Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/iBddn7-1IbNQU7EXqYDtp6S8UXI.roa
File: iBddn7-1IbNQU7EXqYDtp6S8UXI.roa (raw, json)
Hash identifier: 200arxkGOMuixgJSzE5j5siKmfMyKR9wq1NEHyzjnho=
Subject key identifier: 88:17:5D:9F:BF:B5:21:B3:50:53:B1:17:A9:80:ED:A7:A4:BC:51:72
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 22DD
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/iBddn7-1IbNQU7EXqYDtp6S8UXI.roa
Signing time: Sat 07 Jun 2025 16:38:53 +0000
ROA not before: Sat 07 Jun 2025 16:38:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8925 (0x22dd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 7 16:38:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=88175D9FBFB521B35053B117A980EDA7A4BC5172
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:5b:b3:f9:26:3e:a1:ac:9a:ec:93:ab:a3:2a:
19:86:f4:e3:c9:c1:d8:b7:04:2f:34:37:ed:ef:9a:
06:75:21:2f:b1:b2:d2:f9:7f:3c:a5:38:76:56:6b:
c0:63:15:73:f0:39:08:d0:37:f4:ff:55:5b:6f:b5:
15:2c:42:bc:be:00:f4:55:56:74:90:91:bf:c3:c3:
ac:90:aa:53:bf:b4:b7:10:b2:8f:41:d3:41:7d:32:
b1:3f:5b:ea:e3:f5:1e:60:6a:9f:3c:6a:95:72:e4:
c2:cc:f1:f0:97:1d:a2:49:66:2c:bc:cd:c0:26:11:
87:09:80:f7:d0:ee:26:6b:1f:6d:f5:bb:36:dd:6c:
11:0b:f9:99:91:ea:ca:ba:0a:3a:ee:1a:b5:d1:c6:
ef:d9:8b:ab:ce:95:6b:eb:82:ee:da:97:c3:5a:9d:
ea:86:dc:cd:d5:a1:18:cb:d4:16:65:da:de:8b:ef:
cf:a8:4c:7c:df:bd:af:46:bf:4b:5b:de:93:b5:93:
c5:f7:01:9e:99:2e:bd:e9:0a:07:c8:a8:46:4e:4e:
b1:7c:eb:c5:31:42:c1:5f:65:9c:e3:07:ea:92:55:
93:d5:bb:4f:50:0c:42:33:73:a3:ab:0e:42:85:62:
f7:a3:93:9e:b3:f3:74:66:ce:ab:0f:1e:40:49:c0:
71:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:17:5D:9F:BF:B5:21:B3:50:53:B1:17:A9:80:ED:A7:A4:BC:51:72
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/iBddn7-1IbNQU7EXqYDtp6S8UXI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
bb:73:05:c0:eb:cf:76:0b:09:df:d8:0a:c5:bd:d7:83:b3:13:
a0:79:26:15:7d:69:36:79:2d:2f:d4:a6:e3:24:39:c3:2e:07:
59:95:3d:55:73:d6:3f:2c:9a:45:e3:b6:a9:05:92:f5:dc:47:
f0:43:af:43:d1:45:77:1e:08:b3:4b:a5:bb:3e:32:48:05:3f:
db:f8:ad:94:75:02:e1:ca:22:63:63:21:e5:79:2c:9b:c9:0f:
4d:52:e0:ba:d6:b9:e3:fd:eb:5d:e9:2a:50:78:57:c3:c3:8b:
16:11:8f:d0:10:fe:7e:cc:0e:99:fd:46:8d:19:eb:6c:ee:7c:
67:79:e0:d1:52:4e:ea:5a:db:8b:ee:57:09:b8:fe:08:ea:3e:
37:e8:6f:62:ca:74:e5:a2:08:d4:55:bf:05:23:e2:b3:04:96:
b7:a5:c8:c4:98:0e:fe:e4:55:8d:6a:12:a6:3f:0d:6e:2b:c2:
f3:10:5c:28:9d:ad:8a:39:48:62:c0:0a:04:f2:ad:54:74:2e:
cb:59:58:d8:c2:4f:65:82:d1:d2:8b:4c:be:4f:47:4b:3d:7d:
b6:2e:b6:96:01:ef:c9:af:34:fb:14:8f:c0:a8:c9:fb:55:43:
a8:a5:4e:5c:4a:2a:f3:6e:99:a8:c9:53:bc:5c:62:36:66:f6:
97:b7:a1:b3
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIt0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDcx
NjM4NTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg4MTc1RDlGQkZCNTIx
QjM1MDUzQjExN0E5ODBFREE3QTRCQzUxNzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDeW7P5Jj6hrJrsk6ujKhmG9OPJwdi3BC80N+3vmgZ1IS+xstL5
fzylOHZWa8BjFXPwOQjQN/T/VVtvtRUsQry+APRVVnSQkb/Dw6yQqlO/tLcQso9B
00F9MrE/W+rj9R5gap88apVy5MLM8fCXHaJJZiy8zcAmEYcJgPfQ7iZrH231uzbd
bBEL+ZmR6sq6CjruGrXRxu/Zi6vOlWvrgu7al8NaneqG3M3VoRjL1BZl2t6L78+o
THzfva9Gv0tb3pO1k8X3AZ6ZLr3pCgfIqEZOTrF868UxQsFfZZzjB+qSVZPVu09Q
DEIzc6OrDkKFYvejk56z83RmzqsPHkBJwHEBAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUiBddn7+1IbNQU7EXqYDtp6S8UXIwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvaUJkZG43LTFJYk5R
VTdFWHFZRHRwNlM4VVhJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALtzBcDrz3YLCd/YCsW914OzE6B5
JhV9aTZ5LS/UpuMkOcMuB1mVPVVz1j8smkXjtqkFkvXcR/BDr0PRRXceCLNLpbs+
MkgFP9v4rZR1AuHKImNjIeV5LJvJD01S4LrWueP9613pKlB4V8PDixYRj9AQ/n7M
Dpn9Ro0Z62zufGd54NFSTupa24vuVwm4/gjqPjfob2LKdOWiCNRVvwUj4rMElrel
yMSYDv7kVY1qEqY/DW4rwvMQXCidrYo5SGLACgTyrVR0LstZWNjCT2WC0dKLTL5P
R0s9fbYutpYB78mvNPsUj8CoyftVQ6ilTlxKKvNumajJU7xcYjZm9pe3obM=
-----END CERTIFICATE-----
Generated at Sat Jun 21 03:25:18 2025 by rpki-client