Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/aTzSBFQYwZtKHVjbLe85ssh903Y.roa
File: aTzSBFQYwZtKHVjbLe85ssh903Y.roa (raw, json)
Hash identifier: i2n882i7yAtPfDf3dk2HGuhWPvlQOtktufAchUp/5wA=
Subject key identifier: 69:3C:D2:04:54:18:C1:9B:4A:1D:58:DB:2D:EF:39:B2:C8:7D:D3:76
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1F08
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/aTzSBFQYwZtKHVjbLe85ssh903Y.roa
Signing time: Sat 31 May 2025 21:08:34 +0000
ROA not before: Sat 31 May 2025 21:08:34 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7944 (0x1f08)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 31 21:08:34 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=693CD2045418C19B4A1D58DB2DEF39B2C87DD376
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:55:ee:d2:d0:85:80:08:0b:2f:14:5d:eb:11:
e6:b4:38:03:88:5d:21:62:4b:8b:61:7f:b3:bb:9a:
b5:68:3a:0e:ad:54:96:a7:f4:94:a6:f9:13:18:6b:
1b:a9:31:08:15:6d:94:bc:94:01:79:5b:32:a6:69:
e1:ec:3a:1c:37:04:ba:26:b2:ae:1b:c9:bc:7c:0d:
f7:75:ba:19:2e:9c:fc:c9:9a:de:52:e8:3b:4b:ab:
72:f2:29:93:fb:61:13:dd:ff:cc:41:f8:86:c0:83:
5e:ba:96:1b:5e:a6:7f:a8:6a:52:ec:98:fe:5a:4d:
9e:66:6d:b7:d6:8c:a1:2f:a6:7a:49:f5:8f:4a:88:
1f:dd:79:49:81:ac:e1:fc:d9:44:fd:bb:c7:7a:11:
40:6c:4c:14:2d:ff:e1:87:4c:e5:fc:37:76:2e:7d:
7d:de:8d:d9:9b:ce:ab:11:48:36:32:6c:50:b9:e3:
74:22:7f:57:f2:04:45:f3:8a:5c:4c:f6:78:af:cb:
69:30:73:46:a8:26:4c:0b:77:da:4c:5d:9c:a1:d7:
d9:75:1c:17:b7:47:dc:d6:2f:ca:74:e0:4f:1e:9a:
c1:76:bc:0a:2d:67:47:6d:e0:e1:8f:a1:2b:46:43:
35:d4:b0:84:45:37:d3:1e:82:9f:21:3a:d6:fa:0f:
4f:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:3C:D2:04:54:18:C1:9B:4A:1D:58:DB:2D:EF:39:B2:C8:7D:D3:76
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/aTzSBFQYwZtKHVjbLe85ssh903Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
4c:6f:41:f5:f7:ff:c4:c7:e6:3d:a3:13:f1:2e:e0:09:68:bd:
57:db:26:32:02:c3:fd:d9:63:ea:12:07:a4:2b:19:a6:a4:b4:
02:f7:cf:4d:5f:77:ab:f3:c3:f7:b2:d1:5b:5d:73:45:27:63:
e8:16:85:f3:3c:3e:a3:3f:b7:c0:84:05:b3:f2:51:4d:09:c4:
3c:a7:ba:58:98:53:4e:44:f3:8c:d7:b2:cd:18:6f:92:c3:2e:
74:86:41:f1:89:cd:54:8f:fb:73:bd:24:8d:0d:82:19:dc:da:
c5:ac:2a:09:20:52:17:26:c3:90:80:25:df:1f:fb:21:7f:f1:
2e:a9:5c:d0:cc:44:53:b1:31:08:8b:b4:e1:33:f3:59:7e:52:
aa:88:14:2a:99:4e:88:17:ac:70:44:b7:13:2c:dd:f5:1d:9f:
c3:6d:92:c0:66:52:98:38:7d:70:78:cb:1f:f0:e8:ef:8e:30:
7f:d1:51:57:ab:65:3c:26:d3:5f:05:a6:46:2e:fd:48:12:fc:
00:05:7d:84:6e:c2:2c:82:bc:7e:19:69:bc:e3:c0:bf:3d:37:
36:b7:a4:10:52:a9:5d:d5:ff:c7:c9:4d:af:39:cb:46:ec:84:
3a:8d:6b:77:21:77:77:69:98:f4:6b:46:1f:fd:d2:66:2e:c4:
00:b9:28:b2
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHwgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MzEy
MTA4MzRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY5M0NEMjA0NTQxOEMx
OUI0QTFENThEQjJERUYzOUIyQzg3REQzNzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDcVe7S0IWACAsvFF3rEea0OAOIXSFiS4thf7O7mrVoOg6tVJan
9JSm+RMYaxupMQgVbZS8lAF5WzKmaeHsOhw3BLomsq4bybx8Dfd1uhkunPzJmt5S
6DtLq3LyKZP7YRPd/8xB+IbAg166lhtepn+oalLsmP5aTZ5mbbfWjKEvpnpJ9Y9K
iB/deUmBrOH82UT9u8d6EUBsTBQt/+GHTOX8N3YufX3ejdmbzqsRSDYybFC543Qi
f1fyBEXzilxM9nivy2kwc0aoJkwLd9pMXZyh19l1HBe3R9zWL8p04E8emsF2vAot
Z0dt4OGPoStGQzXUsIRFN9Megp8hOtb6D0/3AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUaTzSBFQYwZtKHVjbLe85ssh903YwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvYVR6U0JGUVl3WnRL
SFZqYkxlODVzc2g5MDNZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAExvQfX3/8TH5j2jE/Eu4AlovVfb
JjICw/3ZY+oSB6QrGaaktAL3z01fd6vzw/ey0Vtdc0UnY+gWhfM8PqM/t8CEBbPy
UU0JxDynuliYU05E84zXss0Yb5LDLnSGQfGJzVSP+3O9JI0Nghnc2sWsKgkgUhcm
w5CAJd8f+yF/8S6pXNDMRFOxMQiLtOEz81l+UqqIFCqZTogXrHBEtxMs3fUdn8Nt
ksBmUpg4fXB4yx/w6O+OMH/RUVerZTwm018FpkYu/UgS/AAFfYRuwiyCvH4Zabzj
wL89Nza3pBBSqV3V/8fJTa85y0bshDqNa3chd3dpmPRrRh/90mYuxAC5KLI=
-----END CERTIFICATE-----
Generated at Sun Jun 22 23:49:44 2025 by rpki-client