Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/hYSbkstlFZ5CsuGypw7BDrTFYkQ.roa
File: hYSbkstlFZ5CsuGypw7BDrTFYkQ.roa (raw, json)
Hash identifier: gbGuyhkNlDShWnL709KDTsjnI5rro323hTisE6LRz6E=
Subject key identifier: 85:84:9B:92:CB:65:15:9E:42:B2:E1:B2:A7:0E:C1:0E:B4:C5:62:44
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C7F
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/hYSbkstlFZ5CsuGypw7BDrTFYkQ.roa
Signing time: Tue 27 May 2025 09:08:09 +0000
ROA not before: Tue 27 May 2025 09:08:09 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7295 (0x1c7f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 27 09:08:09 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=85849B92CB65159E42B2E1B2A70EC10EB4C56244
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:7e:38:1e:3f:b0:fb:83:cd:e8:7f:91:41:1b:
89:d3:76:0a:3f:5d:31:da:73:b0:56:a1:35:3a:ee:
d5:ad:88:ea:73:d2:aa:2d:d8:85:c7:db:53:9b:a3:
cd:68:52:c0:99:98:c5:88:37:7c:ed:62:b8:41:18:
60:be:91:63:81:c6:90:27:94:53:7a:31:81:d7:64:
de:00:bd:1b:2e:d0:55:f6:5c:f0:67:2b:90:c0:26:
d1:14:a0:26:15:37:e6:fc:51:44:1b:59:2a:20:37:
c6:33:95:82:b5:5d:97:f0:d2:0f:d4:58:1d:b1:5b:
f0:17:f6:a2:30:88:3c:0d:bf:68:85:31:ca:ce:20:
6e:53:02:df:90:ec:dc:ea:51:bd:7b:4b:06:b3:ac:
28:c2:79:65:5e:40:15:42:50:37:40:d5:c7:2d:aa:
c9:51:d1:80:6e:1d:ae:cf:a7:61:e6:f8:4c:ba:d4:
09:7a:16:04:eb:a9:99:da:f1:59:61:4a:cd:17:62:
6f:80:5a:10:ca:f9:94:0b:3c:38:8f:c5:da:d0:12:
18:3a:ed:d7:c4:54:01:3d:be:42:89:5f:54:19:f6:
ff:d8:13:5e:ec:7d:d8:53:e1:d2:be:8f:d2:3e:9f:
87:5e:bb:2f:bf:58:91:7b:29:4d:53:bc:cb:05:00:
65:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:84:9B:92:CB:65:15:9E:42:B2:E1:B2:A7:0E:C1:0E:B4:C5:62:44
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/hYSbkstlFZ5CsuGypw7BDrTFYkQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
53:86:a6:33:92:e1:c8:9a:48:f3:00:5d:0a:09:86:36:1f:f3:
9b:d9:cf:17:50:9a:ae:bf:ca:48:0e:9f:be:f4:db:9b:b8:31:
aa:5a:cb:c7:2a:5d:24:1e:c9:fe:0c:16:28:2e:1b:0f:e4:21:
b9:27:84:fa:f0:22:bb:48:09:44:a4:67:4f:43:85:5f:82:21:
a7:c7:98:8b:d6:59:36:f0:77:15:8b:60:58:8f:0d:a4:29:c5:
e7:b1:96:10:63:91:31:f1:eb:49:96:79:d0:a2:cd:de:52:0d:
c9:68:69:07:6b:90:e1:99:15:09:28:57:c1:7e:04:b4:90:14:
82:51:a3:03:1e:06:79:e3:4b:88:88:56:d6:21:ff:16:b3:e5:
fc:f7:8b:c7:42:fb:27:37:0e:f5:3d:59:e2:a3:29:ee:77:23:
8d:a5:c7:28:d1:06:78:25:37:63:77:00:a7:cb:8f:83:3a:fa:
1c:51:e5:ad:16:3e:01:40:40:02:7d:10:0d:7e:8e:ff:93:44:
86:9d:26:43:ae:32:9a:ea:2b:da:7d:50:08:3b:23:fe:ac:23:
cb:bd:74:a5:76:e4:56:bc:a2:4a:01:65:ea:b2:25:37:29:d2:
4e:f6:b3:90:3a:c0:0e:de:9b:e4:81:a7:9a:0e:c7:6a:d2:f3:
e3:8b:23:05
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHH8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1Mjcw
OTA4MDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg1ODQ5QjkyQ0I2NTE1
OUU0MkIyRTFCMkE3MEVDMTBFQjRDNTYyNDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtfjgeP7D7g83of5FBG4nTdgo/XTHac7BWoTU67tWtiOpz0qot
2IXH21Obo81oUsCZmMWIN3ztYrhBGGC+kWOBxpAnlFN6MYHXZN4AvRsu0FX2XPBn
K5DAJtEUoCYVN+b8UUQbWSogN8YzlYK1XZfw0g/UWB2xW/AX9qIwiDwNv2iFMcrO
IG5TAt+Q7NzqUb17SwazrCjCeWVeQBVCUDdA1cctqslR0YBuHa7Pp2Hm+Ey61Al6
FgTrqZna8VlhSs0XYm+AWhDK+ZQLPDiPxdrQEhg67dfEVAE9vkKJX1QZ9v/YE17s
fdhT4dK+j9I+n4deuy+/WJF7KU1TvMsFAGW1AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUhYSbkstlFZ5CsuGypw7BDrTFYkQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvaFlTYmtzdGxGWjVD
c3VHeXB3N0JEclRGWWtRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAFOGpjOS4ciaSPMAXQoJhjYf85vZ
zxdQmq6/ykgOn77025u4Mapay8cqXSQeyf4MFiguGw/kIbknhPrwIrtICUSkZ09D
hV+CIafHmIvWWTbwdxWLYFiPDaQpxeexlhBjkTHx60mWedCizd5SDcloaQdrkOGZ
FQkoV8F+BLSQFIJRowMeBnnjS4iIVtYh/xaz5fz3i8dC+yc3DvU9WeKjKe53I42l
xyjRBnglN2N3AKfLj4M6+hxR5a0WPgFAQAJ9EA1+jv+TRIadJkOuMprqK9p9UAg7
I/6sI8u9dKV25Fa8okoBZeqyJTcp0k72s5A6wA7em+SBp5oOx2rS8+OLIwU=
-----END CERTIFICATE-----
Generated at Sun Jun 22 15:11:09 2025 by rpki-client