Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/kcaxXmYEp1uOypAO6msft21uNRk.roa
File: kcaxXmYEp1uOypAO6msft21uNRk.roa (raw, json)
Hash identifier: FvEcYDeUu1xUh0UBynsbaGxbOnTo31o/6CCvySZe6VU=
Subject key identifier: 91:C6:B1:5E:66:04:A7:5B:8E:CA:90:0E:EA:6B:1F:B7:6D:6E:35:19
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2028
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/kcaxXmYEp1uOypAO6msft21uNRk.roa
Signing time: Mon 02 Jun 2025 21:08:37 +0000
ROA not before: Mon 02 Jun 2025 21:08:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8232 (0x2028)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 2 21:08:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=91C6B15E6604A75B8ECA900EEA6B1FB76D6E3519
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:51:26:58:25:e4:4f:99:76:62:d6:8c:97:7f:
af:cc:d0:cb:25:dd:6d:2f:cd:19:b8:52:45:cb:33:
5d:fb:68:56:5c:ca:6e:d8:42:14:ec:c7:b1:05:03:
06:ea:bc:8c:e9:48:99:3a:9f:6f:44:4f:a4:c9:c3:
32:3e:7b:5c:85:6d:a7:b7:7b:77:02:27:18:7f:62:
ea:01:49:88:1b:fb:b4:af:ba:2a:d9:74:46:5a:f5:
e3:b2:29:ca:ed:e0:25:76:6e:e3:f1:53:65:fe:fa:
95:1a:5d:57:dd:b0:b1:a7:7d:04:a0:4b:02:d5:af:
61:42:9d:ac:fe:82:8a:7b:65:61:6d:c1:7e:4c:af:
03:d5:31:c7:6e:15:b0:13:7c:83:4a:bb:2c:94:14:
37:ba:35:f0:6b:9a:6b:fe:69:5d:4d:77:eb:85:5e:
4e:9a:9b:c7:71:b0:f2:a7:e3:30:25:85:71:85:a5:
9f:2f:6a:d7:be:33:46:be:3e:5b:0a:df:26:cf:d0:
50:bc:e8:57:da:3c:f9:8c:ee:55:89:5a:cf:b0:be:
c7:c5:67:d6:c3:03:1c:0c:1c:57:fa:9e:58:4b:c8:
2b:9d:b0:fe:88:4c:de:5f:a9:1e:40:8a:4d:fa:d0:
5c:d2:4e:5c:32:d4:c3:22:95:22:f6:a8:51:bc:d0:
af:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:C6:B1:5E:66:04:A7:5B:8E:CA:90:0E:EA:6B:1F:B7:6D:6E:35:19
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/kcaxXmYEp1uOypAO6msft21uNRk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
40:eb:8b:96:97:56:85:51:80:40:27:bd:66:08:5f:ca:59:19:
90:d9:93:d5:2d:9b:de:5a:46:d1:93:a5:ea:00:93:6a:f9:c0:
47:17:86:81:27:b6:67:5e:12:d3:be:f5:94:4d:fd:25:7c:e7:
ab:10:a8:3c:a3:0e:d1:b3:f2:52:17:cb:08:a5:7c:cd:66:f7:
c2:b5:59:7c:b9:b5:42:35:ec:d1:b2:76:48:ca:d1:f7:3e:c9:
30:91:c2:98:67:b7:a4:70:40:b5:f6:fc:57:29:8e:8f:f3:fb:
dc:e1:92:f0:16:55:eb:30:65:b6:27:46:02:b6:f1:b5:9d:88:
6d:3e:e7:5f:6e:26:c2:16:bd:23:8c:41:15:6f:8e:31:3c:ef:
59:bc:1e:16:1f:03:9f:1d:d7:c6:cd:e4:9c:bf:8f:69:ea:2f:
a8:9b:0a:84:f0:1e:b2:c9:24:a5:b2:bb:2e:ee:b9:0c:a6:02:
64:c2:50:e5:be:d9:c6:1a:4b:28:b9:4d:f8:a0:36:c2:e5:0d:
8b:63:c9:89:27:46:e7:00:2c:28:60:9b:d6:af:8d:c3:a5:db:
a8:d5:65:c9:ed:cd:f8:ac:0e:98:d2:a4:3c:f4:9a:19:c7:70:
e5:f8:95:21:32:7a:94:56:2b:4f:24:eb:d7:e9:b1:b6:63:3b:
47:14:a9:9a
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICICgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDIy
MTA4MzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDkxQzZCMTVFNjYwNEE3
NUI4RUNBOTAwRUVBNkIxRkI3NkQ2RTM1MTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAUSZYJeRPmXZi1oyXf6/M0Msl3W0vzRm4UkXLM137aFZcym7Y
QhTsx7EFAwbqvIzpSJk6n29ET6TJwzI+e1yFbae3e3cCJxh/YuoBSYgb+7SvuirZ
dEZa9eOyKcrt4CV2buPxU2X++pUaXVfdsLGnfQSgSwLVr2FCnaz+gop7ZWFtwX5M
rwPVMcduFbATfINKuyyUFDe6NfBrmmv+aV1Nd+uFXk6am8dxsPKn4zAlhXGFpZ8v
ate+M0a+PlsK3ybP0FC86FfaPPmM7lWJWs+wvsfFZ9bDAxwMHFf6nlhLyCudsP6I
TN5fqR5Aik360FzSTlwy1MMilSL2qFG80K97AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUkcaxXmYEp1uOypAO6msft21uNRkwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgva2NheFhtWUVwMXVP
eXBBTzZtc2Z0MjF1TlJrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAEDri5aXVoVRgEAnvWYIX8pZGZDZ
k9Utm95aRtGTpeoAk2r5wEcXhoEntmdeEtO+9ZRN/SV856sQqDyjDtGz8lIXywil
fM1m98K1WXy5tUI17NGydkjK0fc+yTCRwphnt6RwQLX2/Fcpjo/z+9zhkvAWVesw
ZbYnRgK28bWdiG0+519uJsIWvSOMQRVvjjE871m8HhYfA58d18bN5Jy/j2nqL6ib
CoTwHrLJJKWyuy7uuQymAmTCUOW+2cYaSyi5TfigNsLlDYtjyYknRucALChgm9av
jcOl26jVZcntzfisDpjSpDz0mhnHcOX4lSEyepRWK08k69fpsbZjO0cUqZo=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:07:44 2025 by rpki-client