Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/iJyXyO0bSOlf2f9ZcQKPfjGVhGQ.roa
File: iJyXyO0bSOlf2f9ZcQKPfjGVhGQ.roa (raw, json)
Hash identifier: a6RC6HxqYPs+1PBrBbUidM5TkUcIHMnRorkX2GetNXE=
Subject key identifier: 88:9C:97:C8:ED:1B:48:E9:5F:D9:FF:59:71:02:8F:7E:31:95:84:64
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2660
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/iJyXyO0bSOlf2f9ZcQKPfjGVhGQ.roa
Signing time: Fri 13 Jun 2025 22:39:17 +0000
ROA not before: Fri 13 Jun 2025 22:39:17 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9824 (0x2660)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 22:39:17 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=889C97C8ED1B48E95FD9FF5971028F7E31958464
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:dc:0a:b0:be:8c:81:35:6e:c5:61:95:0b:43:
a2:1c:5b:2f:ad:24:9b:55:dc:96:92:ae:95:2d:18:
88:1e:e3:12:fc:0d:b9:dc:be:ac:4d:39:90:ac:3e:
81:fa:87:5b:af:77:ed:77:e4:5a:53:9e:da:03:95:
90:c1:de:51:6e:f7:17:00:b6:24:f7:af:e6:5d:c8:
f4:3c:11:84:e1:e2:a9:26:7d:64:09:cb:3f:92:ba:
6a:95:60:75:81:46:31:2b:50:a5:00:fa:db:c7:1a:
f0:e9:8a:26:24:af:8e:78:3d:1e:26:1d:75:e9:04:
ec:69:cc:e2:b2:10:16:60:b1:70:34:a2:b6:8a:01:
c8:2b:be:38:97:99:36:81:01:5d:32:e5:0f:85:1e:
e7:fc:ca:43:2e:f8:b9:b5:d7:00:c4:30:c2:6a:1b:
91:3d:2c:d8:da:f7:db:94:c9:4d:7a:69:31:28:fc:
6b:d4:9b:6f:3d:0f:a6:5c:d2:f2:44:cb:68:73:5d:
35:ab:7d:4a:4f:f8:08:68:9f:3a:9f:ea:37:4c:39:
1b:77:a5:61:cb:8f:27:cd:9b:73:99:53:a5:2b:7d:
2e:33:8f:5b:28:05:a6:38:87:94:91:77:e8:87:cd:
62:ef:43:1c:fb:05:67:05:78:de:38:18:80:09:0c:
ba:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:9C:97:C8:ED:1B:48:E9:5F:D9:FF:59:71:02:8F:7E:31:95:84:64
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/iJyXyO0bSOlf2f9ZcQKPfjGVhGQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
81:9b:20:02:11:88:5a:b7:8a:72:ed:ff:1c:75:1e:98:c9:27:
ce:36:32:28:71:a8:fb:34:49:4d:b3:b2:9f:48:40:78:df:9a:
83:48:27:8e:7b:5c:56:4b:87:70:65:5d:43:8f:e2:7a:0f:2b:
70:c2:9f:8a:98:3f:bd:26:66:94:5e:41:db:ea:5e:08:2a:de:
ab:f6:73:3a:06:93:9d:8c:8b:ae:cc:0b:9c:81:80:e0:01:a7:
c6:02:39:5e:59:08:15:dc:f1:30:40:9c:fa:34:ad:2f:b3:51:
ff:d4:73:da:87:40:c5:f7:ce:28:42:2a:da:c7:bc:77:38:5f:
b6:e5:d6:47:75:ec:49:94:b1:f1:53:28:c8:14:f8:ce:80:2c:
17:f2:b6:bf:68:26:2f:b0:a4:93:cf:fd:04:ec:00:19:37:50:
4e:60:2b:6e:5b:f4:89:c9:dd:52:24:29:f7:47:e1:ae:63:d9:
fc:d5:b8:06:27:97:99:94:f9:cb:7e:5c:df:7c:ae:db:ac:f5:
42:da:8b:84:e1:30:d6:3e:87:53:83:3a:58:a6:7c:19:36:1f:
d7:46:e9:56:59:e6:82:f4:da:75:1e:4d:89:56:32:3d:a6:c1:
42:5f:14:50:af:80:cb:2f:4b:b7:94:51:a4:e0:d0:ac:8e:fc:
74:e0:79:14
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJmAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMy
MjM5MTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDg4OUM5N0M4RUQxQjQ4
RTk1RkQ5RkY1OTcxMDI4RjdFMzE5NTg0NjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDY3AqwvoyBNW7FYZULQ6IcWy+tJJtV3JaSrpUtGIge4xL8Dbnc
vqxNOZCsPoH6h1uvd+135FpTntoDlZDB3lFu9xcAtiT3r+ZdyPQ8EYTh4qkmfWQJ
yz+SumqVYHWBRjErUKUA+tvHGvDpiiYkr454PR4mHXXpBOxpzOKyEBZgsXA0oraK
AcgrvjiXmTaBAV0y5Q+FHuf8ykMu+Lm11wDEMMJqG5E9LNja99uUyU16aTEo/GvU
m289D6Zc0vJEy2hzXTWrfUpP+Ahonzqf6jdMORt3pWHLjyfNm3OZU6UrfS4zj1so
BaY4h5SRd+iHzWLvQxz7BWcFeN44GIAJDLovAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUiJyXyO0bSOlf2f9ZcQKPfjGVhGQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvaUp5WHlPMGJTT2xm
MmY5WmNRS1BmakdWaEdRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAIGbIAIRiFq3inLt/xx1HpjJJ842
MihxqPs0SU2zsp9IQHjfmoNIJ457XFZLh3BlXUOP4noPK3DCn4qYP70mZpReQdvq
Xggq3qv2czoGk52Mi67MC5yBgOABp8YCOV5ZCBXc8TBAnPo0rS+zUf/Uc9qHQMX3
zihCKtrHvHc4X7bl1kd17EmUsfFTKMgU+M6ALBfytr9oJi+wpJPP/QTsABk3UE5g
K25b9InJ3VIkKfdH4a5j2fzVuAYnl5mU+ct+XN98rtus9ULai4ThMNY+h1ODOlim
fBk2H9dG6VZZ5oL02nUeTYlWMj2mwUJfFFCvgMsvS7eUUaTg0KyO/HTgeRQ=
-----END CERTIFICATE-----
Generated at Sat Jun 21 03:49:12 2025 by rpki-client