Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/_xrpnj5Xx0-yJ-bakWMAQ-ghOrw.roa
File: _xrpnj5Xx0-yJ-bakWMAQ-ghOrw.roa (raw, json)
Hash identifier: pBbIeLGj8kG2Hl8G/PIdvcRwl7qsRsTr9bAhCIS9U28=
Subject key identifier: FF:1A:E9:9E:3E:57:C7:4F:B2:27:E6:DA:91:63:00:43:E8:21:3A:BC
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2475
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/_xrpnj5Xx0-yJ-bakWMAQ-ghOrw.roa
Signing time: Tue 10 Jun 2025 12:39:05 +0000
ROA not before: Tue 10 Jun 2025 12:39:05 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9333 (0x2475)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 10 12:39:05 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FF1AE99E3E57C74FB227E6DA91630043E8213ABC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:f2:95:c9:b2:fa:e9:d6:9e:08:e2:08:55:b1:
36:dd:52:13:2c:ab:0c:c8:03:4c:f9:ea:e3:6a:db:
91:18:fc:2d:a2:de:07:2d:4b:f5:a6:84:ae:a7:39:
e6:ac:f9:91:65:20:7a:b1:65:f5:18:4d:a5:dc:0f:
ea:11:6f:cb:77:77:f9:24:56:ba:39:63:a3:64:09:
c3:ba:06:d6:5b:65:63:6e:a0:6f:ab:9f:e8:c8:b1:
98:94:90:81:53:f0:ec:04:46:ef:3d:99:ec:48:1c:
4c:81:49:33:58:16:88:c6:14:7d:28:0f:42:5d:c1:
f8:54:8c:fe:b9:b9:11:9f:e8:96:01:c8:fb:bb:d4:
77:dd:41:46:f0:7c:c6:f4:d5:d8:1f:74:1f:ed:db:
50:e6:bd:e5:e5:3b:b8:77:45:83:6a:85:27:86:94:
87:02:82:ba:fd:97:68:83:db:05:bc:ed:e4:9d:aa:
2e:0f:58:ac:0b:9b:89:3a:e7:3b:6f:2d:1e:27:71:
a3:c6:a5:82:1e:d4:5d:b2:23:79:99:dc:99:8f:ae:
00:83:69:e2:58:ec:b9:8b:4b:37:dd:01:35:ed:d5:
d2:2c:fa:2b:b0:ae:b2:52:f6:4f:73:bc:94:f0:99:
97:ad:ed:47:49:84:bb:5c:ba:fa:c0:97:c8:7b:4e:
a5:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:1A:E9:9E:3E:57:C7:4F:B2:27:E6:DA:91:63:00:43:E8:21:3A:BC
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/_xrpnj5Xx0-yJ-bakWMAQ-ghOrw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
b3:5e:a6:e1:0d:57:ea:f2:23:5f:4f:c2:8b:ed:b2:42:cd:5c:
86:9d:58:bb:32:e5:e4:f4:2d:aa:03:9a:58:1f:cb:e1:c9:80:
f7:f8:ad:7e:70:81:c3:20:35:70:06:e3:c9:d8:7e:df:a8:a7:
02:47:2b:bc:f2:38:2b:44:12:77:cf:f5:6d:88:39:aa:42:f1:
31:5b:75:9a:96:36:a7:26:d8:16:64:8a:11:4f:de:68:98:14:
50:b2:7f:21:02:5d:70:1e:a3:e9:ef:db:73:9b:9f:35:33:74:
58:84:22:7b:d4:58:d9:81:99:ef:97:3b:31:71:6a:d2:56:70:
2c:77:cb:e7:39:b1:61:14:30:44:ba:54:1a:8e:e3:13:2a:aa:
e3:3b:d5:f6:6a:8e:60:a7:93:f0:03:81:18:ab:ee:2f:7c:1a:
58:24:e4:82:a2:05:b5:78:48:8a:ed:d3:fd:0a:5a:d0:a3:6b:
23:99:9b:8d:dd:45:d1:58:f7:3a:66:60:02:c1:4b:aa:0a:e4:
1b:a2:f1:ee:83:49:62:c3:92:53:e5:92:de:cd:f5:d3:1d:9d:
14:b8:2b:8f:da:05:0f:4a:15:4e:ff:c8:ad:f2:a2:a3:87:1a:
d3:06:3e:30:bf:ca:0e:f0:f5:4a:95:61:48:3f:b8:1e:53:e2:
fe:b2:9c:3a
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJHUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTAx
MjM5MDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZGMUFFOTlFM0U1N0M3
NEZCMjI3RTZEQTkxNjMwMDQzRTgyMTNBQkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCd8pXJsvrp1p4I4ghVsTbdUhMsqwzIA0z56uNq25EY/C2i3gct
S/WmhK6nOeas+ZFlIHqxZfUYTaXcD+oRb8t3d/kkVro5Y6NkCcO6BtZbZWNuoG+r
n+jIsZiUkIFT8OwERu89mexIHEyBSTNYFojGFH0oD0JdwfhUjP65uRGf6JYByPu7
1HfdQUbwfMb01dgfdB/t21DmveXlO7h3RYNqhSeGlIcCgrr9l2iD2wW87eSdqi4P
WKwLm4k65ztvLR4ncaPGpYIe1F2yI3mZ3JmPrgCDaeJY7LmLSzfdATXt1dIs+iuw
rrJS9k9zvJTwmZet7UdJhLtcuvrAl8h7TqVxAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU/xrpnj5Xx0+yJ+bakWMAQ+ghOrwwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvX3hycG5qNVh4MC15
Si1iYWtXTUFRLWdoT3J3LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALNepuENV+ryI19PwovtskLNXIad
WLsy5eT0LaoDmlgfy+HJgPf4rX5wgcMgNXAG48nYft+opwJHK7zyOCtEEnfP9W2I
OapC8TFbdZqWNqcm2BZkihFP3miYFFCyfyECXXAeo+nv23ObnzUzdFiEInvUWNmB
me+XOzFxatJWcCx3y+c5sWEUMES6VBqO4xMqquM71fZqjmCnk/ADgRir7i98Glgk
5IKiBbV4SIrt0/0KWtCjayOZm43dRdFY9zpmYALBS6oK5Bui8e6DSWLDklPlkt7N
9dMdnRS4K4/aBQ9KFU7/yK3yoqOHGtMGPjC/yg7w9UqVYUg/uB5T4v6ynDo=
-----END CERTIFICATE-----
Generated at Sat Jun 21 11:01:58 2025 by rpki-client