Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/d6Sy54TEpig-gk8LaIZSYFamlUw.roa
File: d6Sy54TEpig-gk8LaIZSYFamlUw.roa (raw, json)
Hash identifier: DCcRl2R02F01IiKTxCJ+zX5Ch5zU+sNuYW1scKbkXsI=
Subject key identifier: 77:A4:B2:E7:84:C4:A6:28:3E:82:4F:0B:68:86:52:60:56:A6:95:4C
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 216E
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/d6Sy54TEpig-gk8LaIZSYFamlUw.roa
Signing time: Thu 05 Jun 2025 03:38:43 +0000
ROA not before: Thu 05 Jun 2025 03:38:43 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8558 (0x216e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 03:38:43 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=77A4B2E784C4A6283E824F0B6886526056A6954C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:ff:28:70:e1:e0:3d:6c:dc:49:1a:e9:5b:33:
e2:cb:09:2a:3d:10:ca:03:b1:3b:64:6f:f4:cb:48:
56:f4:2e:59:7d:3d:ec:82:1c:71:f8:0c:d7:08:23:
29:a5:87:33:49:c9:78:48:1d:8e:b1:98:5d:73:80:
2b:cd:5a:87:0d:3e:59:4d:5a:ec:2e:59:7a:27:67:
a3:f9:6d:04:5f:e1:7e:f6:94:ef:e9:e3:a5:0e:32:
ed:c5:ef:41:e1:eb:b8:70:74:b9:80:08:4e:00:d8:
e5:7d:7a:9a:39:62:f4:9f:e8:02:fc:e5:22:99:f6:
92:8d:e4:2b:ac:8c:51:f9:e1:7b:68:14:0f:cf:45:
2b:7c:6c:7f:eb:5f:d2:24:01:02:a9:a7:ec:23:51:
14:b3:9b:9a:f8:ee:2a:eb:cb:36:6d:e0:75:6d:dd:
d0:a1:9d:41:d7:ad:1d:6c:6b:7f:e5:1b:f3:a7:e6:
11:56:a8:d3:d5:61:e2:7a:3e:cf:db:a5:2a:f0:f5:
69:12:3e:95:80:9b:f8:1f:0b:43:7f:0d:e2:95:de:
a0:68:87:9d:62:81:08:7d:f5:ac:87:3d:da:51:a5:
5c:84:79:1e:51:ee:7a:eb:97:cf:21:7b:0c:8a:2e:
39:b4:26:8f:2f:53:45:02:d1:a7:dc:34:f6:f1:8d:
a1:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:A4:B2:E7:84:C4:A6:28:3E:82:4F:0B:68:86:52:60:56:A6:95:4C
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/d6Sy54TEpig-gk8LaIZSYFamlUw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
b2:2b:46:20:09:b0:bd:96:f2:06:d0:a7:6c:10:1e:22:81:3f:
6c:9b:dd:87:25:0c:83:16:23:58:15:b1:af:32:a4:06:81:c2:
31:a4:e6:25:34:9f:6d:ea:d1:e5:e9:e8:7b:9a:7a:fe:c9:c7:
16:c9:ff:1c:bf:9f:a9:20:cb:03:6f:36:22:9f:ea:aa:01:6c:
64:f4:eb:c5:62:5d:04:d2:5d:1a:8a:52:1c:45:b3:8c:24:5d:
15:0b:76:ba:49:e2:2b:80:af:ce:ba:93:62:9c:35:e9:2f:84:
07:f6:f7:d4:9d:80:77:0d:b8:9d:f9:34:2e:99:48:d6:ab:d1:
9f:29:c5:91:d1:40:1f:f5:e4:40:fa:06:85:aa:58:a8:ad:30:
47:f3:d8:1f:7f:06:92:77:fe:73:36:11:3f:18:0b:65:c0:e2:
0e:06:3d:b3:13:86:85:15:8b:f0:d9:9e:b6:b4:44:9f:38:c1:
c8:de:10:f4:27:8f:62:be:a8:e5:f5:d2:5e:e3:4f:d2:a3:b9:
0e:8c:6d:89:37:17:52:5d:6a:08:a6:f3:6e:aa:fe:6a:ef:9a:
d7:9e:f4:41:06:a0:f7:78:e2:a4:0b:2e:eb:77:fc:fc:60:89:
d6:c0:5a:9e:51:05:1e:ff:85:3a:75:58:c3:99:fa:f9:37:ab:
05:3c:ef:bf
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIW4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUw
MzM4NDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDc3QTRCMkU3ODRDNEE2
MjgzRTgyNEYwQjY4ODY1MjYwNTZBNjk1NEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJ/yhw4eA9bNxJGulbM+LLCSo9EMoDsTtkb/TLSFb0Lll9PeyC
HHH4DNcIIymlhzNJyXhIHY6xmF1zgCvNWocNPllNWuwuWXonZ6P5bQRf4X72lO/p
46UOMu3F70Hh67hwdLmACE4A2OV9epo5YvSf6AL85SKZ9pKN5CusjFH54XtoFA/P
RSt8bH/rX9IkAQKpp+wjURSzm5r47irryzZt4HVt3dChnUHXrR1sa3/lG/On5hFW
qNPVYeJ6Ps/bpSrw9WkSPpWAm/gfC0N/DeKV3qBoh51igQh99ayHPdpRpVyEeR5R
7nrrl88hewyKLjm0Jo8vU0UC0afcNPbxjaEjAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUd6Sy54TEpig+gk8LaIZSYFamlUwwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvZDZTeTU0VEVwaWct
Z2s4TGFJWlNZRmFtbFV3LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALIrRiAJsL2W8gbQp2wQHiKBP2yb
3YclDIMWI1gVsa8ypAaBwjGk5iU0n23q0eXp6Huaev7JxxbJ/xy/n6kgywNvNiKf
6qoBbGT068ViXQTSXRqKUhxFs4wkXRULdrpJ4iuAr866k2KcNekvhAf299SdgHcN
uJ35NC6ZSNar0Z8pxZHRQB/15ED6BoWqWKitMEfz2B9/BpJ3/nM2ET8YC2XA4g4G
PbMThoUVi/DZnra0RJ84wcjeEPQnj2K+qOX10l7jT9KjuQ6MbYk3F1Jdagim826q
/mrvmtee9EEGoPd44qQLLut3/PxgidbAWp5RBR7/hTp1WMOZ+vk3qwU8778=
-----END CERTIFICATE-----
Generated at Sat Jun 21 14:59:59 2025 by rpki-client