Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/_rcVTX0CPZfRQMhmbMYkOaHUrR8.roa
File: _rcVTX0CPZfRQMhmbMYkOaHUrR8.roa (raw, json)
Hash identifier: 3S6zbAnoSZ+cUF0VZL/6FOP8HbjbAv2Dqf0BPhC58MM=
Subject key identifier: FE:B7:15:4D:7D:02:3D:97:D1:40:C8:66:6C:C6:24:39:A1:D4:AD:1F
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 266D
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/_rcVTX0CPZfRQMhmbMYkOaHUrR8.roa
Signing time: Sat 14 Jun 2025 00:39:37 +0000
ROA not before: Sat 14 Jun 2025 00:39:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9837 (0x266d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 14 00:39:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FEB7154D7D023D97D140C8666CC62439A1D4AD1F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:6d:c2:d5:00:1d:3e:f7:2e:78:63:03:e6:d5:
95:fb:b1:ba:fe:39:51:82:74:fa:29:14:0f:5f:2b:
95:d3:10:a7:ee:f0:f5:00:ca:3b:6e:b1:1d:e6:48:
b0:b5:97:2f:b8:32:c8:97:50:58:9d:ea:32:21:ed:
12:99:83:30:6d:36:d4:8e:1e:64:4a:df:0d:1e:32:
60:38:a8:1f:0f:9c:91:57:c3:d0:b3:18:d2:4f:2e:
db:73:fa:d4:64:b2:b6:06:21:53:97:79:43:c1:38:
b4:4b:ae:17:09:f1:f4:72:ac:fe:53:30:2c:8b:f2:
6e:be:93:47:15:b8:64:cc:41:98:14:3b:f3:15:82:
10:06:2f:ff:0b:9a:73:26:b8:71:6d:5f:7e:ff:71:
2e:b2:fc:31:6f:78:de:54:27:4c:6c:88:13:4b:76:
93:c9:dd:3e:83:40:20:0b:bb:e2:00:b4:cb:68:3b:
f5:0a:44:15:b1:bf:b6:34:5b:4f:05:1b:97:a2:0d:
1f:fa:bd:a7:d1:3d:b4:74:34:59:55:82:38:48:4c:
a3:39:50:d4:65:65:e2:80:e1:00:9b:cb:eb:61:3d:
2c:3b:d3:eb:a1:b5:80:5b:01:bc:d1:e1:48:61:8f:
5d:58:3e:9d:17:28:b2:fc:95:8f:1e:e0:6b:54:8a:
d0:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:B7:15:4D:7D:02:3D:97:D1:40:C8:66:6C:C6:24:39:A1:D4:AD:1F
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/_rcVTX0CPZfRQMhmbMYkOaHUrR8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
a7:f5:79:4e:1e:ca:09:79:2c:be:59:42:e1:7a:ab:8f:fd:56:
1f:a7:88:59:5c:43:ce:c6:d0:1b:e0:b4:4a:1c:ad:36:bc:3f:
5e:41:d1:34:35:f7:47:b4:00:8b:e8:e3:fa:2f:8c:35:85:5b:
4b:9b:c0:2e:c6:74:ae:1c:9d:9b:6f:99:7f:3c:e1:df:c4:37:
c6:47:87:fd:62:21:4d:9e:e7:53:57:ed:ae:bf:ff:69:a3:1c:
86:43:11:7e:11:69:48:7a:83:81:ab:d6:d7:c9:b5:00:8e:9e:
30:84:5e:20:65:75:97:00:62:42:9d:23:87:2f:2b:e9:17:74:
d7:fb:eb:08:3d:ed:b6:ed:59:24:c8:1f:a2:c3:88:f3:9c:af:
c7:c3:2c:da:9f:80:88:50:67:0f:c5:ff:05:50:9c:27:01:3e:
45:a1:96:13:81:fe:69:b7:fe:3b:fe:3c:37:c9:25:8a:a7:34:
05:db:57:3d:4a:c1:38:a9:88:84:59:2b:c1:a6:cd:2a:1a:ca:
f5:5b:04:14:c5:97:bf:d7:bf:eb:56:7b:d8:d1:d5:ea:07:42:
ee:77:f7:5d:92:b9:47:d9:b9:ff:84:44:e3:29:45:c0:59:7c:
ba:c7:a5:4b:97:64:91:5f:d4:79:e1:db:d2:5b:23:bd:fe:a2:
a6:97:dd:3c
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJm0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTQw
MDM5MzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZFQjcxNTREN0QwMjNE
OTdEMTQwQzg2NjZDQzYyNDM5QTFENEFEMUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDbcLVAB0+9y54YwPm1ZX7sbr+OVGCdPopFA9fK5XTEKfu8PUA
yjtusR3mSLC1ly+4MsiXUFid6jIh7RKZgzBtNtSOHmRK3w0eMmA4qB8PnJFXw9Cz
GNJPLttz+tRksrYGIVOXeUPBOLRLrhcJ8fRyrP5TMCyL8m6+k0cVuGTMQZgUO/MV
ghAGL/8LmnMmuHFtX37/cS6y/DFveN5UJ0xsiBNLdpPJ3T6DQCALu+IAtMtoO/UK
RBWxv7Y0W08FG5eiDR/6vafRPbR0NFlVgjhITKM5UNRlZeKA4QCby+thPSw70+uh
tYBbAbzR4Uhhj11YPp0XKLL8lY8e4GtUitBbAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU/rcVTX0CPZfRQMhmbMYkOaHUrR8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvX3JjVlRYMENQWmZS
UU1obWJNWWtPYUhVclI4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAKf1eU4eygl5LL5ZQuF6q4/9Vh+n
iFlcQ87G0BvgtEocrTa8P15B0TQ190e0AIvo4/ovjDWFW0ubwC7GdK4cnZtvmX88
4d/EN8ZHh/1iIU2e51NX7a6//2mjHIZDEX4RaUh6g4Gr1tfJtQCOnjCEXiBldZcA
YkKdI4cvK+kXdNf76wg97bbtWSTIH6LDiPOcr8fDLNqfgIhQZw/F/wVQnCcBPkWh
lhOB/mm3/jv+PDfJJYqnNAXbVz1KwTipiIRZK8GmzSoayvVbBBTFl7/Xv+tWe9jR
1eoHQu53912SuUfZuf+EROMpRcBZfLrHpUuXZJFf1Hnh29JbI73+oqaX3Tw=
-----END CERTIFICATE-----
Generated at Sat Jun 21 15:01:59 2025 by rpki-client