Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/aya8tEK6kwS0b_gEkSETbQueWIQ.roa
File: aya8tEK6kwS0b_gEkSETbQueWIQ.roa (raw, json)
Hash identifier: zYlxtxUG/yxHzZtuZdQ9ZXLAJKZCh3EuVt5AvgzWIMk=
Subject key identifier: 6B:26:BC:B4:42:BA:93:04:B4:6F:F8:04:91:21:13:6D:0B:9E:58:84
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 22DC
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/aya8tEK6kwS0b_gEkSETbQueWIQ.roa
Signing time: Sat 07 Jun 2025 16:38:52 +0000
ROA not before: Sat 07 Jun 2025 16:38:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8924 (0x22dc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 7 16:38:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6B26BCB442BA9304B46FF8049121136D0B9E5884
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:e8:58:ba:d9:63:7e:bb:b1:36:08:9a:b1:6a:
48:3e:23:6c:21:dd:5c:ec:2a:c0:9f:46:db:81:4d:
c0:93:2c:f6:a7:2f:4a:55:da:46:e2:86:dd:3b:08:
62:31:80:a4:0d:5c:3f:0d:3b:d8:98:ad:2c:b5:a9:
0e:f7:88:5e:7a:a6:8c:e6:85:26:66:72:54:e7:bf:
c8:5b:5f:10:04:9a:06:bc:f4:fd:4c:5f:4c:3e:9a:
c5:88:a7:6d:04:3e:53:f1:de:13:38:06:9f:8e:c4:
5a:b1:5c:f7:0a:f0:00:c8:87:d1:49:98:ee:cc:fa:
99:23:5f:51:b0:96:0c:34:4d:52:49:c7:5b:cf:02:
28:90:ef:8b:c8:53:ba:96:21:8c:a7:c0:4a:96:6b:
26:0d:b8:b2:a9:71:b9:86:5d:05:76:13:e4:8a:50:
0b:be:16:84:84:fc:b1:90:b4:20:69:3c:4f:ce:0f:
71:e8:c4:c3:9e:d7:fc:df:43:9c:09:18:15:ed:38:
a0:b0:3b:3a:42:08:f1:45:c8:60:22:9d:4b:93:18:
a8:7f:23:7c:85:95:fe:64:e8:7f:3d:9c:08:69:54:
4e:b9:23:19:76:ca:47:d3:fc:30:83:8a:71:05:b7:
38:48:96:30:45:87:69:87:a7:2d:82:b2:d5:58:cf:
b5:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:26:BC:B4:42:BA:93:04:B4:6F:F8:04:91:21:13:6D:0B:9E:58:84
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/aya8tEK6kwS0b_gEkSETbQueWIQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
23:5f:d9:56:54:82:39:ea:2c:ac:be:d3:b4:91:cd:03:5d:1e:
e4:8d:53:33:c5:f6:88:73:14:7c:eb:85:b6:c1:4e:04:32:da:
7a:97:73:42:90:4d:f1:c1:d7:bd:11:e6:33:60:f1:45:06:a5:
52:2d:9e:08:92:78:7a:b1:1e:8d:4a:dc:4d:d5:32:b5:f5:56:
b1:6d:31:6c:9c:31:2f:af:cd:a3:50:d6:b2:2a:4f:89:71:dd:
aa:6c:93:a2:70:5f:90:63:33:ce:c3:0a:e7:46:6e:d5:60:1f:
73:03:31:9c:3e:fc:0d:5e:af:3b:c5:71:e6:34:a9:7e:85:e5:
0a:c6:08:34:1d:94:46:16:87:33:ed:dd:1c:6d:85:9c:39:fd:
51:e2:56:db:8f:0d:91:3f:06:00:ed:74:72:93:6e:17:10:83:
4a:64:06:ed:4f:0a:99:bb:22:fe:07:e7:2c:62:9f:33:d7:38:
57:a8:bc:6c:dd:e0:3f:80:59:85:5e:f7:38:3b:04:8d:ae:fa:
c6:41:fb:d6:3b:99:d1:a3:62:1f:80:c4:d7:37:00:e4:fc:e6:
af:b3:67:11:0d:88:01:1d:59:91:79:b2:aa:1d:2f:76:be:b3:
ee:15:8c:d3:ed:67:af:82:ff:5f:cb:21:bb:c1:27:8b:66:38:
e5:b3:fa:24
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICItwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDcx
NjM4NTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDZCMjZCQ0I0NDJCQTkz
MDRCNDZGRjgwNDkxMjExMzZEMEI5RTU4ODQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDS6Fi62WN+u7E2CJqxakg+I2wh3VzsKsCfRtuBTcCTLPanL0pV
2kbiht07CGIxgKQNXD8NO9iYrSy1qQ73iF56pozmhSZmclTnv8hbXxAEmga89P1M
X0w+msWIp20EPlPx3hM4Bp+OxFqxXPcK8ADIh9FJmO7M+pkjX1Gwlgw0TVJJx1vP
AiiQ74vIU7qWIYynwEqWayYNuLKpcbmGXQV2E+SKUAu+FoSE/LGQtCBpPE/OD3Ho
xMOe1/zfQ5wJGBXtOKCwOzpCCPFFyGAinUuTGKh/I3yFlf5k6H89nAhpVE65Ixl2
ykfT/DCDinEFtzhIljBFh2mHpy2CstVYz7XLAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUaya8tEK6kwS0b/gEkSETbQueWIQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvYXlhOHRFSzZrd1Mw
Yl9nRWtTRVRiUXVlV0lRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBACNf2VZUgjnqLKy+07SRzQNdHuSN
UzPF9ohzFHzrhbbBTgQy2nqXc0KQTfHB170R5jNg8UUGpVItngiSeHqxHo1K3E3V
MrX1VrFtMWycMS+vzaNQ1rIqT4lx3apsk6JwX5BjM87DCudGbtVgH3MDMZw+/A1e
rzvFceY0qX6F5QrGCDQdlEYWhzPt3RxthZw5/VHiVtuPDZE/BgDtdHKTbhcQg0pk
Bu1PCpm7Iv4H5yxinzPXOFeovGzd4D+AWYVe9zg7BI2u+sZB+9Y7mdGjYh+AxNc3
AOT85q+zZxENiAEdWZF5sqodL3a+s+4VjNPtZ6+C/1/LIbvBJ4tmOOWz+iQ=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:19:33 2025 by rpki-client