Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/aMip1UZtTAQscxKp3XWPW3oi_C8.roa
File: aMip1UZtTAQscxKp3XWPW3oi_C8.roa (raw, json)
Hash identifier: px9cTv1pyx0iMUHz99tv3i8Ks78qIv60uuh3X87IXkc=
Subject key identifier: 68:C8:A9:D5:46:6D:4C:04:2C:73:12:A9:DD:75:8F:5B:7A:22:FC:2F
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 25B9
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/aMip1UZtTAQscxKp3XWPW3oi_C8.roa
Signing time: Thu 12 Jun 2025 18:39:14 +0000
ROA not before: Thu 12 Jun 2025 18:39:14 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9657 (0x25b9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 18:39:14 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=68C8A9D5466D4C042C7312A9DD758F5B7A22FC2F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:44:64:99:2a:09:40:fb:33:47:9e:12:1c:92:
a3:58:43:63:2f:b7:e0:95:5d:c1:7c:06:61:4e:8a:
dc:e3:d6:0a:4f:cc:fe:ed:e8:d1:63:9a:a2:81:47:
0c:32:1a:fa:8a:9d:de:2e:00:a2:c6:3b:e7:74:07:
86:38:dd:35:98:48:f3:55:11:2e:12:e1:0c:b5:93:
7a:8b:b6:99:f7:cc:2a:6b:01:35:b2:c2:b2:57:00:
1f:d4:c6:f9:45:7b:21:d5:0e:cb:66:9a:b2:83:8c:
74:64:fe:87:9c:3b:82:6f:38:59:ff:52:3e:f5:bb:
8c:b8:17:b1:df:c0:6b:b2:66:79:3b:56:a8:b2:aa:
3e:03:df:ac:b6:bd:65:30:87:4d:10:61:58:f2:a3:
1b:b9:74:19:ac:92:0a:d2:3f:98:fc:d6:fb:35:42:
e2:c4:9e:5a:99:4e:f5:df:a6:ac:f4:45:f6:54:08:
41:b2:e7:98:6b:d6:ed:65:9b:09:84:b8:a9:b7:31:
c2:a4:7c:41:33:e4:4d:f8:93:54:b9:49:41:58:bb:
4c:8f:3b:2b:5d:43:d9:9c:21:4a:fc:52:37:09:8d:
b6:2c:59:4a:fd:47:d5:58:c8:ca:b6:e0:5d:75:03:
2e:34:e0:db:2d:37:72:6e:01:43:fc:a4:e4:fd:d0:
95:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:C8:A9:D5:46:6D:4C:04:2C:73:12:A9:DD:75:8F:5B:7A:22:FC:2F
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/aMip1UZtTAQscxKp3XWPW3oi_C8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
b8:67:82:94:8d:4c:31:6b:fc:05:29:1e:58:b5:cb:67:56:6f:
12:8c:5a:87:5b:92:8b:ee:2a:50:4d:36:87:19:24:94:ba:3f:
e8:39:0a:7d:f1:71:f4:ae:2f:84:49:69:49:9c:bf:d6:ab:38:
f1:72:b4:c4:66:f2:fc:9f:a9:8a:4e:26:6e:59:3e:6b:2d:6c:
d6:ce:e0:7c:48:e0:0e:20:f4:84:44:85:c4:e8:46:8d:bd:6a:
4f:5a:cf:ad:87:d2:2a:4c:65:43:03:c4:ba:dc:44:e4:e6:07:
fb:68:7a:b8:70:63:b1:cb:6c:af:3c:4b:f2:ee:cb:1e:66:81:
75:55:37:6f:43:0e:a6:df:31:1f:2c:fd:25:46:66:c2:28:4d:
d1:2b:51:4e:d8:3c:93:3b:a0:01:ca:20:33:97:18:8e:46:44:
ff:87:4a:8a:b8:3f:79:06:4e:75:a9:b2:22:62:97:c6:19:d8:
09:5c:d6:20:a2:23:2d:e4:55:a5:b3:32:95:04:66:56:ae:67:
f8:3b:ec:d2:a3:86:68:5d:da:3b:69:44:ab:dd:dd:61:ef:5f:
fd:63:e8:2c:65:63:0a:18:60:56:b9:af:cd:6d:ba:30:6e:8d:
54:4f:51:48:6a:dc:ca:f3:10:8d:72:d8:4d:81:2c:ef:7e:77:
6c:83:84:c7
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJbkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIx
ODM5MTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY4QzhBOUQ1NDY2RDRD
MDQyQzczMTJBOURENzU4RjVCN0EyMkZDMkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMRGSZKglA+zNHnhIckqNYQ2Mvt+CVXcF8BmFOitzj1gpPzP7t
6NFjmqKBRwwyGvqKnd4uAKLGO+d0B4Y43TWYSPNVES4S4Qy1k3qLtpn3zCprATWy
wrJXAB/UxvlFeyHVDstmmrKDjHRk/oecO4JvOFn/Uj71u4y4F7HfwGuyZnk7Vqiy
qj4D36y2vWUwh00QYVjyoxu5dBmskgrSP5j81vs1QuLEnlqZTvXfpqz0RfZUCEGy
55hr1u1lmwmEuKm3McKkfEEz5E34k1S5SUFYu0yPOytdQ9mcIUr8UjcJjbYsWUr9
R9VYyMq24F11Ay404NstN3JuAUP8pOT90JXHAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUaMip1UZtTAQscxKp3XWPW3oi/C8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvYU1pcDFVWnRUQVFz
Y3hLcDNYV1BXM29pX0M4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALhngpSNTDFr/AUpHli1y2dWbxKM
WodbkovuKlBNNocZJJS6P+g5Cn3xcfSuL4RJaUmcv9arOPFytMRm8vyfqYpOJm5Z
PmstbNbO4HxI4A4g9IREhcToRo29ak9az62H0ipMZUMDxLrcROTmB/toerhwY7HL
bK88S/Luyx5mgXVVN29DDqbfMR8s/SVGZsIoTdErUU7YPJM7oAHKIDOXGI5GRP+H
Soq4P3kGTnWpsiJil8YZ2Alc1iCiIy3kVaWzMpUEZlauZ/g77NKjhmhd2jtpRKvd
3WHvX/1j6CxlYwoYYFa5r81tujBujVRPUUhq3MrzEI1y2E2BLO9+d2yDhMc=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:56:35 2025 by rpki-client