Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/ftfuKaWMo0E1xU7mnDCyfVYQ_dw.roa
File: ftfuKaWMo0E1xU7mnDCyfVYQ_dw.roa (raw, json)
Hash identifier: GtYPCy/4UCbJYM8QJbGK3Ql5hMS7StDfHnLw09XnGQo=
Subject key identifier: 7E:D7:EE:29:A5:8C:A3:41:35:C5:4E:E6:9C:30:B2:7D:56:10:FD:DC
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C28
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ftfuKaWMo0E1xU7mnDCyfVYQ_dw.roa
Signing time: Mon 26 May 2025 18:38:08 +0000
ROA not before: Mon 26 May 2025 18:38:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7208 (0x1c28)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 26 18:38:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7ED7EE29A58CA34135C54EE69C30B27D5610FDDC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:de:3e:e6:ee:d5:e7:60:c6:76:91:8a:49:00:
1a:3a:f4:b1:59:b5:6a:14:95:1d:e4:54:11:29:f8:
1a:19:10:43:55:4d:7d:a8:0c:bc:b9:b5:20:7e:95:
2c:be:34:cf:4b:ac:89:a5:5c:cc:98:72:5b:a7:9d:
ee:1d:e8:16:6e:a0:0e:07:9d:ec:36:c7:e6:58:fb:
ec:40:53:e5:e1:6f:57:3d:34:99:a0:5a:1a:4e:ea:
a2:8a:58:c7:3e:07:fe:0d:ca:93:4e:64:3c:7f:a1:
e4:87:2f:e5:06:11:d5:2d:2f:7c:13:3d:f4:da:6e:
a9:6a:41:8f:a5:19:52:bd:0d:7a:26:55:55:96:01:
e7:25:62:8e:fd:e7:7d:8a:ef:ae:f5:18:32:6b:87:
3c:0a:b3:80:fc:c8:be:c4:e1:ba:60:ac:81:af:c7:
71:6e:53:8c:c2:f0:e7:53:b1:74:c0:bc:03:6e:1c:
e2:16:a9:87:f8:4d:06:ec:c4:f2:f9:d1:5f:b2:b1:
b4:84:91:62:50:a7:bb:3d:fc:dc:d2:5b:b2:c1:0f:
a0:9a:16:d5:68:ad:d4:0a:51:a4:ab:80:55:6e:09:
d7:b8:52:4a:10:0d:7d:a9:68:29:85:48:87:81:2a:
ce:3c:dc:73:ec:70:ce:cb:fb:22:c0:d4:3c:40:eb:
5d:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:D7:EE:29:A5:8C:A3:41:35:C5:4E:E6:9C:30:B2:7D:56:10:FD:DC
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ftfuKaWMo0E1xU7mnDCyfVYQ_dw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
78:39:a7:76:9d:53:9e:e8:a2:59:15:08:05:15:d9:f3:98:19:
e9:f5:7a:34:82:7d:e6:ef:bf:04:27:eb:68:15:0b:85:71:48:
55:33:b1:34:42:15:cf:72:42:65:74:08:c6:25:d2:be:f9:0d:
69:d6:57:cd:7d:fc:94:7b:d7:c9:f6:19:1d:37:c6:36:98:d2:
44:b0:64:ac:ac:e3:6c:60:01:55:20:07:fb:89:59:67:28:1a:
c1:1b:00:d1:31:14:33:f3:d2:a9:51:39:25:52:53:ea:49:6f:
6a:db:93:f4:54:de:11:e2:b3:67:ed:59:f4:bf:ab:57:c7:aa:
db:d3:1e:f1:bb:8d:11:85:58:15:67:f6:39:ba:0a:9e:77:70:
99:7d:a5:41:e7:7c:6e:de:9e:c5:28:5b:85:78:7b:d2:63:00:
4a:1a:8e:a6:13:ed:ff:97:62:c4:29:7b:4b:40:8e:02:08:60:
ae:b4:a0:9b:51:4f:33:94:f7:97:38:bb:6f:b7:62:ae:a0:92:
79:6f:3e:20:b8:eb:e8:d0:03:be:c3:58:cd:10:d2:1f:63:69:
78:27:17:fa:63:a7:ed:10:74:d0:1d:d9:c4:2e:60:c4:a2:28:
07:84:9b:c0:b2:b4:29:9e:cd:77:98:3b:ae:35:f1:1c:07:6a:
4e:59:2f:7f
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHCgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MjYx
ODM4MDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdFRDdFRTI5QTU4Q0Ez
NDEzNUM1NEVFNjlDMzBCMjdENTYxMEZEREMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCz3j7m7tXnYMZ2kYpJABo69LFZtWoUlR3kVBEp+BoZEENVTX2o
DLy5tSB+lSy+NM9LrImlXMyYclunne4d6BZuoA4Hnew2x+ZY++xAU+Xhb1c9NJmg
WhpO6qKKWMc+B/4NypNOZDx/oeSHL+UGEdUtL3wTPfTabqlqQY+lGVK9DXomVVWW
AeclYo79532K7671GDJrhzwKs4D8yL7E4bpgrIGvx3FuU4zC8OdTsXTAvANuHOIW
qYf4TQbsxPL50V+ysbSEkWJQp7s9/NzSW7LBD6CaFtVordQKUaSrgFVuCde4UkoQ
DX2paCmFSIeBKs483HPscM7L+yLA1DxA613RAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUftfuKaWMo0E1xU7mnDCyfVYQ/dwwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvZnRmdUthV01vMEUx
eFU3bW5EQ3lmVllRX2R3LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAHg5p3adU57oolkVCAUV2fOYGen1
ejSCfebvvwQn62gVC4VxSFUzsTRCFc9yQmV0CMYl0r75DWnWV819/JR718n2GR03
xjaY0kSwZKys42xgAVUgB/uJWWcoGsEbANExFDPz0qlROSVSU+pJb2rbk/RU3hHi
s2ftWfS/q1fHqtvTHvG7jRGFWBVn9jm6Cp53cJl9pUHnfG7ensUoW4V4e9JjAEoa
jqYT7f+XYsQpe0tAjgIIYK60oJtRTzOU95c4u2+3Yq6gknlvPiC46+jQA77DWM0Q
0h9jaXgnF/pjp+0QdNAd2cQuYMSiKAeEm8CytCmezXeYO6418RwHak5ZL38=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:42:38 2025 by rpki-client