Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/kb7kOFCe45jdoFAvJUnz8-qG7xU.roa
File: kb7kOFCe45jdoFAvJUnz8-qG7xU.roa (raw, json)
Hash identifier: vX20Z0hlxsf803MdBIAzmUnhjWU1Wxy5rY1TbvwiRts=
Subject key identifier: 91:BE:E4:38:50:9E:E3:98:DD:A0:50:2F:25:49:F3:F3:EA:86:EF:15
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1F40
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/kb7kOFCe45jdoFAvJUnz8-qG7xU.roa
Signing time: Sun 01 Jun 2025 06:38:37 +0000
ROA not before: Sun 01 Jun 2025 06:38:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8000 (0x1f40)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 1 06:38:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=91BEE438509EE398DDA0502F2549F3F3EA86EF15
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:10:d3:55:f8:eb:4c:7a:4a:05:51:e1:b5:28:
18:8d:ce:ca:92:6d:db:68:6c:4f:48:b4:7d:7f:7b:
ad:67:e6:f6:97:92:3a:8d:6d:a5:6c:9a:54:36:3b:
25:d6:65:91:33:81:b0:cd:e0:93:b7:90:6d:1d:34:
0b:3b:b5:e8:c7:2f:28:59:be:52:da:d2:83:e2:73:
08:b8:03:53:52:ba:0b:b2:e7:fd:d4:b8:81:58:00:
7a:b6:07:08:20:4b:a7:bf:a9:b8:a1:22:64:db:5e:
ff:66:1e:d9:15:aa:09:03:f7:f9:48:69:b0:43:80:
ae:f5:51:35:84:e5:80:94:a1:2e:bd:38:8a:04:c3:
34:1e:9e:b5:6f:3e:49:74:25:99:d1:ad:83:c2:f2:
26:52:49:b7:47:82:b8:8a:c6:9d:8b:56:e0:e9:1a:
a4:94:1e:f2:48:a0:2a:da:cb:33:69:3d:77:a4:68:
f4:60:59:56:c7:ee:2b:09:3e:aa:21:80:5e:83:c5:
f7:2c:39:6c:a7:56:48:19:6e:23:f6:ad:3d:e0:cb:
b3:6b:fb:2a:53:6c:81:de:14:8a:17:40:3c:a3:80:
c6:f2:5e:4a:84:29:ee:4d:c3:80:dc:f6:de:53:b2:
fa:5a:2a:7b:a8:6a:57:f4:05:91:93:f9:4f:69:e5:
85:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:BE:E4:38:50:9E:E3:98:DD:A0:50:2F:25:49:F3:F3:EA:86:EF:15
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/kb7kOFCe45jdoFAvJUnz8-qG7xU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
15:40:80:72:75:b5:09:c3:f2:41:4f:e9:79:d9:42:40:e5:42:
76:5c:9c:24:c1:67:44:c0:f5:3f:1f:fd:98:f0:a2:9f:bf:6b:
02:3d:68:a7:89:f8:ec:38:cb:eb:14:57:02:84:0d:1a:5b:29:
02:9d:0a:4b:37:12:53:8c:49:3b:86:46:89:c9:b4:f1:c5:b3:
d0:8b:d5:dc:d9:7a:31:31:55:99:27:0d:dc:99:f0:95:3e:ec:
e6:ee:9e:96:22:32:97:26:6e:a3:d6:81:22:c3:73:ed:94:7a:
22:6f:b9:14:26:e7:62:7b:ec:2e:a1:8b:55:9b:ef:94:a2:27:
73:3a:06:23:9c:42:41:3c:56:ce:6e:c0:8b:e9:34:4e:a2:fb:
74:16:91:10:b0:26:3f:c7:83:de:08:1f:08:8a:e5:f1:43:ce:
23:09:55:6b:34:d6:25:02:06:36:05:58:f2:96:6c:ed:f4:48:
6d:34:55:78:ad:37:c9:8f:c2:45:6b:a1:fe:2c:cf:40:70:4e:
ab:62:6e:e6:01:33:b9:1e:ac:19:68:ca:7f:83:56:6c:05:7d:
1f:a7:66:20:1e:80:77:df:ed:17:a8:88:ef:17:41:23:b5:cb:
b3:44:44:e2:cd:35:25:3e:8f:87:14:27:5a:cf:ed:4c:11:f9:
8f:8c:27:d5
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICH0AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDEw
NjM4MzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDkxQkVFNDM4NTA5RUUz
OThEREEwNTAyRjI1NDlGM0YzRUE4NkVGMTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6ENNV+OtMekoFUeG1KBiNzsqSbdtobE9ItH1/e61n5vaXkjqN
baVsmlQ2OyXWZZEzgbDN4JO3kG0dNAs7tejHLyhZvlLa0oPicwi4A1NSuguy5/3U
uIFYAHq2BwggS6e/qbihImTbXv9mHtkVqgkD9/lIabBDgK71UTWE5YCUoS69OIoE
wzQenrVvPkl0JZnRrYPC8iZSSbdHgriKxp2LVuDpGqSUHvJIoCrayzNpPXekaPRg
WVbH7isJPqohgF6DxfcsOWynVkgZbiP2rT3gy7Nr+ypTbIHeFIoXQDyjgMbyXkqE
Ke5Nw4Dc9t5TsvpaKnuoalf0BZGT+U9p5YUJAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUkb7kOFCe45jdoFAvJUnz8+qG7xUwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgva2I3a09GQ2U0NWpk
b0ZBdkpVbno4LXFHN3hVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABVAgHJ1tQnD8kFP6XnZQkDlQnZc
nCTBZ0TA9T8f/Zjwop+/awI9aKeJ+Ow4y+sUVwKEDRpbKQKdCks3ElOMSTuGRonJ
tPHFs9CL1dzZejExVZknDdyZ8JU+7ObunpYiMpcmbqPWgSLDc+2UeiJvuRQm52J7
7C6hi1Wb75SiJ3M6BiOcQkE8Vs5uwIvpNE6i+3QWkRCwJj/Hg94IHwiK5fFDziMJ
VWs01iUCBjYFWPKWbO30SG00VXitN8mPwkVrof4sz0BwTqtibuYBM7kerBloyn+D
VmwFfR+nZiAegHff7ReoiO8XQSO1y7NEROLNNSU+j4cUJ1rP7UwR+Y+MJ9U=
-----END CERTIFICATE-----
Generated at Fri Jun 20 12:04:32 2025 by rpki-client