Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/n5y6DqHfyMSBwNlBl_KMVOGOgsY.roa
File: n5y6DqHfyMSBwNlBl_KMVOGOgsY.roa (raw, json)
Hash identifier: gF8neFFneyb2u3RpW+mx+AnJ+smx7Y78qNFUSJmp5pk=
Subject key identifier: 9F:9C:BA:0E:A1:DF:C8:C4:81:C0:D9:41:97:F2:8C:54:E1:8E:82:C6
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2031
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/n5y6DqHfyMSBwNlBl_KMVOGOgsY.roa
Signing time: Mon 02 Jun 2025 22:38:37 +0000
ROA not before: Mon 02 Jun 2025 22:38:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8241 (0x2031)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 2 22:38:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9F9CBA0EA1DFC8C481C0D94197F28C54E18E82C6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:dd:7c:7b:8b:d0:c4:f5:06:e7:c2:65:8a:8f:
95:e2:87:a9:a8:53:2c:3b:41:3c:a3:ba:80:ab:3d:
be:51:34:23:79:f6:d9:4f:95:21:73:50:25:78:32:
69:55:55:fc:f2:15:7a:34:af:2c:19:68:02:2f:96:
11:d3:e8:a5:04:ea:0f:64:45:5d:72:12:bc:15:3f:
b2:35:68:13:0c:33:9d:f6:84:4f:4c:17:e1:ba:e2:
b0:97:fe:5c:d5:a7:e7:b1:18:65:ec:d4:2e:a6:d6:
7b:45:8b:45:b0:cf:67:53:81:93:0b:e7:ba:ec:ea:
38:ae:f3:d3:94:dd:58:16:0b:c0:b9:83:04:c2:29:
63:a9:4d:32:75:64:03:1e:c8:16:4b:43:31:d7:12:
fb:c2:1d:2d:d7:28:0d:4d:dc:5c:e1:d1:2e:bf:38:
de:f4:98:49:b1:b2:10:a5:7b:cd:5c:8b:49:7f:60:
ec:95:12:92:b3:8b:1d:70:43:79:78:20:27:0c:b9:
a7:84:cd:e6:f8:b7:e6:ef:22:2b:57:90:91:6a:9d:
5c:e8:38:98:45:02:7e:ac:d3:a2:7c:da:e0:8c:cf:
39:b1:23:5b:0d:58:ba:8c:55:5c:da:08:48:42:5c:
24:70:1e:a0:3d:11:dc:0c:9c:dc:49:5f:e0:97:76:
8c:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:9C:BA:0E:A1:DF:C8:C4:81:C0:D9:41:97:F2:8C:54:E1:8E:82:C6
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/n5y6DqHfyMSBwNlBl_KMVOGOgsY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
b3:08:1d:44:64:b4:36:63:ee:95:62:2b:e9:3e:5e:00:a7:1d:
ca:bf:7a:c9:1c:d1:38:e2:d6:30:db:f5:3d:27:fb:98:57:fa:
c7:2d:65:2a:6f:54:3d:1e:9e:d9:9b:94:42:a1:ca:b3:b4:4f:
fc:17:55:13:bf:c4:f6:8f:72:1c:87:7f:b9:33:d0:24:21:83:
38:34:83:12:89:26:4f:20:ea:69:a5:72:37:14:71:0a:1b:f0:
04:be:90:e3:ef:53:61:4c:f9:92:5e:29:80:06:7a:4f:91:e9:
45:84:33:f9:48:7a:26:a5:ac:0f:bf:0d:9b:2f:b2:ef:5d:e8:
db:87:e0:aa:ff:05:8d:08:a6:6e:65:f0:c0:38:b9:b2:de:74:
2b:9c:ac:38:41:ab:8b:e4:a0:81:69:c2:12:a4:35:7a:41:fa:
1a:4b:61:f0:11:f3:f6:56:be:a4:06:57:59:80:8c:c7:94:db:
23:aa:3d:bc:9e:6a:90:08:f8:3a:7c:fe:07:c4:76:80:77:e6:
e5:55:0e:47:09:ac:79:24:74:8f:c4:73:a2:3e:20:fb:57:6e:
f5:d6:b4:f0:c3:d2:54:0a:8e:17:87:21:45:f6:ed:7a:bc:f9:
de:c9:78:03:bc:d3:95:c2:fe:36:56:74:43:60:31:0b:53:ac:
3b:af:5c:3c
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIDEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDIy
MjM4MzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDlGOUNCQTBFQTFERkM4
QzQ4MUMwRDk0MTk3RjI4QzU0RTE4RTgyQzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDC3Xx7i9DE9QbnwmWKj5Xih6moUyw7QTyjuoCrPb5RNCN59tlP
lSFzUCV4MmlVVfzyFXo0rywZaAIvlhHT6KUE6g9kRV1yErwVP7I1aBMMM532hE9M
F+G64rCX/lzVp+exGGXs1C6m1ntFi0Wwz2dTgZML57rs6jiu89OU3VgWC8C5gwTC
KWOpTTJ1ZAMeyBZLQzHXEvvCHS3XKA1N3Fzh0S6/ON70mEmxshCle81ci0l/YOyV
EpKzix1wQ3l4ICcMuaeEzeb4t+bvIitXkJFqnVzoOJhFAn6s06J82uCMzzmxI1sN
WLqMVVzaCEhCXCRwHqA9EdwMnNxJX+CXdoyrAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUn5y6DqHfyMSBwNlBl/KMVOGOgsYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvbjV5NkRxSGZ5TVNC
d05sQmxfS01WT0dPZ3NZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALMIHURktDZj7pViK+k+XgCnHcq/
eskc0Tji1jDb9T0n+5hX+sctZSpvVD0entmblEKhyrO0T/wXVRO/xPaPchyHf7kz
0CQhgzg0gxKJJk8g6mmlcjcUcQob8AS+kOPvU2FM+ZJeKYAGek+R6UWEM/lIeial
rA+/DZsvsu9d6NuH4Kr/BY0Ipm5l8MA4ubLedCucrDhBq4vkoIFpwhKkNXpB+hpL
YfAR8/ZWvqQGV1mAjMeU2yOqPbyeapAI+Dp8/gfEdoB35uVVDkcJrHkkdI/Ec6I+
IPtXbvXWtPDD0lQKjheHIUX27Xq8+d7JeAO805XC/jZWdENgMQtTrDuvXDw=
-----END CERTIFICATE-----
Generated at Sun Jun 22 16:48:54 2025 by rpki-client