Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/kaDFhAt2DpCvMs5Gmr3ZX4K7_VQ.roa
File: kaDFhAt2DpCvMs5Gmr3ZX4K7_VQ.roa (raw, json)
Hash identifier: 0pu6E5QFX71X5DogkgriHrQ+W0SsSsJ4AHnzqyQW1Q4=
Subject key identifier: 91:A0:C5:84:0B:76:0E:90:AF:32:CE:46:9A:BD:D9:5F:82:BB:FD:54
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2091
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/kaDFhAt2DpCvMs5Gmr3ZX4K7_VQ.roa
Signing time: Tue 03 Jun 2025 14:38:39 +0000
ROA not before: Tue 03 Jun 2025 14:38:39 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8337 (0x2091)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 3 14:38:39 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=91A0C5840B760E90AF32CE469ABDD95F82BBFD54
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:d3:aa:c6:46:0b:8c:cf:37:22:9b:e7:91:53:
91:2d:14:57:ee:43:ef:dd:03:d5:e6:42:6c:9d:c0:
bb:2a:60:db:a3:82:aa:7b:60:e3:0a:a0:2a:fc:c5:
fa:0a:a6:9a:63:3a:f0:a9:bb:12:90:2f:00:4e:b7:
38:92:39:10:f5:58:23:d4:ac:70:a8:31:89:37:74:
1b:c6:fa:c8:93:9b:ca:69:56:d9:18:db:99:43:74:
a5:3e:2c:7f:ce:46:c4:70:4b:25:74:00:60:19:fd:
87:c3:e6:7d:d1:47:10:0c:21:6b:6f:66:8e:41:b4:
9f:f6:73:ef:ee:e5:57:c4:2c:fa:0f:ff:bd:93:58:
bf:33:44:9a:50:d4:32:53:e0:ea:5f:85:e8:29:08:
5a:20:8d:b5:7e:39:57:60:de:8d:3a:07:c4:75:a0:
d6:89:ba:a8:66:f7:d7:98:3c:ae:fa:d6:ba:cc:60:
57:d9:5e:38:47:04:50:1f:0a:53:be:ba:21:57:83:
1a:70:41:59:d2:bf:66:d2:60:dd:16:95:73:a0:86:
e6:69:5f:68:d0:80:64:0f:75:b4:6c:2a:e2:31:4e:
a9:27:d3:38:64:34:08:21:f5:29:e1:f0:fe:7a:04:
c5:84:4b:e9:33:18:bd:81:50:4e:a2:d5:3d:33:ec:
99:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:A0:C5:84:0B:76:0E:90:AF:32:CE:46:9A:BD:D9:5F:82:BB:FD:54
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/kaDFhAt2DpCvMs5Gmr3ZX4K7_VQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
18:a1:18:a3:97:d2:62:87:2c:32:10:c7:c8:d6:06:8f:16:d3:
c3:f1:5c:0b:9e:35:53:12:a6:94:b1:57:07:47:15:8f:a5:0b:
2e:d9:96:92:dd:a4:6c:c1:ed:65:ee:b0:f9:e4:e2:14:d7:28:
ef:69:9e:b5:df:0e:94:42:73:7d:58:91:81:a4:d2:20:d2:0a:
56:73:b8:d4:fa:79:bc:d1:e4:8e:fa:44:8a:6b:24:7c:13:c6:
27:2c:d7:6e:d8:1d:60:c2:0b:8c:a2:b4:2f:23:b2:df:86:ae:
09:50:19:a7:d8:bb:58:b4:0b:5f:d4:17:10:72:1b:82:0e:47:
ff:8a:41:db:44:24:01:81:77:7e:c4:35:52:b1:35:30:cf:e0:
b5:54:81:33:4c:4a:16:27:d8:fa:d0:dc:c7:37:8a:bc:82:e9:
71:95:91:ab:4d:b4:c8:d3:77:51:56:98:37:32:dd:fb:aa:0c:
b3:aa:37:de:7c:3a:42:88:bf:ba:24:bb:e0:a7:9f:d6:f6:c6:
fa:a5:6d:74:97:29:0e:c9:9d:87:b8:87:2f:6e:2a:da:5c:6d:
6b:65:7d:07:82:b0:cc:e2:46:89:2b:ea:b8:14:ee:de:a0:e9:
59:3a:6d:05:8f:77:43:29:2b:79:3c:fe:83:c2:42:cb:57:f7:
c1:58:36:0f
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIJEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDMx
NDM4MzlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDkxQTBDNTg0MEI3NjBF
OTBBRjMyQ0U0NjlBQkREOTVGODJCQkZENTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDA06rGRguMzzcim+eRU5EtFFfuQ+/dA9XmQmydwLsqYNujgqp7
YOMKoCr8xfoKpppjOvCpuxKQLwBOtziSORD1WCPUrHCoMYk3dBvG+siTm8ppVtkY
25lDdKU+LH/ORsRwSyV0AGAZ/YfD5n3RRxAMIWtvZo5BtJ/2c+/u5VfELPoP/72T
WL8zRJpQ1DJT4OpfhegpCFogjbV+OVdg3o06B8R1oNaJuqhm99eYPK761rrMYFfZ
XjhHBFAfClO+uiFXgxpwQVnSv2bSYN0WlXOghuZpX2jQgGQPdbRsKuIxTqkn0zhk
NAgh9Snh8P56BMWES+kzGL2BUE6i1T0z7JkFAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUkaDFhAt2DpCvMs5Gmr3ZX4K7/VQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgva2FERmhBdDJEcEN2
TXM1R21yM1pYNEs3X1ZRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABihGKOX0mKHLDIQx8jWBo8W08Px
XAueNVMSppSxVwdHFY+lCy7ZlpLdpGzB7WXusPnk4hTXKO9pnrXfDpRCc31YkYGk
0iDSClZzuNT6ebzR5I76RIprJHwTxics127YHWDCC4yitC8jst+GrglQGafYu1i0
C1/UFxByG4IOR/+KQdtEJAGBd37ENVKxNTDP4LVUgTNMShYn2PrQ3Mc3iryC6XGV
katNtMjTd1FWmDcy3fuqDLOqN958OkKIv7oku+Cnn9b2xvqlbXSXKQ7JnYe4hy9u
KtpcbWtlfQeCsMziRokr6rgU7t6g6Vk6bQWPd0MpK3k8/oPCQstX98FYNg8=
-----END CERTIFICATE-----
Generated at Sun Jun 15 09:26:13 2025 by rpki-client