Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/dQ525tbkNllddXheOLkl1MyO1ck.roa
File: dQ525tbkNllddXheOLkl1MyO1ck.roa (raw, json)
Hash identifier: e5Lb/i/ezWCpTykW/udPz8wCS5J9sMeu1exN6wayhgY=
Subject key identifier: 75:0E:76:E6:D6:E4:36:59:5D:75:78:5E:38:B9:25:D4:CC:8E:D5:C9
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2489
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/dQ525tbkNllddXheOLkl1MyO1ck.roa
Signing time: Tue 10 Jun 2025 16:09:07 +0000
ROA not before: Tue 10 Jun 2025 16:09:07 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9353 (0x2489)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 10 16:09:07 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=750E76E6D6E436595D75785E38B925D4CC8ED5C9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:f0:9f:0c:3f:37:14:0b:05:11:4a:96:be:d7:
3d:60:4b:9e:78:09:f8:42:d6:ce:d2:eb:d3:53:3b:
aa:8e:3e:c3:6c:d5:7f:5a:42:99:44:72:aa:41:47:
24:e2:b7:e9:1c:ae:4d:e7:53:e5:be:21:3e:ee:f6:
f7:51:4f:fb:6b:dd:c7:0e:40:39:7d:8a:6f:33:75:
19:a1:b1:8a:c9:57:d2:0a:fa:fe:b6:ef:bb:c3:1a:
22:6e:63:c3:56:47:4c:78:98:cc:7f:e5:4f:54:7e:
ac:48:10:7c:20:fb:37:9d:b0:68:ab:f1:d1:87:d5:
98:ed:64:3e:40:26:d7:87:07:2e:9d:1e:e2:45:29:
99:7a:98:b3:1b:3f:aa:f9:cf:67:05:7e:06:9e:a9:
54:3e:6b:b0:ae:8a:6e:b4:fd:d8:7c:be:dd:6b:8c:
97:29:09:63:ee:b5:10:16:f3:9a:fb:33:c1:99:68:
cd:d5:6a:0a:7c:8b:fb:c7:c0:92:ab:11:55:cd:df:
b0:10:95:2f:26:9d:20:3c:62:61:71:6d:42:ad:68:
5a:a0:97:0d:66:38:e6:d4:50:9a:3a:db:e8:9f:fc:
8e:67:a0:c3:08:91:e9:dc:3f:7f:50:d8:57:ca:f5:
bb:43:a1:b5:8a:4d:db:bf:c7:a0:fd:1b:40:9b:eb:
4b:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:0E:76:E6:D6:E4:36:59:5D:75:78:5E:38:B9:25:D4:CC:8E:D5:C9
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/dQ525tbkNllddXheOLkl1MyO1ck.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
49:ff:69:e0:62:b9:6c:c2:0e:54:cb:eb:ea:4e:e4:9c:02:0b:
57:01:37:5c:2f:00:b0:12:f3:06:7b:90:02:9e:e4:38:31:de:
d7:f5:ea:8c:7c:ff:b4:ab:f2:2f:7c:ee:a8:95:be:e7:af:a2:
89:a8:ab:87:ba:8a:95:bf:72:29:d3:22:9b:1b:2b:92:c7:a1:
ca:4c:f9:0d:7a:04:18:77:1a:75:20:6f:d5:f7:32:1c:a0:b6:
78:bf:62:30:1f:86:39:80:10:8e:60:8f:84:a0:90:40:7e:ce:
c0:0f:13:a6:95:69:66:11:81:78:ca:fe:76:fb:28:ad:37:44:
7f:7f:0a:28:d3:24:b3:0b:8f:bb:15:e9:80:80:10:36:85:00:
5e:c1:2e:e4:be:2a:1f:d9:7f:02:ab:90:64:f3:92:cb:6b:50:
f0:e7:b4:6f:92:fc:22:d8:99:42:68:fb:31:b3:6c:2a:b7:92:
b7:46:ca:f2:18:3e:ce:ce:5d:9a:27:5e:df:36:48:95:79:97:
69:ec:f6:f4:87:c6:ed:3b:2b:ab:25:92:41:52:0c:de:d5:b6:
e5:42:56:c5:fe:74:4c:69:08:a6:2b:a5:ea:19:73:0c:94:c2:
58:4a:31:40:33:32:50:f3:19:20:32:4b:80:cf:ed:26:3f:1e:
49:48:dc:38
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJIkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTAx
NjA5MDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDc1MEU3NkU2RDZFNDM2
NTk1RDc1Nzg1RTM4QjkyNUQ0Q0M4RUQ1QzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCv8J8MPzcUCwURSpa+1z1gS554CfhC1s7S69NTO6qOPsNs1X9a
QplEcqpBRyTit+kcrk3nU+W+IT7u9vdRT/tr3ccOQDl9im8zdRmhsYrJV9IK+v62
77vDGiJuY8NWR0x4mMx/5U9UfqxIEHwg+zedsGir8dGH1ZjtZD5AJteHBy6dHuJF
KZl6mLMbP6r5z2cFfgaeqVQ+a7Cuim60/dh8vt1rjJcpCWPutRAW85r7M8GZaM3V
agp8i/vHwJKrEVXN37AQlS8mnSA8YmFxbUKtaFqglw1mOObUUJo62+if/I5noMMI
kencP39Q2FfK9btDobWKTdu/x6D9G0Cb60thAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUdQ525tbkNllddXheOLkl1MyO1ckwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvZFE1MjV0YmtObGxk
ZFhoZU9Ma2wxTXlPMWNrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAEn/aeBiuWzCDlTL6+pO5JwCC1cB
N1wvALAS8wZ7kAKe5Dgx3tf16ox8/7Sr8i987qiVvuevoomoq4e6ipW/cinTIpsb
K5LHocpM+Q16BBh3GnUgb9X3Mhygtni/YjAfhjmAEI5gj4SgkEB+zsAPE6aVaWYR
gXjK/nb7KK03RH9/CijTJLMLj7sV6YCAEDaFAF7BLuS+Kh/ZfwKrkGTzkstrUPDn
tG+S/CLYmUJo+zGzbCq3krdGyvIYPs7OXZonXt82SJV5l2ns9vSHxu07K6slkkFS
DN7VtuVCVsX+dExpCKYrpeoZcwyUwlhKMUAzMlDzGSAyS4DP7SY/HklI3Dg=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:19:48 2025 by rpki-client