Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/paRivya7tJGlHX6tKVyCSIOZm-U.roa
File: paRivya7tJGlHX6tKVyCSIOZm-U.roa (raw, json)
Hash identifier: kri4bqV2p/b1b6vkj8H6sqxnSCaBm8yNpfxuvt69a1M=
Subject key identifier: A5:A4:62:BF:26:BB:B4:91:A5:1D:7E:AD:29:5C:82:48:83:99:9B:E5
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 253A
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/paRivya7tJGlHX6tKVyCSIOZm-U.roa
Signing time: Wed 11 Jun 2025 21:39:16 +0000
ROA not before: Wed 11 Jun 2025 21:39:16 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9530 (0x253a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 11 21:39:16 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A5A462BF26BBB491A51D7EAD295C824883999BE5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:30:41:d8:fc:27:62:a7:60:ba:32:98:b3:31:
6c:e9:dc:cc:10:33:b7:3e:04:79:db:68:79:8b:ef:
75:12:c8:a3:32:cd:63:c3:a7:99:4d:22:76:8c:ee:
e1:65:2c:8f:86:83:1b:4f:94:e4:8f:64:dc:20:22:
a4:2a:df:4f:4d:cf:25:8d:21:df:f6:b4:3e:e0:ca:
35:da:26:b5:8c:0f:c0:81:b8:5c:ba:a5:2e:48:27:
7a:df:d6:77:af:5a:29:65:10:a2:58:31:b8:fa:f7:
cc:02:fb:86:70:b6:45:f9:7d:ef:cd:f7:b2:b4:bc:
d2:0c:20:cb:22:d1:ef:9a:c1:e4:71:bd:2c:44:02:
84:b8:cd:cd:1b:40:c3:86:9a:bc:64:7b:ec:20:c4:
f3:0f:f5:c1:bf:3e:de:3a:e6:57:af:cf:10:e6:85:
37:c0:fa:6a:23:3a:7b:70:41:25:4e:a2:0a:b8:79:
38:a9:69:1b:6e:dd:1d:94:a0:e2:76:d5:36:c7:8e:
1e:0a:99:3b:9a:b4:e4:0c:dd:98:21:eb:b5:c7:0a:
9e:3f:67:10:d8:36:e3:d9:76:34:81:2b:ee:a5:b3:
c6:b7:2d:5c:99:09:88:21:f2:50:37:65:ad:eb:a3:
96:7b:19:f8:8a:88:c0:ff:79:9e:a8:97:40:27:05:
51:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:A4:62:BF:26:BB:B4:91:A5:1D:7E:AD:29:5C:82:48:83:99:9B:E5
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/paRivya7tJGlHX6tKVyCSIOZm-U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
7e:b8:9f:3b:6a:fe:1c:b8:4b:ac:f8:d3:a6:03:7c:3b:d5:e6:
64:67:4e:c7:89:40:61:26:e4:d6:36:29:ea:b4:40:32:ae:df:
eb:b4:7e:b6:e7:8f:8d:4f:3f:48:68:49:28:4d:f6:56:08:91:
dc:19:90:1c:e9:37:2c:5e:4a:d2:26:0c:0f:66:f2:36:4e:83:
16:0a:9c:87:14:b8:cf:40:a2:52:5d:98:93:53:e1:cd:37:a5:
36:e2:8d:fa:11:b4:b4:9f:a6:66:5e:e8:30:de:2f:ce:d8:43:
7d:67:0f:2d:1a:2d:6b:32:4c:52:c8:9e:21:50:a9:b3:9e:b0:
50:c3:d7:03:7f:2d:50:0d:9f:0d:50:72:e7:f9:a2:db:a1:7f:
a7:9a:93:c3:19:45:88:60:aa:9b:18:57:e6:1c:e9:d0:88:b5:
90:ef:52:a7:28:96:e7:7f:00:3e:53:fd:46:09:7f:6f:ae:02:
10:f6:dd:7f:36:38:01:b0:c4:87:d5:5c:a8:fc:8c:39:a4:20:
e0:06:99:7c:91:a7:b2:fa:17:25:6b:78:2d:05:8d:f2:c1:20:
32:21:c2:32:68:d9:15:14:b0:c9:5c:34:17:09:b1:86:28:44:
d1:e3:cc:fc:07:1d:fb:f4:6f:e3:5a:f0:eb:1d:32:87:05:7b:
0a:ea:d5:d8
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJTowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTEy
MTM5MTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEE1QTQ2MkJGMjZCQkI0
OTFBNTFEN0VBRDI5NUM4MjQ4ODM5OTlCRTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9MEHY/Cdip2C6MpizMWzp3MwQM7c+BHnbaHmL73USyKMyzWPD
p5lNInaM7uFlLI+GgxtPlOSPZNwgIqQq309NzyWNId/2tD7gyjXaJrWMD8CBuFy6
pS5IJ3rf1nevWillEKJYMbj698wC+4ZwtkX5fe/N97K0vNIMIMsi0e+aweRxvSxE
AoS4zc0bQMOGmrxke+wgxPMP9cG/Pt465levzxDmhTfA+mojOntwQSVOogq4eTip
aRtu3R2UoOJ21TbHjh4KmTuatOQM3Zgh67XHCp4/ZxDYNuPZdjSBK+6ls8a3LVyZ
CYgh8lA3Za3ro5Z7GfiKiMD/eZ6ol0AnBVH9AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUpaRivya7tJGlHX6tKVyCSIOZm+UwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvcGFSaXZ5YTd0Skds
SFg2dEtWeUNTSU9abS1VLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAH64nztq/hy4S6z406YDfDvV5mRn
TseJQGEm5NY2Keq0QDKu3+u0frbnj41PP0hoSShN9lYIkdwZkBzpNyxeStImDA9m
8jZOgxYKnIcUuM9AolJdmJNT4c03pTbijfoRtLSfpmZe6DDeL87YQ31nDy0aLWsy
TFLIniFQqbOesFDD1wN/LVANnw1Qcuf5otuhf6eak8MZRYhgqpsYV+Yc6dCItZDv
Uqcolud/AD5T/UYJf2+uAhD23X82OAGwxIfVXKj8jDmkIOAGmXyRp7L6FyVreC0F
jfLBIDIhwjJo2RUUsMlcNBcJsYYoRNHjzPwHHfv0b+Na8OsdMocFewrq1dg=
-----END CERTIFICATE-----
Generated at Fri Jun 20 16:32:55 2025 by rpki-client