Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/_9zMHSWwrTC5WnlUu3TasOkQAqY.roa
File: _9zMHSWwrTC5WnlUu3TasOkQAqY.roa (raw, json)
Hash identifier: hlH+LIqnL9wuhvBMJgp1daZgTHRHS3RQavmH+1fJHI0=
Subject key identifier: FF:DC:CC:1D:25:B0:AD:30:B9:5A:79:54:BB:74:DA:B0:E9:10:02:A6
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C71
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/_9zMHSWwrTC5WnlUu3TasOkQAqY.roa
Signing time: Tue 27 May 2025 06:38:09 +0000
ROA not before: Tue 27 May 2025 06:38:09 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7281 (0x1c71)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 27 06:38:09 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FFDCCC1D25B0AD30B95A7954BB74DAB0E91002A6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:51:92:b5:82:5c:16:9d:28:ad:51:c9:9e:a8:
a8:c6:10:1d:87:98:82:74:44:e0:5f:e6:2d:e8:64:
2d:4a:43:37:86:8a:47:81:ed:e5:fa:a4:54:5d:e2:
ff:e9:10:59:a2:dc:3a:8c:82:50:b8:41:bb:40:56:
2d:ef:26:8b:46:a1:7b:c9:3c:df:51:98:83:c3:09:
5b:a3:eb:60:e0:a0:cc:ab:8d:d6:a5:f5:39:0d:68:
6f:72:6a:d3:3d:08:9a:d7:22:62:44:49:b5:21:58:
6e:c9:dd:1c:d8:5a:d7:7e:68:c3:ae:71:d1:fe:c9:
8f:77:da:2b:f9:fe:57:81:52:a8:7e:77:b9:37:de:
b2:ed:95:0b:a2:67:fc:dd:c4:b4:02:9a:32:20:db:
15:af:17:77:32:fe:fa:2c:c3:c2:68:07:df:bb:e6:
2c:be:fa:0d:44:b2:d3:47:a1:5d:85:7d:47:25:b0:
00:3e:f9:d6:d8:88:3f:9c:ff:f7:c4:da:38:cb:34:
b8:1a:6d:5b:dd:ae:4b:75:82:72:17:37:ef:1b:9a:
6c:58:4f:18:64:39:bd:aa:40:f2:52:cd:52:69:ef:
03:f4:e9:29:f6:95:fa:4b:94:61:29:9b:dc:7c:65:
5f:40:d8:16:42:ab:84:e9:61:77:b5:1a:36:bb:56:
99:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:DC:CC:1D:25:B0:AD:30:B9:5A:79:54:BB:74:DA:B0:E9:10:02:A6
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/_9zMHSWwrTC5WnlUu3TasOkQAqY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
96:e6:62:f7:7e:c9:c5:8c:b3:fd:66:fc:50:10:1c:09:4a:23:
70:13:56:7f:36:93:be:20:97:41:87:00:a5:48:12:a2:fd:0a:
5a:38:c8:e6:fa:6e:cd:90:c2:3d:fd:8b:71:4d:d5:1f:3f:af:
99:76:d1:09:23:d8:72:90:cc:80:18:1c:77:4c:aa:da:30:07:
2b:69:2a:6f:64:43:60:2a:b1:78:d3:0b:34:8b:6a:8c:f1:d0:
cc:b5:c9:3a:8d:99:14:f2:4c:dc:f6:87:d2:9b:cd:b9:99:46:
47:41:40:f6:85:e0:fc:e9:19:bc:ea:ff:57:59:c6:15:97:60:
47:e2:b2:0c:ca:b0:ab:34:67:a1:38:a6:a8:92:14:75:51:a8:
cf:d0:89:c0:34:64:72:fa:d2:e7:3c:2c:10:13:e1:26:21:30:
6c:c7:49:95:92:e9:0d:4a:af:fc:38:60:41:db:4c:4f:70:6a:
11:f9:12:57:73:b6:55:a1:07:4c:d5:9f:e6:a5:8e:9c:61:bd:
77:c0:ec:0e:c9:4c:84:36:e1:17:f6:d9:c2:24:06:bd:44:c4:
9f:f7:6b:a7:4d:fb:6b:3c:31:06:ca:c8:34:b5:db:17:7c:47:
90:0a:db:ab:9c:aa:6d:c0:3b:51:cd:6f:25:96:d7:38:13:a2:
0c:51:82:a6
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHHEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1Mjcw
NjM4MDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZGRENDQzFEMjVCMEFE
MzBCOTVBNzk1NEJCNzREQUIwRTkxMDAyQTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCUZK1glwWnSitUcmeqKjGEB2HmIJ0ROBf5i3oZC1KQzeGikeB
7eX6pFRd4v/pEFmi3DqMglC4QbtAVi3vJotGoXvJPN9RmIPDCVuj62DgoMyrjdal
9TkNaG9yatM9CJrXImJESbUhWG7J3RzYWtd+aMOucdH+yY932iv5/leBUqh+d7k3
3rLtlQuiZ/zdxLQCmjIg2xWvF3cy/vosw8JoB9+75iy++g1EstNHoV2FfUclsAA+
+dbYiD+c//fE2jjLNLgabVvdrkt1gnIXN+8bmmxYTxhkOb2qQPJSzVJp7wP06Sn2
lfpLlGEpm9x8ZV9A2BZCq4TpYXe1Gja7VpmdAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU/9zMHSWwrTC5WnlUu3TasOkQAqYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvXzl6TUhTV3dyVEM1
V25sVXUzVGFzT2tRQXFZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAJbmYvd+ycWMs/1m/FAQHAlKI3AT
Vn82k74gl0GHAKVIEqL9Clo4yOb6bs2Qwj39i3FN1R8/r5l20Qkj2HKQzIAYHHdM
qtowBytpKm9kQ2AqsXjTCzSLaozx0My1yTqNmRTyTNz2h9KbzbmZRkdBQPaF4Pzp
Gbzq/1dZxhWXYEfisgzKsKs0Z6E4pqiSFHVRqM/QicA0ZHL60uc8LBAT4SYhMGzH
SZWS6Q1Kr/w4YEHbTE9wahH5EldztlWhB0zVn+aljpxhvXfA7A7JTIQ24Rf22cIk
Br1ExJ/3a6dN+2s8MQbKyDS12xd8R5AK26ucqm3AO1HNbyWW1zgTogxRgqY=
-----END CERTIFICATE-----
Generated at Fri Jun 20 23:08:09 2025 by rpki-client