Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/iuIAQ7CrAI9kEy7zsAYxiIu5h5M.roa
File: iuIAQ7CrAI9kEy7zsAYxiIu5h5M.roa (raw, json)
Hash identifier: 9yF+ygbJsQgnVyyMBCpMCjxAOc0ZAOgUKb4u7//vz24=
Subject key identifier: 8A:E2:00:43:B0:AB:00:8F:64:13:2E:F3:B0:06:31:88:8B:B9:87:93
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 7742
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/iuIAQ7CrAI9kEy7zsAYxiIu5h5M.roa
Signing time: Wed 05 Nov 2025 04:12:33 +0000
ROA not before: Wed 05 Nov 2025 04:12:33 +0000
ROA not after: Fri 23 Oct 2026 03:01:03 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30530 (0x7742)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Nov 5 04:12:33 2025 GMT
Not After : Oct 23 03:01:03 2026 GMT
Subject: CN=8AE20043B0AB008F64132EF3B00631888BB98793
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:63:03:3d:0f:f8:5f:e9:82:c9:82:23:e8:6d:
32:f4:ba:2b:fe:9f:53:0b:04:11:93:ca:18:54:5d:
d0:d7:e7:7d:b6:ac:e3:aa:0a:a4:4b:be:f1:51:8a:
50:c9:ff:da:58:d1:c9:1b:57:bd:9d:56:8e:51:9f:
a7:7c:6e:9b:1a:bb:6d:32:e7:9d:ac:95:96:c1:82:
21:e7:3e:c1:b6:4c:d2:32:2d:65:31:7d:80:84:ef:
a1:bd:6f:f5:9f:67:31:a9:76:49:96:1e:58:02:35:
ea:5d:62:b9:7c:ac:de:e7:6f:a9:bd:28:b0:3d:bc:
77:69:f5:4e:87:35:dc:08:10:38:7d:96:45:a9:60:
ba:54:af:1c:d2:fd:c5:92:ef:98:36:f3:19:cd:d4:
25:d2:d5:45:2a:d1:cf:49:70:2a:e3:44:ad:24:3a:
1a:15:a4:ba:6b:23:9a:4b:dd:b6:61:5d:bc:07:e6:
1c:3a:b6:d5:c7:68:86:91:19:d3:58:45:0a:5c:95:
9c:4e:8a:ac:28:41:c3:af:15:c4:38:7d:00:eb:ad:
35:b4:1c:10:e0:f1:a9:7e:bb:c7:ba:7f:81:fa:cb:
6d:6b:a0:d9:22:5e:08:5d:9d:a9:d5:34:b4:74:45:
db:b8:79:fe:3a:48:74:94:4e:49:f7:ae:9f:73:13:
51:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:E2:00:43:B0:AB:00:8F:64:13:2E:F3:B0:06:31:88:8B:B9:87:93
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/iuIAQ7CrAI9kEy7zsAYxiIu5h5M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
b6:10:6c:19:1e:e8:f5:1c:50:a0:b1:0e:46:74:69:27:4f:82:
9b:c7:b5:6c:25:94:67:6a:d6:55:fb:38:ab:1d:26:80:02:b7:
59:87:84:eb:57:23:5a:e0:22:b4:86:9c:58:65:73:4c:a2:1b:
50:f3:14:6e:cc:89:d7:78:65:04:b0:0b:0e:e3:38:fa:72:6a:
1a:1a:62:8c:88:84:6b:af:2d:9c:f9:6c:5a:50:ef:b2:9b:81:
d4:ba:5d:0c:4b:18:40:da:c6:6b:bd:02:96:fc:28:08:bc:88:
9b:8d:4f:1a:3d:19:01:b3:28:30:00:7c:bc:c3:48:f8:d3:77:
72:eb:f2:4d:07:b8:8c:eb:d3:c3:f9:af:63:4f:97:c4:b4:ca:
67:8f:77:0a:1d:11:0b:0e:83:29:7d:a0:27:2c:86:f3:77:14:
72:2f:6b:16:eb:49:9e:b9:9b:f4:45:6f:6c:e3:5e:41:64:c7:
d5:f8:3a:12:a2:6b:88:28:23:94:c4:67:c3:d0:6a:93:58:b2:
4c:9e:ac:d4:00:98:8a:da:6d:6d:34:9b:f0:7b:61:74:48:59:
8e:71:8c:88:26:d0:65:c7:8b:b6:83:00:2b:b6:df:e2:70:82:
22:08:6f:4a:b3:c9:2b:29:54:d0:91:32:37:d9:b1:56:73:f0:
bc:09:b1:d2
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICd0IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTExMDUw
NDEyMzNaFw0yNjEwMjMwMzAxMDNaMDMxMTAvBgNVBAMTKDhBRTIwMDQzQjBBQjAw
OEY2NDEzMkVGM0IwMDYzMTg4OEJCOTg3OTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCiYwM9D/hf6YLJgiPobTL0uiv+n1MLBBGTyhhUXdDX5322rOOq
CqRLvvFRilDJ/9pY0ckbV72dVo5Rn6d8bpsau20y552slZbBgiHnPsG2TNIyLWUx
fYCE76G9b/WfZzGpdkmWHlgCNepdYrl8rN7nb6m9KLA9vHdp9U6HNdwIEDh9lkWp
YLpUrxzS/cWS75g28xnN1CXS1UUq0c9JcCrjRK0kOhoVpLprI5pL3bZhXbwH5hw6
ttXHaIaRGdNYRQpclZxOiqwoQcOvFcQ4fQDrrTW0HBDg8al+u8e6f4H6y21roNki
XghdnanVNLR0Rdu4ef46SHSUTkn3rp9zE1HVAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUiuIAQ7CrAI9kEy7zsAYxiIu5h5MwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvaXVJQVE3Q3JBSTlr
RXk3enNBWXhpSXU1aDVNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALYQbBke6PUcUKCxDkZ0aSdPgpvH
tWwllGdq1lX7OKsdJoACt1mHhOtXI1rgIrSGnFhlc0yiG1DzFG7Midd4ZQSwCw7j
OPpyahoaYoyIhGuvLZz5bFpQ77KbgdS6XQxLGEDaxmu9Apb8KAi8iJuNTxo9GQGz
KDAAfLzDSPjTd3Lr8k0HuIzr08P5r2NPl8S0ymePdwodEQsOgyl9oCcshvN3FHIv
axbrSZ65m/RFb2zjXkFkx9X4OhKia4goI5TEZ8PQapNYskyerNQAmIrabW00m/B7
YXRIWY5xjIgm0GXHi7aDACu23+JwgiIIb0qzySspVNCRMjfZsVZz8LwJsdI=
-----END CERTIFICATE-----
Generated at Wed Nov 5 08:34:25 2025 by rpki-client