Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/gfsSLesXysASS5LhKtAqKVd0Mik.roa
File: gfsSLesXysASS5LhKtAqKVd0Mik.roa (raw, json)
Hash identifier: rvnB3LZnMk+9btQN9ilUtWNog1wSAghxWXAWCCP2Iis=
Subject key identifier: 81:FB:12:2D:EB:17:CA:C0:12:4B:92:E1:2A:D0:2A:29:57:74:32:29
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 24DE
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/gfsSLesXysASS5LhKtAqKVd0Mik.roa
Signing time: Wed 11 Jun 2025 06:09:09 +0000
ROA not before: Wed 11 Jun 2025 06:09:09 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9438 (0x24de)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 11 06:09:09 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=81FB122DEB17CAC0124B92E12AD02A2957743229
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:97:11:5c:1d:ec:2f:65:d0:c9:aa:4e:6b:06:
46:94:49:73:f1:af:44:f1:3b:2b:12:5f:da:52:41:
78:17:0a:fc:da:80:ff:c1:27:80:f5:50:e4:e8:02:
61:96:43:9b:30:6f:dd:aa:9c:99:43:0a:84:9e:71:
d6:c1:49:d3:0f:91:d2:28:c2:52:57:c5:79:d1:6d:
c3:ed:9d:fc:ad:1e:cd:32:b8:c3:cf:d1:e5:96:47:
2b:ea:82:d1:96:dc:74:2d:05:e0:b6:d0:1a:5f:ee:
64:b8:21:b8:66:60:1a:8c:94:ab:e4:33:e2:96:ee:
a2:db:92:7c:ec:31:0c:05:3d:72:d7:55:ed:e1:2b:
37:97:9a:de:f3:9e:e6:66:8b:55:34:6e:20:ea:ae:
c2:ed:9d:28:2a:fe:6b:a9:82:e7:eb:9e:32:ea:64:
8d:e7:13:0c:be:62:72:6a:a8:e0:07:d4:77:ce:72:
0b:69:6d:a4:33:a5:16:8b:a8:ed:6c:e0:d0:70:32:
8c:7c:b3:f4:77:33:08:33:9d:ee:da:7e:e4:17:58:
cd:cf:66:cc:53:14:f7:e2:4b:fe:d8:9d:cd:07:2c:
1f:51:05:9c:3d:f8:91:37:64:2c:86:cd:99:fb:77:
c8:c4:f4:38:cc:19:6b:a2:83:95:c4:25:7f:ad:21:
0e:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:FB:12:2D:EB:17:CA:C0:12:4B:92:E1:2A:D0:2A:29:57:74:32:29
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/gfsSLesXysASS5LhKtAqKVd0Mik.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
11:62:ef:13:08:42:df:38:a4:2b:d1:89:f4:c1:54:e8:91:00:
94:b4:77:0c:f7:c8:d3:7b:5c:2e:10:da:0d:a0:e7:74:f8:ae:
c5:60:4d:56:ff:27:c2:91:21:27:87:53:b9:84:ae:f5:c5:05:
68:1f:10:44:ad:2e:56:da:36:ea:91:89:3c:6e:61:d3:1e:89:
85:79:f7:e6:b1:14:ec:c6:c1:fe:70:76:be:1f:00:03:09:86:
5b:28:33:96:99:83:00:f2:a3:f9:60:33:b8:96:82:0d:c7:7e:
14:fd:58:63:45:0b:16:6c:a5:2e:46:87:50:d0:ce:61:4e:f8:
bb:f9:bc:39:e1:c2:2f:ba:ad:a8:bd:da:f6:d1:1c:44:1f:30:
c1:ab:f7:f7:c0:00:97:03:5a:9f:62:33:7f:69:6c:88:22:a2:
7c:be:2f:11:68:05:d2:43:30:34:63:ba:c3:64:3e:36:f3:6c:
01:59:56:f4:7e:56:66:b2:35:e9:ac:f4:01:d2:1c:a2:06:6e:
af:3b:34:09:17:0f:94:8f:fc:e2:f4:04:c2:3f:ff:0e:41:47:
fb:db:b6:a2:b2:6e:b2:c1:a0:5d:bc:ed:a9:16:c2:41:bd:ce:
51:0b:d6:68:e6:23:2b:53:1d:aa:0d:dc:d8:86:2e:b5:e8:ca:
0f:53:c4:81
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJN4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTEw
NjA5MDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDgxRkIxMjJERUIxN0NB
QzAxMjRCOTJFMTJBRDAyQTI5NTc3NDMyMjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDplxFcHewvZdDJqk5rBkaUSXPxr0TxOysSX9pSQXgXCvzagP/B
J4D1UOToAmGWQ5swb92qnJlDCoSecdbBSdMPkdIowlJXxXnRbcPtnfytHs0yuMPP
0eWWRyvqgtGW3HQtBeC20Bpf7mS4IbhmYBqMlKvkM+KW7qLbknzsMQwFPXLXVe3h
KzeXmt7znuZmi1U0biDqrsLtnSgq/mupgufrnjLqZI3nEwy+YnJqqOAH1HfOcgtp
baQzpRaLqO1s4NBwMox8s/R3Mwgzne7afuQXWM3PZsxTFPfiS/7Ync0HLB9RBZw9
+JE3ZCyGzZn7d8jE9DjMGWuig5XEJX+tIQ6ZAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUgfsSLesXysASS5LhKtAqKVd0MikwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvZ2ZzU0xlc1h5c0FT
UzVMaEt0QXFLVmQwTWlrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABFi7xMIQt84pCvRifTBVOiRAJS0
dwz3yNN7XC4Q2g2g53T4rsVgTVb/J8KRISeHU7mErvXFBWgfEEStLlbaNuqRiTxu
YdMeiYV59+axFOzGwf5wdr4fAAMJhlsoM5aZgwDyo/lgM7iWgg3HfhT9WGNFCxZs
pS5Gh1DQzmFO+Lv5vDnhwi+6rai92vbRHEQfMMGr9/fAAJcDWp9iM39pbIgiony+
LxFoBdJDMDRjusNkPjbzbAFZVvR+VmayNems9AHSHKIGbq87NAkXD5SP/OL0BMI/
/w5BR/vbtqKybrLBoF287akWwkG9zlEL1mjmIytTHaoN3NiGLrXoyg9TxIE=
-----END CERTIFICATE-----
Generated at Sat Jun 21 00:55:43 2025 by rpki-client