Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/f0ZuLzNeNUgP3dkzfZ55oyRqTsI.roa
File: f0ZuLzNeNUgP3dkzfZ55oyRqTsI.roa (raw, json)
Hash identifier: L9u/JTzJPlQhpqUjf45kNg7+72yMzC3ZlHNsWS7cwi4=
Subject key identifier: 7F:46:6E:2F:33:5E:35:48:0F:DD:D9:33:7D:9E:79:A3:24:6A:4E:C2
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 21AE
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/f0ZuLzNeNUgP3dkzfZ55oyRqTsI.roa
Signing time: Thu 05 Jun 2025 14:08:49 +0000
ROA not before: Thu 05 Jun 2025 14:08:49 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8622 (0x21ae)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 14:08:49 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7F466E2F335E35480FDDD9337D9E79A3246A4EC2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:61:1e:26:f7:c2:5a:71:6a:ed:e5:9e:61:49:
0e:f2:6f:c3:4f:ec:02:85:28:9f:b3:b2:46:fb:ea:
2f:1d:62:68:8c:76:78:dc:1b:72:87:13:26:2c:06:
06:de:57:47:10:c3:4c:27:b3:60:20:81:09:10:50:
e1:ac:9e:78:ce:cf:a4:9e:bf:1d:88:90:e4:16:d0:
c4:3f:2e:f9:81:a6:cf:19:3b:87:44:dd:16:a0:bc:
3c:fc:69:4c:35:c5:67:2d:aa:cc:90:43:70:54:ae:
9a:fb:ca:2f:d3:f2:dc:3d:00:31:5a:41:3a:7e:d0:
82:69:da:49:9b:2f:46:10:f5:44:da:bb:8e:e2:c4:
86:a3:31:71:e4:31:d5:9c:be:4e:ab:7a:5b:3c:dd:
6d:49:92:1f:0e:9a:62:7d:6a:f9:1c:b8:20:aa:6c:
22:b3:e4:be:fc:c2:6a:1d:76:08:cd:b5:77:3f:9d:
e4:51:5a:f3:70:1a:01:ec:bc:03:e4:af:d2:29:ce:
5e:cf:79:4b:33:15:3f:dd:6d:69:e0:18:71:47:44:
a5:2a:dd:a9:a1:69:f6:27:e8:20:c9:b6:58:90:e1:
e6:23:a9:92:d3:d9:c0:af:7c:d0:aa:81:22:79:ff:
49:33:9e:f8:b2:42:41:b4:27:9e:ae:52:59:56:14:
70:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:46:6E:2F:33:5E:35:48:0F:DD:D9:33:7D:9E:79:A3:24:6A:4E:C2
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/f0ZuLzNeNUgP3dkzfZ55oyRqTsI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
1a:eb:3a:8a:45:0b:93:79:b3:ab:ad:0b:eb:37:bd:6a:41:5e:
86:b4:ce:54:cf:9f:77:ce:65:91:41:ad:4b:de:36:21:8f:f2:
62:16:0a:7a:8b:09:31:15:b4:3f:37:7d:07:60:5f:7a:8e:58:
bb:1d:4c:33:9f:7a:ee:7e:fb:2e:89:dc:b5:62:32:36:39:03:
2b:86:5a:5c:fb:04:53:e1:15:fc:0e:32:54:cc:36:e5:b0:90:
18:f3:db:cd:37:7f:ef:39:da:d1:62:59:74:7b:a4:55:26:d3:
77:18:8c:e5:03:88:c5:97:7e:03:d2:fb:ba:79:f9:37:05:33:
2b:d2:23:83:b9:48:b8:3e:74:87:af:6d:66:2b:c5:ea:6b:c0:
40:0c:81:67:18:7e:1a:19:2d:56:6f:57:93:20:07:8c:52:01:
b0:4b:0c:e1:6b:28:0a:0c:4e:60:52:0e:c7:fe:e0:20:a3:42:
d1:e2:6a:4d:1a:6f:b1:15:7f:bd:ac:77:05:eb:41:44:ca:87:
d5:0a:ed:11:cf:cd:0d:0e:09:e6:f4:a2:7b:7d:29:8f:83:95:
df:95:56:7e:1a:82:48:a2:19:6b:c7:e2:d1:85:ff:56:63:0e:
6f:60:96:71:a7:de:c2:6b:a4:bb:d0:7d:e8:fe:ed:4e:28:50:
9a:0b:04:e5
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIa4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUx
NDA4NDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdGNDY2RTJGMzM1RTM1
NDgwRkRERDkzMzdEOUU3OUEzMjQ2QTRFQzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtYR4m98JacWrt5Z5hSQ7yb8NP7AKFKJ+zskb76i8dYmiMdnjc
G3KHEyYsBgbeV0cQw0wns2AggQkQUOGsnnjOz6Sevx2IkOQW0MQ/LvmBps8ZO4dE
3RagvDz8aUw1xWctqsyQQ3BUrpr7yi/T8tw9ADFaQTp+0IJp2kmbL0YQ9UTau47i
xIajMXHkMdWcvk6rels83W1Jkh8OmmJ9avkcuCCqbCKz5L78wmoddgjNtXc/neRR
WvNwGgHsvAPkr9Ipzl7PeUszFT/dbWngGHFHRKUq3amhafYn6CDJtliQ4eYjqZLT
2cCvfNCqgSJ5/0kznviyQkG0J56uUllWFHChAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUf0ZuLzNeNUgP3dkzfZ55oyRqTsIwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvZjBadUx6TmVOVWdQ
M2RremZaNTVveVJxVHNJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABrrOopFC5N5s6utC+s3vWpBXoa0
zlTPn3fOZZFBrUveNiGP8mIWCnqLCTEVtD83fQdgX3qOWLsdTDOfeu5++y6J3LVi
MjY5AyuGWlz7BFPhFfwOMlTMNuWwkBjz2803f+852tFiWXR7pFUm03cYjOUDiMWX
fgPS+7p5+TcFMyvSI4O5SLg+dIevbWYrxeprwEAMgWcYfhoZLVZvV5MgB4xSAbBL
DOFrKAoMTmBSDsf+4CCjQtHiak0ab7EVf72sdwXrQUTKh9UK7RHPzQ0OCeb0ont9
KY+Dld+VVn4agkiiGWvH4tGF/1ZjDm9glnGn3sJrpLvQfej+7U4oUJoLBOU=
-----END CERTIFICATE-----
Generated at Fri Jun 20 11:38:42 2025 by rpki-client