Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/bmcJjbFIRaTSdl9Hqhkwuuxqtqo.roa
File: bmcJjbFIRaTSdl9Hqhkwuuxqtqo.roa (raw, json)
Hash identifier: JvPLMqYv9AIVDa+4JIyphkFpnQIPNne7rgJcD3qEfiE=
Subject key identifier: 6E:67:09:8D:B1:48:45:A4:D2:76:5F:47:AA:19:30:BA:EC:6A:B6:AA
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1FDD
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/bmcJjbFIRaTSdl9Hqhkwuuxqtqo.roa
Signing time: Mon 02 Jun 2025 08:38:37 +0000
ROA not before: Mon 02 Jun 2025 08:38:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8157 (0x1fdd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 2 08:38:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=6E67098DB14845A4D2765F47AA1930BAEC6AB6AA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:56:09:40:1d:bf:f2:fc:0a:20:f5:58:11:53:
af:ef:10:bd:f6:27:41:ca:20:d0:71:0d:6f:ca:5d:
20:37:ce:71:a4:5e:83:c4:26:78:36:2a:f0:21:c1:
e4:81:70:6a:22:d8:a0:bd:13:e8:21:35:18:4f:61:
72:91:09:3c:1b:5e:1b:58:65:92:eb:06:6b:2f:70:
e8:7d:f9:6c:a9:ca:cf:93:78:60:b4:6c:a0:2d:fb:
e9:0f:23:fd:1e:2c:30:ad:32:0f:03:6e:9d:b0:4a:
f5:20:89:50:57:ac:31:84:20:d0:e6:60:0e:9b:be:
3d:af:10:1c:2f:3f:a4:2a:b1:6d:a3:35:14:56:8f:
f6:f2:0a:f6:0c:c5:57:b4:23:b7:b6:f0:ad:11:18:
42:59:67:00:97:da:0d:3d:cb:d9:f0:a0:65:ea:d1:
41:7a:d6:f9:8a:94:52:35:90:ba:55:1d:43:6b:4c:
f5:2d:01:63:d1:c5:33:ee:0b:28:80:27:47:42:f0:
f7:f5:97:df:58:16:a8:fc:3a:e8:8b:c8:99:0d:79:
49:02:2c:1e:bc:2b:04:63:43:ab:81:52:f1:9c:ca:
dc:30:04:7c:28:7f:4f:cf:3d:16:88:78:09:d2:5a:
2d:6e:09:2a:0b:d6:64:05:b4:d2:ab:53:cb:5f:8f:
b2:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:67:09:8D:B1:48:45:A4:D2:76:5F:47:AA:19:30:BA:EC:6A:B6:AA
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/bmcJjbFIRaTSdl9Hqhkwuuxqtqo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
6c:69:22:5a:28:ed:89:67:05:06:53:21:5b:3b:fb:1f:2e:5a:
aa:3e:e1:d8:5b:04:83:7e:40:d3:60:e3:de:0c:82:66:60:da:
8d:8f:22:2b:82:2a:1f:7c:0a:4f:05:77:96:d4:10:6b:58:38:
71:4a:0a:b1:83:af:e0:bf:e6:13:0d:d0:ea:df:32:88:67:11:
e5:cf:c7:7d:76:1a:38:b9:df:d7:7f:ac:ea:6e:ff:51:32:ef:
b1:08:1c:25:4e:14:35:62:1b:d2:71:34:ce:bc:bd:c0:81:0f:
b1:e9:2d:25:27:4a:8e:01:d1:eb:ce:e4:cc:74:a4:54:ab:2a:
52:97:9d:67:16:1d:f0:15:33:35:50:80:a9:da:29:cb:d1:5a:
99:fb:fe:40:5a:b9:d0:f6:50:92:da:a2:3f:1a:51:b0:23:7f:
24:8d:c9:d1:1a:88:52:fc:14:ad:1f:be:2e:04:09:3f:84:ef:
09:1b:e9:65:c4:44:a4:16:79:83:e1:10:48:8b:f3:e2:46:54:
99:c1:f8:22:de:7a:ac:73:48:37:7d:8d:3a:30:8e:8c:0c:62:
ad:a8:e0:d9:e3:ed:41:1c:ec:18:29:03:2c:f4:2f:a6:e6:49:
3f:4b:44:3f:62:4b:c1:a6:bc:c6:a7:d8:21:c0:39:7e:e1:4c:
3a:1d:8d:e6
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICH90wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDIw
ODM4MzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDZFNjcwOThEQjE0ODQ1
QTREMjc2NUY0N0FBMTkzMEJBRUM2QUI2QUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1VglAHb/y/Aog9VgRU6/vEL32J0HKINBxDW/KXSA3znGkXoPE
Jng2KvAhweSBcGoi2KC9E+ghNRhPYXKRCTwbXhtYZZLrBmsvcOh9+Wypys+TeGC0
bKAt++kPI/0eLDCtMg8Dbp2wSvUgiVBXrDGEINDmYA6bvj2vEBwvP6QqsW2jNRRW
j/byCvYMxVe0I7e28K0RGEJZZwCX2g09y9nwoGXq0UF61vmKlFI1kLpVHUNrTPUt
AWPRxTPuCyiAJ0dC8Pf1l99YFqj8OuiLyJkNeUkCLB68KwRjQ6uBUvGcytwwBHwo
f0/PPRaIeAnSWi1uCSoL1mQFtNKrU8tfj7KHAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUbmcJjbFIRaTSdl9HqhkwuuxqtqowHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvYm1jSmpiRklSYVRT
ZGw5SHFoa3d1dXhxdHFvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGxpIloo7YlnBQZTIVs7+x8uWqo+
4dhbBIN+QNNg494MgmZg2o2PIiuCKh98Ck8Fd5bUEGtYOHFKCrGDr+C/5hMN0Orf
MohnEeXPx312Gji539d/rOpu/1Ey77EIHCVOFDViG9JxNM68vcCBD7HpLSUnSo4B
0evO5Mx0pFSrKlKXnWcWHfAVMzVQgKnaKcvRWpn7/kBaudD2UJLaoj8aUbAjfySN
ydEaiFL8FK0fvi4ECT+E7wkb6WXERKQWeYPhEEiL8+JGVJnB+CLeeqxzSDd9jTow
jowMYq2o4Nnj7UEc7BgpAyz0L6bmST9LRD9iS8GmvMan2CHAOX7hTDodjeY=
-----END CERTIFICATE-----
Generated at Sun Jun 22 06:22:39 2025 by rpki-client