Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/b68KXSXRE0xaWQyZ8JHTPw649M4.roa
File: b68KXSXRE0xaWQyZ8JHTPw649M4.roa (raw, json)
Hash identifier: HY3g+n0RHvmiwin6+K8p+5Pt7GUd5EchS4bmPJSvrP4=
Subject key identifier: 6F:AF:0A:5D:25:D1:13:4C:5A:59:0C:99:F0:91:D3:3F:0E:B8:F4:CE
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 21F6
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/b68KXSXRE0xaWQyZ8JHTPw649M4.roa
Signing time: Fri 06 Jun 2025 02:08:47 +0000
ROA not before: Fri 06 Jun 2025 02:08:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8694 (0x21f6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 6 02:08:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6FAF0A5D25D1134C5A590C99F091D33F0EB8F4CE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:1c:9e:b1:ef:70:91:ce:15:fb:c4:9f:ed:2c:
1e:0e:14:4c:80:f8:ef:93:db:16:83:ac:0a:da:d1:
bf:c6:b2:e4:dd:f7:93:fd:d5:82:eb:e3:77:c0:9b:
a6:f8:0f:c0:75:fe:f4:ac:be:a7:06:bf:e2:ce:17:
0c:c9:0f:48:64:90:82:95:7f:61:be:5e:4f:54:17:
3c:d0:db:1a:86:41:ff:53:32:d8:b0:29:56:02:2a:
91:c5:81:9c:30:68:95:31:87:bd:aa:fd:6c:e8:26:
76:82:ec:3b:07:ae:e4:93:87:3d:bb:7e:ae:a0:b5:
8e:30:04:3b:74:8d:90:27:e7:ff:9e:36:e8:1b:00:
08:68:77:69:fb:13:2d:e4:30:29:26:7c:44:1a:38:
12:51:d7:14:87:29:44:c4:82:2b:b9:8d:58:47:c2:
83:98:33:0e:3d:b1:0b:d0:78:09:5a:70:43:28:1e:
28:40:d4:66:94:c5:ef:4e:46:8d:53:22:d4:16:ad:
fd:d1:25:45:46:41:22:22:c3:9f:55:3b:14:67:35:
21:31:25:01:96:a2:a1:ce:7d:20:70:60:19:69:9a:
13:d6:bf:8f:a4:5e:33:f6:3e:0d:c7:e2:6a:71:2b:
db:1b:ac:81:55:7c:05:ed:c7:11:b8:70:7d:51:8e:
84:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:AF:0A:5D:25:D1:13:4C:5A:59:0C:99:F0:91:D3:3F:0E:B8:F4:CE
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/b68KXSXRE0xaWQyZ8JHTPw649M4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
c4:4c:96:2f:9c:b2:a4:14:be:74:88:eb:b8:4b:2a:55:69:fe:
ea:64:b8:5f:a2:8c:49:6f:29:57:98:42:c4:e8:b1:62:2c:53:
c2:a9:cd:e3:cc:54:e8:7e:fc:98:87:9a:9f:e2:fa:08:25:02:
14:e8:10:77:5e:0b:14:6b:03:70:f7:ac:a2:d5:c9:ba:bb:86:
7d:6e:67:50:84:a8:b3:a9:f0:a9:f7:3b:10:9b:66:8f:f2:2f:
91:c5:74:c9:04:82:46:bc:0c:39:2e:fd:e1:54:57:24:99:a7:
b5:14:a1:13:55:1f:b1:c7:18:f8:25:d8:49:4b:eb:2c:52:35:
ef:6d:93:90:c8:b5:04:e5:4c:4f:4f:0e:40:7f:f5:39:1b:90:
3c:71:42:5f:f8:c2:d7:c5:c1:59:66:bb:2a:5d:2a:63:8d:6a:
4a:56:32:40:9e:1a:75:cc:6b:da:5e:71:0d:2f:73:b8:d5:20:
97:9f:38:13:40:2b:04:92:10:c3:45:66:3d:56:9a:f6:02:f1:
ea:70:74:03:d4:b3:bc:32:1d:17:e1:64:a1:93:e8:3c:3b:ab:
4e:d4:89:61:67:2d:fb:33:53:fd:7b:ac:ea:e8:90:0b:96:1d:
74:eb:da:df:ab:3a:2f:bf:21:e2:03:2f:85:6b:d9:13:46:0e:
f5:6b:5d:ac
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIfYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDYw
MjA4NDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDZGQUYwQTVEMjVEMTEz
NEM1QTU5MEM5OUYwOTFEMzNGMEVCOEY0Q0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4HJ6x73CRzhX7xJ/tLB4OFEyA+O+T2xaDrAra0b/GsuTd95P9
1YLr43fAm6b4D8B1/vSsvqcGv+LOFwzJD0hkkIKVf2G+Xk9UFzzQ2xqGQf9TMtiw
KVYCKpHFgZwwaJUxh72q/WzoJnaC7DsHruSThz27fq6gtY4wBDt0jZAn5/+eNugb
AAhod2n7Ey3kMCkmfEQaOBJR1xSHKUTEgiu5jVhHwoOYMw49sQvQeAlacEMoHihA
1GaUxe9ORo1TItQWrf3RJUVGQSIiw59VOxRnNSExJQGWoqHOfSBwYBlpmhPWv4+k
XjP2Pg3H4mpxK9sbrIFVfAXtxxG4cH1RjoSfAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUb68KXSXRE0xaWQyZ8JHTPw649M4wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvYjY4S1hTWFJFMHhh
V1F5WjhKSFRQdzY0OU00LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAMRMli+csqQUvnSI67hLKlVp/upk
uF+ijElvKVeYQsTosWIsU8KpzePMVOh+/JiHmp/i+gglAhToEHdeCxRrA3D3rKLV
ybq7hn1uZ1CEqLOp8Kn3OxCbZo/yL5HFdMkEgka8DDku/eFUVySZp7UUoRNVH7HH
GPgl2ElL6yxSNe9tk5DItQTlTE9PDkB/9TkbkDxxQl/4wtfFwVlmuypdKmONakpW
MkCeGnXMa9pecQ0vc7jVIJefOBNAKwSSEMNFZj1WmvYC8epwdAPUs7wyHRfhZKGT
6Dw7q07UiWFnLfszU/17rOrokAuWHXTr2t+rOi+/IeIDL4Vr2RNGDvVrXaw=
-----END CERTIFICATE-----
Generated at Sat Jun 21 06:46:09 2025 by rpki-client