Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/e4WCColtQm-wVGSpTKB_CxPqnNk.roa
File: e4WCColtQm-wVGSpTKB_CxPqnNk.roa (raw, json)
Hash identifier: q+CgfizmML6xGhbGI9zgwIHpyCLXe2A5l1xmF+IQ6i0=
Subject key identifier: 7B:85:82:0A:89:6D:42:6F:B0:54:64:A9:4C:A0:7F:0B:13:EA:9C:D9
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 249C
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/e4WCColtQm-wVGSpTKB_CxPqnNk.roa
Signing time: Tue 10 Jun 2025 19:09:07 +0000
ROA not before: Tue 10 Jun 2025 19:09:07 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9372 (0x249c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 10 19:09:07 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7B85820A896D426FB05464A94CA07F0B13EA9CD9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:f4:58:50:8f:4c:3e:63:ed:7f:be:63:8c:f1:
80:40:c1:fe:e7:c9:29:b7:4e:74:5b:d4:40:c0:4f:
4c:59:10:65:5e:62:e6:33:b9:0c:11:cc:a1:43:8d:
c4:12:f2:84:1a:42:ae:b3:a8:4b:d0:20:94:9e:35:
f8:e3:d2:58:31:71:9f:95:ad:20:d9:b3:41:c6:82:
77:ce:56:92:48:ef:09:48:c0:17:4e:30:78:50:1a:
1c:dc:d2:e3:b8:ad:e6:73:c4:7f:04:0d:72:76:15:
ff:b5:cf:d6:bc:e7:12:99:97:a5:00:a2:c3:15:f1:
0b:e1:11:06:c4:74:96:c0:04:c9:f4:da:08:84:2e:
50:30:6b:2b:6d:52:c5:0c:d4:85:e3:80:58:ac:cd:
6a:51:71:64:e2:8a:12:3f:b0:b8:99:39:f9:5f:71:
c6:f1:d8:dc:14:87:1b:bf:ff:ac:29:31:8d:bd:f7:
d3:58:39:3b:6e:9c:d1:28:eb:e4:8e:87:44:b3:de:
d8:47:59:27:ce:9f:a4:13:59:ad:63:61:b2:1d:34:
2f:cb:80:8a:cb:c3:61:f6:83:37:50:a5:66:95:b6:
79:7c:ba:5c:ed:62:76:d8:05:d4:28:16:9e:80:f8:
11:43:a2:2c:64:3c:b3:31:85:86:bd:1a:b8:0f:b1:
b2:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:85:82:0A:89:6D:42:6F:B0:54:64:A9:4C:A0:7F:0B:13:EA:9C:D9
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/e4WCColtQm-wVGSpTKB_CxPqnNk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
41:16:1f:2e:b0:7a:59:08:c5:5c:0c:d6:55:34:f1:4b:f7:00:
bb:e7:9c:46:a1:5e:e2:ec:cb:d5:47:7a:88:64:5f:17:81:2a:
98:63:b1:52:85:c4:d2:24:31:1f:5c:5b:da:f5:04:10:6a:1f:
b4:15:27:9c:9f:df:71:ad:0c:50:73:60:13:a1:3b:cc:ab:e5:
09:c7:ea:c6:c3:33:fe:e5:54:9c:72:e9:c8:8d:c9:e8:be:b2:
3f:5b:bc:be:63:0b:99:bb:f7:bb:3d:4f:bd:82:cd:ae:10:93:
51:0d:7d:c4:d7:ec:fa:27:dd:91:4a:2c:e2:18:1c:cd:a2:89:
53:e6:74:e3:2d:2a:78:93:f2:ca:27:ae:64:ed:ea:10:06:85:
82:84:6d:92:cd:68:99:79:29:04:3f:ad:8a:5d:09:2a:c9:1e:
5c:5d:cd:8b:b9:c0:c5:a2:7a:17:aa:75:bf:b8:11:2f:cb:16:
8a:73:bd:80:1c:40:aa:79:eb:f9:7c:00:4a:17:0c:50:df:2b:
f7:70:cb:5b:2a:42:ea:19:54:41:bd:d0:9c:a9:05:34:1e:da:
09:28:5b:b2:8b:0f:fd:17:a1:b9:2a:66:fc:4d:dd:f1:e5:62:
36:22:86:87:fc:9c:c0:de:4c:6b:a7:ae:ae:4a:83:e2:ae:15:
57:5c:04:08
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJJwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTAx
OTA5MDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdCODU4MjBBODk2RDQy
NkZCMDU0NjRBOTRDQTA3RjBCMTNFQTlDRDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDF9FhQj0w+Y+1/vmOM8YBAwf7nySm3TnRb1EDAT0xZEGVeYuYz
uQwRzKFDjcQS8oQaQq6zqEvQIJSeNfjj0lgxcZ+VrSDZs0HGgnfOVpJI7wlIwBdO
MHhQGhzc0uO4reZzxH8EDXJ2Ff+1z9a85xKZl6UAosMV8QvhEQbEdJbABMn02giE
LlAwayttUsUM1IXjgFiszWpRcWTiihI/sLiZOflfccbx2NwUhxu//6wpMY2999NY
OTtunNEo6+SOh0Sz3thHWSfOn6QTWa1jYbIdNC/LgIrLw2H2gzdQpWaVtnl8ulzt
YnbYBdQoFp6A+BFDoixkPLMxhYa9GrgPsbJBAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUe4WCColtQm+wVGSpTKB/CxPqnNkwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvZTRXQ0NvbHRRbS13
VkdTcFRLQl9DeFBxbk5rLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAEEWHy6welkIxVwM1lU08Uv3ALvn
nEahXuLsy9VHeohkXxeBKphjsVKFxNIkMR9cW9r1BBBqH7QVJ5yf33GtDFBzYBOh
O8yr5QnH6sbDM/7lVJxy6ciNyei+sj9bvL5jC5m797s9T72Cza4Qk1ENfcTX7Pon
3ZFKLOIYHM2iiVPmdOMtKniT8sonrmTt6hAGhYKEbZLNaJl5KQQ/rYpdCSrJHlxd
zYu5wMWieheqdb+4ES/LFopzvYAcQKp56/l8AEoXDFDfK/dwy1sqQuoZVEG90Jyp
BTQe2gkoW7KLD/0XobkqZvxN3fHlYjYihof8nMDeTGunrq5Kg+KuFVdcBAg=
-----END CERTIFICATE-----
Generated at Fri Jun 20 23:59:41 2025 by rpki-client