Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/iky9iuAJJ9dbrNZlFZ_7dOKvuok.roa
File: iky9iuAJJ9dbrNZlFZ_7dOKvuok.roa (raw, json)
Hash identifier: PdnuyT3d5Th5PqdB5E+9WLzs8mYUScxF42Sd79oMx5I=
Subject key identifier: 8A:4C:BD:8A:E0:09:27:D7:5B:AC:D6:65:15:9F:FB:74:E2:AF:BA:89
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2543
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/iky9iuAJJ9dbrNZlFZ_7dOKvuok.roa
Signing time: Wed 11 Jun 2025 23:09:16 +0000
ROA not before: Wed 11 Jun 2025 23:09:16 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9539 (0x2543)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 11 23:09:16 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8A4CBD8AE00927D75BACD665159FFB74E2AFBA89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:8c:e4:e0:31:29:ab:93:1e:fe:fc:59:58:01:
9a:a3:4f:22:92:01:79:3a:b3:72:02:5a:92:a7:a4:
44:5b:d2:e9:fd:31:9f:c8:99:da:3c:16:d8:fe:46:
a6:64:e0:da:2a:4d:5d:9f:12:8e:b3:9c:cd:f6:84:
c7:46:25:b2:89:02:f9:25:e5:91:1f:b1:a0:e8:ac:
e5:a1:91:fd:af:a5:75:63:bf:f5:7d:65:f0:a4:ad:
14:7f:43:3d:5b:74:05:5e:98:2d:b8:ef:ec:03:1c:
b2:ee:63:7b:0e:20:4c:6b:05:8f:58:04:c7:fd:b7:
d4:1d:32:3c:ad:71:11:a8:1e:c1:78:80:d0:fa:f6:
ca:e7:e0:36:20:ab:73:c9:49:02:3f:40:67:cb:0c:
cb:48:51:27:d1:56:49:a9:01:9c:7f:13:6f:bb:af:
48:11:1f:16:9f:d9:e7:19:df:a8:6b:58:ba:d3:fe:
45:83:1b:bc:af:48:a2:21:78:53:8a:96:91:c8:a9:
a0:70:6c:7b:c4:a5:49:d9:c1:49:c3:de:4f:4b:15:
96:13:ae:14:eb:4f:3a:b7:6b:be:a9:a2:73:2c:be:
86:a5:d8:99:07:0f:b8:13:f9:ac:50:52:44:05:a6:
ec:00:64:f4:8e:8e:52:12:16:ce:b5:c3:c9:c2:fc:
80:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:4C:BD:8A:E0:09:27:D7:5B:AC:D6:65:15:9F:FB:74:E2:AF:BA:89
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/iky9iuAJJ9dbrNZlFZ_7dOKvuok.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
6c:5b:49:d2:7c:e6:7f:f1:1d:83:aa:66:4e:70:0c:38:b2:73:
0f:fd:94:b7:ca:7e:44:e1:5c:da:fa:3f:23:d4:84:e4:78:90:
00:b8:08:ba:84:70:1c:e5:6b:dd:9e:19:47:e1:ee:14:eb:a1:
be:8f:3b:61:fe:70:46:14:16:8f:e2:fe:79:b3:42:d5:ea:c2:
92:47:80:22:fe:19:32:f6:0e:80:01:8d:16:2b:fb:7b:80:82:
ac:38:32:ad:de:bc:a1:df:bd:b6:3b:ab:54:86:da:7b:69:1f:
52:30:4f:5c:66:db:28:1a:68:bb:db:bc:6c:a0:09:39:ae:e4:
7d:f0:f6:6f:e3:94:d6:d7:0e:de:42:60:28:38:d3:76:57:39:
0e:95:b9:26:da:90:3f:03:a1:c2:09:48:9b:dd:6d:5f:e1:71:
af:54:4f:c8:81:e1:ca:4b:16:02:40:22:62:99:c6:51:77:20:
84:b3:5c:cc:a3:60:26:07:2d:26:a4:3c:1e:ce:fc:25:9d:f3:
b8:9d:f2:0f:29:83:bd:9b:83:45:d3:e2:e2:58:13:c3:a4:0e:
93:df:05:c2:dd:9f:5c:45:78:aa:c7:bd:aa:62:9e:ca:49:90:
b0:fa:70:62:11:0a:7f:72:cc:2a:50:3a:03:1b:49:1b:2b:63:
8a:cd:e3:bc
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJUMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTEy
MzA5MTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDhBNENCRDhBRTAwOTI3
RDc1QkFDRDY2NTE1OUZGQjc0RTJBRkJBODkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4jOTgMSmrkx7+/FlYAZqjTyKSAXk6s3ICWpKnpERb0un9MZ/I
mdo8Ftj+RqZk4NoqTV2fEo6znM32hMdGJbKJAvkl5ZEfsaDorOWhkf2vpXVjv/V9
ZfCkrRR/Qz1bdAVemC247+wDHLLuY3sOIExrBY9YBMf9t9QdMjytcRGoHsF4gND6
9srn4DYgq3PJSQI/QGfLDMtIUSfRVkmpAZx/E2+7r0gRHxaf2ecZ36hrWLrT/kWD
G7yvSKIheFOKlpHIqaBwbHvEpUnZwUnD3k9LFZYTrhTrTzq3a76ponMsvoal2JkH
D7gT+axQUkQFpuwAZPSOjlISFs61w8nC/IBXAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUiky9iuAJJ9dbrNZlFZ/7dOKvuokwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvaWt5OWl1QUpKOWRi
ck5abEZaXzdkT0t2dW9rLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGxbSdJ85n/xHYOqZk5wDDiycw/9
lLfKfkThXNr6PyPUhOR4kAC4CLqEcBzla92eGUfh7hTrob6PO2H+cEYUFo/i/nmz
QtXqwpJHgCL+GTL2DoABjRYr+3uAgqw4Mq3evKHfvbY7q1SG2ntpH1IwT1xm2yga
aLvbvGygCTmu5H3w9m/jlNbXDt5CYCg403ZXOQ6VuSbakD8DocIJSJvdbV/hca9U
T8iB4cpLFgJAImKZxlF3IISzXMyjYCYHLSakPB7O/CWd87id8g8pg72bg0XT4uJY
E8OkDpPfBcLdn1xFeKrHvapinspJkLD6cGIRCn9yzCpQOgMbSRsrY4rN47w=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:36:55 2025 by rpki-client