b9:a1:0d:4c:5b:23:30:2a:
24:88:7a:66:8d:b0:74:12:cf:13:ee:f3:6f:a9:cb:aa:bf:8e:
df:14:e9:d7
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHF8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1Mjcw
MzM4MDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY3NDIwMTAzNzMwNzFB
NjQ5QTVGOUU1MUMxQ0Q2NENCQkNEQkMyNkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBBm625pYV26zbEPi/+j23VGULJK5Ghcq7iAZxQwID3HWuVkVI
jqaH5SUdRgs8D0tzA8Ydbkx/uwx++u+8mGtumLFdl481G6pxdnj5DnZLrDgQMK8h
N/UFFFIzRMRmqx4Mei+0F/JGF0R6kNtm8ObBfAZC5fPfSo92m+OOprDDCdzCwzCP
mVAM54cqd0fn3XHPSRqsUatkYx9bRUC9RFUuW4Vtl03TvBClnXNMXmE5j4Fm7/yy
wjiLlXK0+vl6OE+Eqxc3PPStykaEaHj2sKmp4Ssj4kjPjmduI4GlBi2/aBZ8jROr
QuWxWWUQTw8ARxX9Y8OP96Y1gyPMbbPpIQDzAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUZ0IBA3MHGmSaX55Rwc1ky7zbwmwwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvWjBJQkEzTUhHbVNh
WDU1UndjMWt5N3pid213LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAADR0jV0jSiOiTiIUWrmpYZB91Tz
VPBXdC2zMq4t1/nOoEdtt8WeQgCxz7liAsfeKtdHpy8hM7rrwpv9ZQC8OuvODnx+
pEnMB5bLWu2kh42/GVFLgC2a8TC+GyYHVSnGOket/8mApKCLwaf1SldQq3o6HYox
1KzfIrqX0Fh0Pmt0TZfp8hsDeIuB0+r04O0qOMQLdg3on9q/DvUAotjawg4aQCEX
6AQFSooUZ329GC36l7qeT/VGLPrX79dEpW1RMrXy6lWxuFqJm9zdigq3LauZ/v2y
pskMRXKgi0ff/Cd1QX25oQ1MWyMwKiSIemaNsHQSzxPu82+py6q/jt8U6dc=
-----END CERTIFICATE-----
Generated at Fri Jun 20 18:19:40 2025 by rpki-client