Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/bA5phhgF8kUO9WJCvkQRhudiivQ.roa
File: bA5phhgF8kUO9WJCvkQRhudiivQ.roa (raw, json)
Hash identifier: dKqEP4u3E24LvI4xZ1yBoBi+RR0fGb+PatAp5Nv2T7I=
Subject key identifier: 6C:0E:69:86:18:05:F2:45:0E:F5:62:42:BE:44:11:86:E7:62:8A:F4
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 22C1
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/bA5phhgF8kUO9WJCvkQRhudiivQ.roa
Signing time: Sat 07 Jun 2025 12:08:55 +0000
ROA not before: Sat 07 Jun 2025 12:08:55 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8897 (0x22c1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 7 12:08:55 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6C0E69861805F2450EF56242BE441186E7628AF4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:38:67:48:3a:74:6b:82:15:37:45:87:f3:c1:
64:8f:ce:28:83:be:45:85:0d:84:30:6a:46:d3:eb:
fe:ff:49:81:0a:73:3c:b9:56:5a:48:ef:ac:81:d0:
8d:df:fe:8e:67:43:88:c6:96:39:08:ff:e7:5d:39:
2b:b2:9a:06:0a:d2:a8:7f:d6:48:02:5f:ba:31:c7:
b7:cf:e3:59:4d:76:90:73:f7:94:6b:76:2d:45:3e:
9d:63:d2:16:8d:b9:0d:f2:72:68:92:0a:90:ba:1c:
10:4d:44:08:bf:69:48:63:d5:35:07:ca:91:fb:6f:
cd:c9:9b:63:6e:40:51:00:53:5a:7f:10:d1:52:c5:
f4:cd:fe:f4:6a:28:f7:bd:80:f7:1b:dd:a1:0f:62:
13:43:c4:89:d0:4d:af:38:04:70:2b:94:b4:6e:af:
68:b0:43:b8:c7:90:ce:91:07:f9:c3:bd:d7:e7:96:
8a:aa:67:7d:63:c7:37:91:d2:26:62:f0:e2:8d:3c:
a4:ed:88:41:5d:d5:ec:c2:82:43:45:a7:45:47:e1:
9d:24:11:7c:06:c5:e9:89:f9:93:29:68:e1:c3:b9:
43:31:5f:7e:89:0c:c7:29:47:65:d7:14:85:fd:d0:
24:2e:4a:f0:c8:60:37:4f:03:ad:1e:13:fd:ee:23:
7a:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:0E:69:86:18:05:F2:45:0E:F5:62:42:BE:44:11:86:E7:62:8A:F4
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/bA5phhgF8kUO9WJCvkQRhudiivQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
40:45:20:fd:86:05:45:0d:3a:6c:45:ad:14:94:9c:05:7b:de:
b7:30:72:51:f3:d7:a5:41:c9:b3:5e:70:57:f6:1a:a1:81:11:
6f:97:f9:22:52:ac:52:c7:1b:96:ba:c9:58:22:d6:df:a3:04:
07:3e:4e:c6:cd:e9:b7:f5:9a:77:7b:fc:04:e4:cd:b1:d6:39:
ee:14:14:b5:be:27:b0:eb:03:f4:07:e7:f1:11:ed:0c:af:3b:
50:5d:20:c4:c3:1f:99:20:b5:03:50:0d:dd:14:54:8b:89:d9:
8e:45:db:6d:79:7f:6a:ae:38:a1:82:2b:dc:b0:45:9e:7f:5e:
22:0d:f3:b6:12:a2:2d:85:ca:21:1e:b1:e4:e7:4d:0e:35:c4:
eb:76:5a:5b:ca:e6:af:80:b6:dd:a2:f3:49:bd:fb:a2:93:dc:
05:ce:2b:fb:80:d1:b8:22:ab:eb:3e:79:a7:1b:fa:05:65:5c:
15:d0:41:bb:82:77:a9:5e:1a:ba:b6:d3:32:27:b7:d4:09:f0:
a7:1b:4c:09:c6:e2:b7:4d:a4:8b:9d:e4:3c:ab:e6:23:dc:dd:
1e:1a:1a:ec:3a:cc:41:40:5c:c2:ea:ed:fc:c1:f3:3a:5c:f1:
71:df:6e:86:dc:b2:cc:f8:43:6c:56:9d:71:77:67:f0:66:11:
1f:d3:c6:8c
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIsEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDcx
MjA4NTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDZDMEU2OTg2MTgwNUYy
NDUwRUY1NjI0MkJFNDQxMTg2RTc2MjhBRjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDcOGdIOnRrghU3RYfzwWSPziiDvkWFDYQwakbT6/7/SYEKczy5
VlpI76yB0I3f/o5nQ4jGljkI/+ddOSuymgYK0qh/1kgCX7oxx7fP41lNdpBz95Rr
di1FPp1j0haNuQ3ycmiSCpC6HBBNRAi/aUhj1TUHypH7b83Jm2NuQFEAU1p/ENFS
xfTN/vRqKPe9gPcb3aEPYhNDxInQTa84BHArlLRur2iwQ7jHkM6RB/nDvdfnloqq
Z31jxzeR0iZi8OKNPKTtiEFd1ezCgkNFp0VH4Z0kEXwGxemJ+ZMpaOHDuUMxX36J
DMcpR2XXFIX90CQuSvDIYDdPA60eE/3uI3oRAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUbA5phhgF8kUO9WJCvkQRhudiivQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvYkE1cGhoZ0Y4a1VP
OVdKQ3ZrUVJodWRpaXZRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAEBFIP2GBUUNOmxFrRSUnAV73rcw
clHz16VBybNecFf2GqGBEW+X+SJSrFLHG5a6yVgi1t+jBAc+TsbN6bf1mnd7/ATk
zbHWOe4UFLW+J7DrA/QH5/ER7QyvO1BdIMTDH5kgtQNQDd0UVIuJ2Y5F2215f2qu
OKGCK9ywRZ5/XiIN87YSoi2FyiEeseTnTQ41xOt2WlvK5q+Att2i80m9+6KT3AXO
K/uA0bgiq+s+eacb+gVlXBXQQbuCd6leGrq20zInt9QJ8KcbTAnG4rdNpIud5Dyr
5iPc3R4aGuw6zEFAXMLq7fzB8zpc8XHfbobcssz4Q2xWnXF3Z/BmER/Txow=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:35:43 2025 by rpki-client