Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/bBOrB0DSAqO4oZvQbcgyUNFLSyo.roa
File: bBOrB0DSAqO4oZvQbcgyUNFLSyo.roa (raw, json)
Hash identifier: MivO9qnX9GyutWVNoBpgM262e8QEtt8K+3Ov9NmozXU=
Subject key identifier: 6C:13:AB:07:40:D2:02:A3:B8:A1:9B:D0:6D:C8:32:50:D1:4B:4B:2A
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C4F
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/bBOrB0DSAqO4oZvQbcgyUNFLSyo.roa
Signing time: Tue 27 May 2025 01:08:08 +0000
ROA not before: Tue 27 May 2025 01:08:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7247 (0x1c4f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 27 01:08:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6C13AB0740D202A3B8A19BD06DC83250D14B4B2A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:28:6f:85:9e:70:12:44:0f:74:45:95:ce:18:
bc:7f:b1:12:23:90:79:2a:a5:4b:4e:de:3a:9f:9a:
b5:3c:18:6a:43:1c:d2:b2:c3:26:be:84:e6:c3:da:
65:47:47:84:43:4d:36:6a:03:1a:ed:b7:8c:df:9c:
a5:86:be:51:e5:9b:bb:1c:af:0d:8b:b7:34:0d:f5:
9b:b5:3e:9c:c5:8b:5e:3d:08:eb:93:5f:4b:52:e3:
2a:b0:de:21:c0:91:6d:1f:59:32:ee:d3:61:a3:1d:
e2:b7:cc:c1:06:8d:88:66:c5:8a:e5:40:14:92:b3:
4c:61:87:b8:e1:05:37:1a:72:21:09:18:ed:49:08:
85:75:ff:0b:2a:10:db:5d:38:87:a2:cf:b5:96:7f:
df:73:e1:b6:6a:d6:f7:c1:50:fa:a9:d3:0a:ab:47:
65:97:56:90:0d:91:34:4c:96:c1:ba:46:9d:85:af:
94:87:df:22:66:0d:28:61:04:87:02:78:5f:0f:66:
4f:f9:c4:a8:a5:7d:ce:03:93:f3:12:b5:27:33:9e:
1b:af:c8:65:ce:9c:b3:00:be:ba:99:74:4b:29:bd:
56:11:fd:48:c5:4c:90:5e:38:69:13:2e:01:11:bc:
c7:3b:0b:18:31:b1:39:70:92:12:e3:ba:86:79:0a:
72:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:13:AB:07:40:D2:02:A3:B8:A1:9B:D0:6D:C8:32:50:D1:4B:4B:2A
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/bBOrB0DSAqO4oZvQbcgyUNFLSyo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
ab:00:4f:f5:46:cf:c2:c4:c1:fb:8b:c2:38:0f:96:8a:3f:40:
9d:53:4a:99:c3:95:38:4d:bb:67:7d:a5:e5:d1:ae:03:b7:ac:
66:4d:fe:22:15:64:8b:cb:99:d8:fc:9b:92:24:42:5b:f7:77:
47:c8:22:0c:36:00:0d:10:6e:c5:74:08:53:5b:91:66:83:50:
8d:47:b1:0c:5d:f6:b4:a2:4a:7b:59:43:5b:32:59:d2:1a:e5:
df:e3:a9:94:5e:22:37:5d:be:26:72:9a:fc:5d:c1:63:7e:7b:
c7:0f:2a:d2:71:47:1f:52:79:20:10:b0:e4:79:b3:12:27:02:
75:7e:9a:7e:62:7e:f0:f2:19:fd:08:3d:58:66:8a:31:8f:59:
21:0e:64:99:d8:d9:b6:62:5e:69:14:f1:2b:67:bc:42:2a:62:
6f:37:0e:7e:5b:56:d7:c0:16:54:fa:89:4a:92:8a:4a:8e:18:
08:06:fa:88:f3:6c:e7:78:f7:eb:a8:10:5c:11:ef:84:55:dc:
86:ac:03:2b:d0:cd:55:50:49:17:9e:34:32:c4:42:e9:31:9f:
4c:72:8e:13:27:74:1b:85:e5:98:ff:36:74:9f:88:05:29:e2:
1a:3e:fc:6a:d8:a3:39:0a:fa:15:bf:8f:ca:e3:4e:09:71:0d:
08:76:ab:87
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHE8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1Mjcw
MTA4MDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDZDMTNBQjA3NDBEMjAy
QTNCOEExOUJEMDZEQzgzMjUwRDE0QjRCMkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPKG+FnnASRA90RZXOGLx/sRIjkHkqpUtO3jqfmrU8GGpDHNKy
wya+hObD2mVHR4RDTTZqAxrtt4zfnKWGvlHlm7scrw2LtzQN9Zu1PpzFi149COuT
X0tS4yqw3iHAkW0fWTLu02GjHeK3zMEGjYhmxYrlQBSSs0xhh7jhBTcaciEJGO1J
CIV1/wsqENtdOIeiz7WWf99z4bZq1vfBUPqp0wqrR2WXVpANkTRMlsG6Rp2Fr5SH
3yJmDShhBIcCeF8PZk/5xKilfc4Dk/MStScznhuvyGXOnLMAvrqZdEspvVYR/UjF
TJBeOGkTLgERvMc7CxgxsTlwkhLjuoZ5CnKRAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUbBOrB0DSAqO4oZvQbcgyUNFLSyowHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvYkJPckIwRFNBcU80
b1p2UWJjZ3lVTkZMU3lvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAKsAT/VGz8LEwfuLwjgPloo/QJ1T
SpnDlThNu2d9peXRrgO3rGZN/iIVZIvLmdj8m5IkQlv3d0fIIgw2AA0QbsV0CFNb
kWaDUI1HsQxd9rSiSntZQ1syWdIa5d/jqZReIjddviZymvxdwWN+e8cPKtJxRx9S
eSAQsOR5sxInAnV+mn5ifvDyGf0IPVhmijGPWSEOZJnY2bZiXmkU8StnvEIqYm83
Dn5bVtfAFlT6iUqSikqOGAgG+ojzbOd49+uoEFwR74RV3IasAyvQzVVQSReeNDLE
Qukxn0xyjhMndBuF5Zj/NnSfiAUp4ho+/GrYozkK+hW/j8rjTglxDQh2q4c=
-----END CERTIFICATE-----
Generated at Sat Jun 21 08:23:39 2025 by rpki-client