Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/hGYYrzrc4DIC-KPpI6tDzk8NP2M.roa
File: hGYYrzrc4DIC-KPpI6tDzk8NP2M.roa (raw, json)
Hash identifier: ZN61fyw0MIQxSoYIjXPeAT4jquV+5jNbnHKqX2A6ceQ=
Subject key identifier: 84:66:18:AF:3A:DC:E0:32:02:F8:A3:E9:23:AB:43:CE:4F:0D:3F:63
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C76
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/hGYYrzrc4DIC-KPpI6tDzk8NP2M.roa
Signing time: Tue 27 May 2025 07:38:09 +0000
ROA not before: Tue 27 May 2025 07:38:09 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7286 (0x1c76)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 27 07:38:09 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=846618AF3ADCE03202F8A3E923AB43CE4F0D3F63
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:7a:86:2a:bf:ef:dd:df:cc:af:51:ec:1c:b0:
c5:0a:7e:d4:9a:93:bc:cb:0c:f4:38:42:93:aa:b6:
42:8f:9f:2e:2a:16:f6:33:a8:b5:6b:cd:8b:78:af:
ad:d7:fb:ea:e0:b5:26:b4:cd:ba:69:62:00:cf:8f:
05:3c:90:f2:e0:42:18:5e:c5:a0:49:dc:98:62:8d:
02:00:f3:a3:a7:b0:88:4f:c5:4e:a2:69:a5:7c:db:
53:26:3e:2b:86:12:be:a7:fa:81:97:d8:44:0b:ec:
94:ff:e4:a3:04:cc:a8:60:66:b6:fa:4b:e1:fe:d0:
df:f3:27:0f:ea:1c:95:bf:6f:75:0a:59:dc:a6:2f:
a0:ad:b8:5f:aa:bf:b1:21:be:0b:1b:3a:54:e3:59:
a8:83:69:1a:fc:5f:f4:71:69:af:e7:99:79:ef:b5:
9b:67:8d:08:73:39:49:95:c6:30:cb:c7:96:fb:71:
6a:4f:6c:93:cb:a6:d3:09:50:8a:35:b9:0c:96:a3:
ca:64:43:1b:b8:06:7d:aa:8a:20:7b:45:4d:92:ea:
6c:c3:81:f0:c2:69:08:36:b9:0a:6f:fd:f1:7a:4b:
ef:4f:c1:55:88:e0:2e:1b:9c:eb:40:83:f3:ea:37:
18:92:24:f3:15:6c:57:dc:ac:97:62:02:40:a8:47:
ae:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:66:18:AF:3A:DC:E0:32:02:F8:A3:E9:23:AB:43:CE:4F:0D:3F:63
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/hGYYrzrc4DIC-KPpI6tDzk8NP2M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
06:93:57:55:1b:b6:72:09:18:81:75:c3:37:69:0d:b1:63:80:
4f:2d:f4:5f:63:7a:d5:b0:7d:94:a4:0c:c4:6b:82:90:77:e8:
51:1e:cd:26:b5:12:cd:74:6f:b5:92:52:b6:50:07:cd:7e:c2:
b1:d8:6e:6b:35:a1:bb:38:18:fc:e3:03:93:8e:64:56:42:5e:
20:31:b6:84:42:4e:d7:c2:e0:02:6b:2a:65:9a:0f:3c:1a:c6:
3e:e3:36:62:e9:80:05:74:86:e0:c5:5a:51:50:65:7b:31:b0:
3b:1c:09:5a:30:0a:8e:7d:79:21:3b:97:bd:b2:9e:ce:62:4b:
49:4d:1b:6d:41:38:8e:ef:7c:96:2d:e5:6b:85:96:a6:17:32:
dc:d5:f1:fa:f0:83:39:21:a5:60:b8:b6:3d:87:2b:53:6e:71:
42:dc:37:b4:bd:f1:60:e4:04:de:f8:57:cb:95:dd:49:d9:57:
ce:e1:8e:cd:87:d0:a2:4f:f3:79:a4:8c:31:01:00:db:71:d0:
7c:48:69:63:43:85:55:89:22:df:07:f5:de:e7:1f:f7:70:38:
76:b8:bf:62:9a:b9:ef:96:d1:45:23:f2:d1:59:c3:ea:2f:75:
05:83:7f:60:47:03:1c:1f:0d:30:76:84:6c:98:4b:d5:54:0a:
ed:57:75:46
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHHYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1Mjcw
NzM4MDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg0NjYxOEFGM0FEQ0Uw
MzIwMkY4QTNFOTIzQUI0M0NFNEYwRDNGNjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXeoYqv+/d38yvUewcsMUKftSak7zLDPQ4QpOqtkKPny4qFvYz
qLVrzYt4r63X++rgtSa0zbppYgDPjwU8kPLgQhhexaBJ3JhijQIA86OnsIhPxU6i
aaV821MmPiuGEr6n+oGX2EQL7JT/5KMEzKhgZrb6S+H+0N/zJw/qHJW/b3UKWdym
L6CtuF+qv7EhvgsbOlTjWaiDaRr8X/Rxaa/nmXnvtZtnjQhzOUmVxjDLx5b7cWpP
bJPLptMJUIo1uQyWo8pkQxu4Bn2qiiB7RU2S6mzDgfDCaQg2uQpv/fF6S+9PwVWI
4C4bnOtAg/PqNxiSJPMVbFfcrJdiAkCoR65vAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUhGYYrzrc4DIC+KPpI6tDzk8NP2MwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvaEdZWXJ6cmM0RElD
LUtQcEk2dER6azhOUDJNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAAaTV1UbtnIJGIF1wzdpDbFjgE8t
9F9jetWwfZSkDMRrgpB36FEezSa1Es10b7WSUrZQB81+wrHYbms1obs4GPzjA5OO
ZFZCXiAxtoRCTtfC4AJrKmWaDzwaxj7jNmLpgAV0huDFWlFQZXsxsDscCVowCo59
eSE7l72yns5iS0lNG21BOI7vfJYt5WuFlqYXMtzV8frwgzkhpWC4tj2HK1NucULc
N7S98WDkBN74V8uV3UnZV87hjs2H0KJP83mkjDEBANtx0HxIaWNDhVWJIt8H9d7n
H/dwOHa4v2Kaue+W0UUj8tFZw+ovdQWDf2BHAxwfDTB2hGyYS9VUCu1XdUY=
-----END CERTIFICATE-----
Generated at Fri Jun 20 16:30:36 2025 by rpki-client