Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/pR2kLTqaVY-O6UPCype8yE15l3U.roa
File: pR2kLTqaVY-O6UPCype8yE15l3U.roa (raw, json)
Hash identifier: dsF4rYj+yTHMKS5m1MPKs1B8jzeulqZNO+VVAlgdQVw=
Subject key identifier: A5:1D:A4:2D:3A:9A:55:8F:8E:E9:43:C2:CA:97:BC:C8:4D:79:97:75
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 26A9
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/pR2kLTqaVY-O6UPCype8yE15l3U.roa
Signing time: Sat 14 Jun 2025 10:39:18 +0000
ROA not before: Sat 14 Jun 2025 10:39:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9897 (0x26a9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 14 10:39:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A51DA42D3A9A558F8EE943C2CA97BCC84D799775
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:20:a2:ef:f3:d4:17:1c:99:0c:1c:cf:61:68:
31:16:cb:78:f6:5e:ef:cd:c1:15:12:f8:0e:44:6d:
07:36:e2:ac:a9:b8:d4:44:23:f6:26:e6:fd:32:30:
7c:5c:bd:21:67:6e:dc:21:ef:d5:89:a4:46:0f:76:
0d:6c:f3:58:14:af:0d:7d:b1:f4:62:6f:c5:8d:21:
e4:07:68:56:6e:d3:4f:5b:73:aa:c4:c3:16:18:bf:
11:18:b0:d3:78:e9:01:fb:ea:84:3f:1c:9a:6f:a8:
eb:05:5f:44:d4:e2:65:b8:7e:cd:02:6b:b4:46:ab:
35:9f:53:cf:89:dd:e2:6f:90:40:e0:48:32:f9:63:
8b:9b:e8:d7:c2:90:99:2f:11:b6:0c:c8:0f:fa:da:
59:eb:f2:30:bb:d9:06:b2:b5:24:42:53:d4:88:66:
db:2a:7c:06:5d:dc:21:b7:f4:90:76:a2:e7:cf:33:
9f:8a:be:48:b9:87:e5:e9:4d:ae:4d:8a:9e:5b:14:
5c:71:d6:5a:03:63:97:c5:b3:65:a3:30:7d:fa:3f:
94:52:67:0d:89:3a:1e:3f:0b:95:aa:82:34:59:5a:
2b:88:fb:59:ea:2a:5a:0d:b3:01:9d:69:ab:d2:be:
1d:f3:f4:d5:a8:c2:26:e2:50:8e:41:27:c5:5f:bb:
99:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:1D:A4:2D:3A:9A:55:8F:8E:E9:43:C2:CA:97:BC:C8:4D:79:97:75
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/pR2kLTqaVY-O6UPCype8yE15l3U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
73:dc:d0:3d:cc:51:55:8c:2e:04:29:20:82:cb:74:91:6b:71:
a3:a5:a5:4d:9c:28:c9:bf:f4:ad:a9:cf:a7:40:4a:5e:8b:8d:
e6:88:e3:5a:41:ab:5e:c1:e6:67:5f:28:02:c3:69:e7:8e:c3:
fc:b5:14:73:54:5f:99:18:92:a5:5a:d2:11:8c:a1:46:ad:fe:
db:80:42:9e:a2:eb:dc:7e:92:7c:4d:83:10:af:5f:74:cb:5e:
27:a0:ae:42:9d:b6:97:f7:b8:ac:60:cf:a7:6c:0f:f3:07:50:
8f:d0:55:37:35:0f:37:b9:bd:70:0b:52:2a:e4:33:0e:35:9c:
45:5b:1c:5b:6c:6f:0a:b4:4d:4a:cc:84:ff:ec:5c:de:7f:21:
5a:dd:c1:25:0d:5f:eb:cd:af:2f:c9:6b:12:c3:6c:7f:7c:4b:
a4:d5:d0:7e:2d:e7:b0:99:b7:1b:6d:eb:96:a4:bb:93:e4:c6:
c2:e9:5c:91:ad:a5:f2:2a:62:36:a7:dd:04:a5:85:a1:3f:42:
09:a4:12:b1:8b:16:14:9b:dc:14:38:b1:38:57:29:80:d7:54:
52:ed:2f:58:6c:05:e1:10:55:b0:fd:9a:f5:d1:e4:22:0f:6f:
4f:57:d9:a2:6a:e4:5b:5b:c1:51:77:04:06:95:83:55:b0:03:
02:e0:04:70
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJqkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTQx
MDM5MThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEE1MURBNDJEM0E5QTU1
OEY4RUU5NDNDMkNBOTdCQ0M4NEQ3OTk3NzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKIKLv89QXHJkMHM9haDEWy3j2Xu/NwRUS+A5EbQc24qypuNRE
I/Ym5v0yMHxcvSFnbtwh79WJpEYPdg1s81gUrw19sfRib8WNIeQHaFZu009bc6rE
wxYYvxEYsNN46QH76oQ/HJpvqOsFX0TU4mW4fs0Ca7RGqzWfU8+J3eJvkEDgSDL5
Y4ub6NfCkJkvEbYMyA/62lnr8jC72QaytSRCU9SIZtsqfAZd3CG39JB2oufPM5+K
vki5h+XpTa5Nip5bFFxx1loDY5fFs2WjMH36P5RSZw2JOh4/C5WqgjRZWiuI+1nq
KloNswGdaavSvh3z9NWowibiUI5BJ8Vfu5mHAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUpR2kLTqaVY+O6UPCype8yE15l3UwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvcFIya0xUcWFWWS1P
NlVQQ3lwZTh5RTE1bDNVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAHPc0D3MUVWMLgQpIILLdJFrcaOl
pU2cKMm/9K2pz6dASl6LjeaI41pBq17B5mdfKALDaeeOw/y1FHNUX5kYkqVa0hGM
oUat/tuAQp6i69x+knxNgxCvX3TLXiegrkKdtpf3uKxgz6dsD/MHUI/QVTc1Dze5
vXALUirkMw41nEVbHFtsbwq0TUrMhP/sXN5/IVrdwSUNX+vNry/JaxLDbH98S6TV
0H4t57CZtxtt65aku5PkxsLpXJGtpfIqYjan3QSlhaE/QgmkErGLFhSb3BQ4sThX
KYDXVFLtL1hsBeEQVbD9mvXR5CIPb09X2aJq5FtbwVF3BAaVg1WwAwLgBHA=
-----END CERTIFICATE-----
Generated at Sat Jun 21 14:48:44 2025 by rpki-client