Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/cfPUkBWkrCp4GyLnc5Gzgj3Zz7Y.roa
File: cfPUkBWkrCp4GyLnc5Gzgj3Zz7Y.roa (raw, json)
Hash identifier: omyZFDnimrMJ+jKtbzjalC8ey05V2VhuttnSsm6P5+g=
Subject key identifier: 71:F3:D4:90:15:A4:AC:2A:78:1B:22:E7:73:91:B3:82:3D:D9:CF:B6
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 22CA
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/cfPUkBWkrCp4GyLnc5Gzgj3Zz7Y.roa
Signing time: Sat 07 Jun 2025 13:38:52 +0000
ROA not before: Sat 07 Jun 2025 13:38:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8906 (0x22ca)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 7 13:38:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=71F3D49015A4AC2A781B22E77391B3823DD9CFB6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:49:41:0b:c3:48:22:3f:31:c3:ce:a7:81:b1:
fe:9c:67:ea:7d:fb:9e:cf:8e:06:1a:f2:d4:0b:cf:
fd:6c:6f:93:eb:8b:8a:e5:53:7f:5e:84:9e:5a:8c:
4e:e8:f0:c1:50:1c:8d:4b:af:75:e8:29:29:8d:b3:
4b:0b:2e:97:c2:af:9b:58:3d:56:d8:fa:58:f0:d1:
8b:72:e9:08:58:05:f4:e1:26:cf:af:31:a7:25:16:
26:66:92:0c:f6:7a:6e:e7:bf:f8:f4:b4:2e:54:4f:
3f:4c:f8:52:0c:dd:93:34:63:7a:32:fe:f4:7d:98:
b4:47:83:79:b8:75:02:66:79:24:3b:52:91:5a:8e:
f2:9c:c1:3b:6d:63:57:49:6d:8a:4b:8a:7f:b9:75:
4a:3b:16:fc:10:b8:b7:20:17:6c:fa:bb:94:d0:ef:
0e:b1:de:a3:3d:57:f5:dc:89:a0:6e:d0:bd:ad:f6:
6e:76:d6:9c:e6:e8:b5:27:3b:95:77:88:0e:9d:ab:
39:df:37:6c:e3:fc:86:68:cf:be:68:b0:5e:47:1c:
b2:1f:7f:9d:02:c3:3c:25:28:25:73:44:ad:f7:56:
2f:7d:a3:8e:39:3c:0c:aa:a7:26:55:b9:b1:9a:50:
20:2b:3e:8c:be:39:d8:8a:4f:46:28:77:ae:34:a9:
f0:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:F3:D4:90:15:A4:AC:2A:78:1B:22:E7:73:91:B3:82:3D:D9:CF:B6
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/cfPUkBWkrCp4GyLnc5Gzgj3Zz7Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
15:29:5b:c1:13:f1:29:5c:7b:a0:30:62:e7:c4:63:4c:a4:22:
f4:59:ee:28:fd:99:43:1d:e9:0f:7e:5b:7c:1c:9e:c8:15:bc:
a8:26:09:0e:a2:06:c0:b7:37:ad:45:ba:6c:2d:53:02:47:62:
c5:cf:0b:54:16:fa:d3:ae:46:e4:f1:6f:42:3c:3d:b1:60:b2:
ec:4a:be:80:1e:70:ab:16:23:d3:f3:d7:77:16:82:dc:ab:88:
ab:0f:57:a9:53:4c:8c:3b:ae:76:eb:7e:4a:45:50:19:e9:3b:
65:36:03:ae:6d:9b:cd:d2:c5:0e:d8:f2:63:3b:c1:ff:23:e5:
68:26:aa:13:3d:35:91:77:9a:96:3d:4c:42:01:1a:65:e9:6f:
81:63:46:23:7e:a3:b5:e6:cb:23:bf:d1:b1:ee:6f:83:b9:70:
a3:73:f5:81:5a:16:10:a5:37:cf:94:cf:bc:99:ac:9a:df:91:
21:37:00:ce:d3:e2:15:8c:d8:54:b5:e8:8d:41:07:c2:1e:d4:
1f:f0:f0:3a:e1:d6:b5:6c:1a:17:ec:03:14:3a:94:52:46:2a:
9d:f0:1d:e1:4d:1f:71:e9:71:bd:f9:dd:2a:71:ef:98:9a:74:
82:7c:6b:33:0f:ba:3c:29:06:bf:85:4d:ae:03:51:80:86:dc:
62:b9:4d:f7
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIsowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDcx
MzM4NTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDcxRjNENDkwMTVBNEFD
MkE3ODFCMjJFNzczOTFCMzgyM0REOUNGQjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDZSUELw0giPzHDzqeBsf6cZ+p9+57PjgYa8tQLz/1sb5Pri4rl
U39ehJ5ajE7o8MFQHI1Lr3XoKSmNs0sLLpfCr5tYPVbY+ljw0Yty6QhYBfThJs+v
MaclFiZmkgz2em7nv/j0tC5UTz9M+FIM3ZM0Y3oy/vR9mLRHg3m4dQJmeSQ7UpFa
jvKcwTttY1dJbYpLin+5dUo7FvwQuLcgF2z6u5TQ7w6x3qM9V/XciaBu0L2t9m52
1pzm6LUnO5V3iA6dqznfN2zj/IZoz75osF5HHLIff50CwzwlKCVzRK33Vi99o445
PAyqpyZVubGaUCArPoy+OdiKT0Yod640qfD3AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUcfPUkBWkrCp4GyLnc5Gzgj3Zz7YwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvY2ZQVWtCV2tyQ3A0
R3lMbmM1R3pnajNaejdZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABUpW8ET8Slce6AwYufEY0ykIvRZ
7ij9mUMd6Q9+W3wcnsgVvKgmCQ6iBsC3N61FumwtUwJHYsXPC1QW+tOuRuTxb0I8
PbFgsuxKvoAecKsWI9Pz13cWgtyriKsPV6lTTIw7rnbrfkpFUBnpO2U2A65tm83S
xQ7Y8mM7wf8j5WgmqhM9NZF3mpY9TEIBGmXpb4FjRiN+o7XmyyO/0bHub4O5cKNz
9YFaFhClN8+Uz7yZrJrfkSE3AM7T4hWM2FS16I1BB8Ie1B/w8Drh1rVsGhfsAxQ6
lFJGKp3wHeFNH3Hpcb353Spx75iadIJ8azMPujwpBr+FTa4DUYCG3GK5Tfc=
-----END CERTIFICATE-----
Generated at Sat Jun 21 23:01:19 2025 by rpki-client