Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/paJpKsE0mfi2aegKX1lPQpq5De8.roa
File: paJpKsE0mfi2aegKX1lPQpq5De8.roa (raw, json)
Hash identifier: AM141yovt04FK0nFq/MjAfe1QibSi5lhnj2iMRd+BL4=
Subject key identifier: A5:A2:69:2A:C1:34:99:F8:B6:69:E8:0A:5F:59:4F:42:9A:B9:0D:EF
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2654
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/paJpKsE0mfi2aegKX1lPQpq5De8.roa
Signing time: Fri 13 Jun 2025 20:39:17 +0000
ROA not before: Fri 13 Jun 2025 20:39:17 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9812 (0x2654)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 20:39:17 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A5A2692AC13499F8B669E80A5F594F429AB90DEF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:7f:c6:d9:5c:01:eb:4d:d6:bd:cd:2e:bc:9a:
a4:dd:33:90:e9:b1:f6:d3:c2:2f:95:00:92:86:92:
b3:d8:5c:35:21:21:4e:3f:15:09:a7:87:2f:98:d3:
b2:f2:97:d5:b0:78:ef:d4:0f:32:96:2c:c9:d0:bc:
2c:44:8b:27:7f:d1:26:8e:d4:02:2f:3a:0c:c6:fb:
47:95:3a:58:b0:a2:38:30:ad:90:1a:cb:2d:25:c2:
a9:7c:9f:58:d8:88:b3:42:3c:2d:86:33:b3:b0:52:
8c:e6:ff:26:98:0d:b0:94:43:40:c6:c9:0c:c0:74:
61:9c:22:ca:7e:73:9b:5c:4e:a2:0c:4a:ac:82:f0:
d0:b2:7d:06:dc:70:10:47:34:da:cf:52:a9:75:53:
62:cd:cc:e4:ea:10:7c:50:ed:ae:dd:f2:0a:89:8d:
99:ce:55:99:1e:49:f6:2b:5a:cc:78:5d:35:8e:5f:
ff:1c:52:c6:a1:95:d8:f2:c4:b2:4f:30:d6:7f:3d:
a2:ee:78:0b:99:73:58:fe:51:12:7b:52:30:7a:18:
74:3b:c2:72:b7:e6:a1:e3:7e:07:b6:30:dd:7c:fa:
92:57:70:ce:e2:ba:88:bb:be:35:ac:70:a4:3c:b1:
b2:81:05:8e:f8:c2:28:b4:4e:8c:dd:56:b8:83:64:
43:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:A2:69:2A:C1:34:99:F8:B6:69:E8:0A:5F:59:4F:42:9A:B9:0D:EF
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/paJpKsE0mfi2aegKX1lPQpq5De8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
88:e5:04:b6:00:09:56:4e:96:86:b3:65:57:20:16:38:5c:b3:
e9:9b:d7:1a:74:5b:bd:13:12:45:88:79:c7:2d:9f:ef:4e:80:
76:c3:a9:4c:3d:b1:11:1e:b4:04:56:4a:ba:e6:4d:3f:21:2f:
19:b3:69:b6:75:ea:ab:7e:9f:ad:80:8e:ee:07:6f:c0:a9:a8:
ec:6b:75:ac:b6:43:b3:a7:e0:73:29:0d:76:e6:2f:1e:54:bb:
57:09:0c:6b:d9:0e:21:5f:d0:64:7e:88:75:98:59:0b:43:18:
7c:c2:70:aa:82:53:a7:19:89:4f:ae:6c:3a:0e:c3:f9:71:22:
01:35:ad:4a:a0:1d:97:f4:db:be:f2:a6:d8:4f:ac:50:e4:95:
29:d0:bd:cf:fe:0f:0f:dd:7e:ea:13:b2:bc:16:38:7b:ba:a1:
ed:1f:45:52:dd:2d:46:9f:b3:11:ab:d9:8b:e4:1d:7e:21:a4:
40:b5:e7:90:c0:1c:22:0f:5d:ad:77:ab:97:74:16:81:45:55:
01:68:5e:ac:45:33:25:b0:3c:08:ec:08:1e:b1:25:80:0e:dd:
8a:f8:53:0c:00:80:28:9d:9c:91:18:f2:68:0c:e8:90:0d:9a:
75:6f:01:6a:d0:3c:f8:f0:80:3a:d7:95:18:bb:7a:c0:f8:38:
c0:36:d1:f1
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJlQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMy
MDM5MTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEE1QTI2OTJBQzEzNDk5
RjhCNjY5RTgwQTVGNTk0RjQyOUFCOTBERUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCnf8bZXAHrTda9zS68mqTdM5DpsfbTwi+VAJKGkrPYXDUhIU4/
FQmnhy+Y07Lyl9WweO/UDzKWLMnQvCxEiyd/0SaO1AIvOgzG+0eVOliwojgwrZAa
yy0lwql8n1jYiLNCPC2GM7OwUozm/yaYDbCUQ0DGyQzAdGGcIsp+c5tcTqIMSqyC
8NCyfQbccBBHNNrPUql1U2LNzOTqEHxQ7a7d8gqJjZnOVZkeSfYrWsx4XTWOX/8c
UsahldjyxLJPMNZ/PaLueAuZc1j+URJ7UjB6GHQ7wnK35qHjfge2MN18+pJXcM7i
uoi7vjWscKQ8sbKBBY74wii0TozdVriDZEM7AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUpaJpKsE0mfi2aegKX1lPQpq5De8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvcGFKcEtzRTBtZmky
YWVnS1gxbFBRcHE1RGU4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAIjlBLYACVZOloazZVcgFjhcs+mb
1xp0W70TEkWIecctn+9OgHbDqUw9sREetARWSrrmTT8hLxmzabZ16qt+n62Aju4H
b8CpqOxrday2Q7On4HMpDXbmLx5Uu1cJDGvZDiFf0GR+iHWYWQtDGHzCcKqCU6cZ
iU+ubDoOw/lxIgE1rUqgHZf0277ypthPrFDklSnQvc/+Dw/dfuoTsrwWOHu6oe0f
RVLdLUafsxGr2YvkHX4hpEC155DAHCIPXa13q5d0FoFFVQFoXqxFMyWwPAjsCB6x
JYAO3Yr4UwwAgCidnJEY8mgM6JANmnVvAWrQPPjwgDrXlRi7esD4OMA20fE=
-----END CERTIFICATE-----
Generated at Sat Jun 21 20:31:29 2025 by rpki-client