Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/_1mQ0YajQ6-Qu8Mu3AQ7mA2HxTE.roa
File: _1mQ0YajQ6-Qu8Mu3AQ7mA2HxTE.roa (raw, json)
Hash identifier: YKkJbrPVnoxaRAbZggxw0S64pqK9r8SZxx1MhwrXkZ8=
Subject key identifier: FF:59:90:D1:86:A3:43:AF:90:BB:C3:2E:DC:04:3B:98:0D:87:C5:31
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1F7A
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/_1mQ0YajQ6-Qu8Mu3AQ7mA2HxTE.roa
Signing time: Sun 01 Jun 2025 16:08:39 +0000
ROA not before: Sun 01 Jun 2025 16:08:39 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8058 (0x1f7a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 1 16:08:39 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FF5990D186A343AF90BBC32EDC043B980D87C531
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:4e:9d:16:f0:71:67:b4:89:4f:c6:c9:29:78:
ac:d1:af:14:3c:4c:2e:e6:a7:3a:1d:81:c2:05:f8:
fe:e9:b4:36:a6:4f:23:13:b7:57:47:aa:30:41:6e:
13:8a:df:ac:87:e6:18:5c:74:87:de:55:18:3a:d8:
3b:ce:5b:05:f3:a6:d8:15:7d:0d:08:65:3b:9c:ee:
ab:28:c0:1d:f2:e7:c4:e8:2b:71:7b:d3:36:cb:03:
5f:d8:7e:24:c9:40:5d:c8:7e:c2:31:ea:75:23:55:
44:de:ef:75:7a:95:1e:26:06:cb:e7:5c:01:a5:d2:
c3:44:df:cc:29:40:18:c5:78:cd:1e:75:bf:75:99:
60:08:64:5a:a0:e6:d9:dd:f8:8e:fa:59:94:6d:f1:
59:9a:3f:2b:9c:dc:80:2c:84:25:7e:fe:7f:0d:75:
67:98:3b:20:43:c5:6c:e9:2b:5c:ff:80:7a:d0:4e:
07:9a:32:ec:cd:3d:ee:53:ef:02:2b:68:fb:61:98:
d2:93:a3:61:58:83:6f:83:07:8f:e6:3f:61:fc:24:
40:49:bd:f6:3e:e7:9c:fa:77:4f:ff:a8:d4:bf:86:
a2:58:f3:54:ef:81:b4:23:bb:93:81:94:dc:bd:c5:
14:f5:6d:b8:6a:53:fe:cf:3b:63:92:b8:06:f3:b4:
c2:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:59:90:D1:86:A3:43:AF:90:BB:C3:2E:DC:04:3B:98:0D:87:C5:31
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/_1mQ0YajQ6-Qu8Mu3AQ7mA2HxTE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
7e:a2:83:92:97:88:e7:44:bf:ec:86:14:39:59:6f:6d:51:90:
dd:72:29:67:22:8a:18:a0:6e:d9:87:a2:f8:12:92:9d:02:00:
ed:99:b4:4f:fd:01:be:e8:19:9a:a3:71:92:dd:9c:93:b2:7f:
5f:63:24:e2:2e:c6:ff:d3:f4:85:a5:8a:2b:1e:e1:ce:19:51:
aa:12:4d:6e:d8:2f:55:2d:8a:e2:5c:85:3d:3d:b8:96:d0:6f:
16:e4:5f:c0:c7:69:67:cb:d9:fc:be:b8:c4:37:da:d4:8c:9a:
ec:fe:3b:7b:3a:8f:f9:cc:a8:50:db:8d:52:42:e6:66:fe:a3:
02:28:11:f8:49:9d:7c:bf:b2:e9:01:4a:3d:b5:46:9b:26:a1:
a7:b2:d5:85:5f:af:ac:55:be:82:87:e0:0f:3b:7f:ac:a8:d7:
dd:ab:5c:35:2a:4b:6e:cc:e0:cb:f0:e4:25:8b:a3:7b:57:b5:
2b:6b:23:cf:05:79:4a:90:28:90:be:67:6f:dc:95:39:9d:1d:
24:8a:51:70:e8:86:b8:a2:92:bb:97:e5:92:09:a0:3e:76:3f:
a8:81:3f:bd:4b:72:91:ee:78:74:aa:55:9a:11:43:dd:b2:2e:
cc:56:dc:aa:51:28:5e:99:46:c2:54:62:9a:f2:7a:2e:c6:c3:
c7:d3:87:b2
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICH3owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDEx
NjA4MzlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZGNTk5MEQxODZBMzQz
QUY5MEJCQzMyRURDMDQzQjk4MEQ4N0M1MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDTp0W8HFntIlPxskpeKzRrxQ8TC7mpzodgcIF+P7ptDamTyMT
t1dHqjBBbhOK36yH5hhcdIfeVRg62DvOWwXzptgVfQ0IZTuc7qsowB3y58ToK3F7
0zbLA1/YfiTJQF3IfsIx6nUjVUTe73V6lR4mBsvnXAGl0sNE38wpQBjFeM0edb91
mWAIZFqg5tnd+I76WZRt8VmaPyuc3IAshCV+/n8NdWeYOyBDxWzpK1z/gHrQTgea
MuzNPe5T7wIraPthmNKTo2FYg2+DB4/mP2H8JEBJvfY+55z6d0//qNS/hqJY81Tv
gbQju5OBlNy9xRT1bbhqU/7PO2OSuAbztMJZAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU/1mQ0YajQ6+Qu8Mu3AQ7mA2HxTEwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvXzFtUTBZYWpRNi1R
dThNdTNBUTdtQTJIeFRFLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAH6ig5KXiOdEv+yGFDlZb21RkN1y
KWciihigbtmHovgSkp0CAO2ZtE/9Ab7oGZqjcZLdnJOyf19jJOIuxv/T9IWliise
4c4ZUaoSTW7YL1UtiuJchT09uJbQbxbkX8DHaWfL2fy+uMQ32tSMmuz+O3s6j/nM
qFDbjVJC5mb+owIoEfhJnXy/sukBSj21Rpsmoaey1YVfr6xVvoKH4A87f6yo192r
XDUqS27M4Mvw5CWLo3tXtStrI88FeUqQKJC+Z2/clTmdHSSKUXDohriikruX5ZIJ
oD52P6iBP71LcpHueHSqVZoRQ92yLsxW3KpRKF6ZRsJUYpryei7Gw8fTh7I=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:20:19 2025 by rpki-client