Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/q94TiS4O1CnMPZHLKzvZxYyIDqU.roa
File: q94TiS4O1CnMPZHLKzvZxYyIDqU.roa (raw, json)
Hash identifier: z1JQ+jrd1/l004nA5oNjQfwHm+B/kLxuo1THzRK+GGw=
Subject key identifier: AB:DE:13:89:2E:0E:D4:29:CC:3D:91:CB:2B:3B:D9:C5:8C:88:0E:A5
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2106
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/q94TiS4O1CnMPZHLKzvZxYyIDqU.roa
Signing time: Wed 04 Jun 2025 10:08:47 +0000
ROA not before: Wed 04 Jun 2025 10:08:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8454 (0x2106)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 4 10:08:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=ABDE13892E0ED429CC3D91CB2B3BD9C58C880EA5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:5b:a0:f2:9e:a0:c4:f9:01:d4:d8:81:cf:39:
fe:2b:98:10:cd:4c:c4:36:0a:89:ed:00:34:d3:b5:
55:9d:d3:aa:97:75:9a:58:be:b9:23:90:85:ec:15:
c2:a8:bc:94:cd:f8:3f:ad:2c:05:ab:da:17:a2:47:
6c:72:fd:40:3c:f9:a0:a3:a5:ec:33:7e:23:8e:64:
cc:b4:d5:22:18:e8:f6:5d:62:f4:26:51:7a:ab:2a:
f0:5c:0a:9b:f9:05:4c:8c:84:a1:71:ae:0e:a6:17:
93:5d:ed:58:91:33:fc:13:de:a2:44:c4:22:00:03:
a0:61:b3:84:a1:33:eb:e0:de:63:94:a0:5e:8d:bb:
02:5e:f6:f6:0a:7b:da:9c:2d:92:bb:26:d3:8a:58:
36:be:61:0d:3f:89:fd:be:02:94:e8:6b:e4:26:8e:
d5:97:d3:34:c3:18:ee:d7:7a:3f:45:96:4b:26:35:
86:0f:54:86:0f:3f:95:88:0f:1b:09:cf:5c:17:e0:
a9:4c:41:3b:47:f2:bf:7b:a9:c2:90:76:36:c4:e1:
85:ed:16:1d:df:c6:59:a1:4a:68:dc:4e:e9:60:7b:
73:80:3c:32:37:0e:70:24:9c:c7:99:13:d2:44:72:
92:f0:5c:60:3d:75:38:d4:4a:d7:89:77:8e:78:7e:
78:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:DE:13:89:2E:0E:D4:29:CC:3D:91:CB:2B:3B:D9:C5:8C:88:0E:A5
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/q94TiS4O1CnMPZHLKzvZxYyIDqU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
ad:3e:d9:18:af:81:f4:82:5b:db:ed:b0:f4:71:ca:d1:16:88:
13:2a:84:e2:7e:30:38:e3:36:5f:9f:d2:95:4e:df:2a:74:eb:
33:99:ab:23:1f:5d:a9:ff:3a:bb:c8:67:e3:cc:db:cd:57:74:
2f:85:da:a2:17:25:12:74:ac:8e:2b:84:d9:5d:fd:7d:31:eb:
61:cc:9f:29:2f:69:56:5a:78:bc:0f:fa:71:5e:4e:73:f5:a5:
31:d8:af:51:5e:d4:31:fb:39:68:a1:cc:ff:bb:a7:78:c8:d5:
e0:52:3f:74:83:d2:e4:bb:15:1f:ad:76:54:7b:23:3d:e1:f0:
92:ce:89:62:b1:49:c2:2c:bf:d4:a0:24:65:93:19:62:a1:fc:
84:da:6e:02:90:2c:5b:e0:3b:d4:99:a8:c7:bc:f0:b1:96:a4:
c8:58:8b:40:09:5f:df:68:55:b4:6f:d2:09:28:35:f2:ac:54:
71:d8:23:ce:23:b8:87:77:0a:ce:53:63:d8:f8:4f:74:e1:72:
50:ed:ef:94:d0:c6:18:fb:0e:a4:ec:6d:ae:ff:a1:cd:3f:61:
9b:bb:96:39:28:a1:d3:b2:5b:20:69:80:13:1a:03:7a:84:a0:
64:4a:0d:d5:ea:50:30:c0:30:a8:aa:59:ed:15:a1:19:51:e9:
53:59:e3:07
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIQYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDQx
MDA4NDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFCREUxMzg5MkUwRUQ0
MjlDQzNEOTFDQjJCM0JEOUM1OEM4ODBFQTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSW6DynqDE+QHU2IHPOf4rmBDNTMQ2ContADTTtVWd06qXdZpY
vrkjkIXsFcKovJTN+D+tLAWr2heiR2xy/UA8+aCjpewzfiOOZMy01SIY6PZdYvQm
UXqrKvBcCpv5BUyMhKFxrg6mF5Nd7ViRM/wT3qJExCIAA6Bhs4ShM+vg3mOUoF6N
uwJe9vYKe9qcLZK7JtOKWDa+YQ0/if2+ApToa+QmjtWX0zTDGO7Xej9FlksmNYYP
VIYPP5WIDxsJz1wX4KlMQTtH8r97qcKQdjbE4YXtFh3fxlmhSmjcTulge3OAPDI3
DnAknMeZE9JEcpLwXGA9dTjUSteJd454fng/AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUq94TiS4O1CnMPZHLKzvZxYyIDqUwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvcTk0VGlTNE8xQ25N
UFpITEt6dlp4WXlJRHFVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAK0+2RivgfSCW9vtsPRxytEWiBMq
hOJ+MDjjNl+f0pVO3yp06zOZqyMfXan/OrvIZ+PM281XdC+F2qIXJRJ0rI4rhNld
/X0x62HMnykvaVZaeLwP+nFeTnP1pTHYr1Fe1DH7OWihzP+7p3jI1eBSP3SD0uS7
FR+tdlR7Iz3h8JLOiWKxScIsv9SgJGWTGWKh/ITabgKQLFvgO9SZqMe88LGWpMhY
i0AJX99oVbRv0gkoNfKsVHHYI84juId3Cs5TY9j4T3ThclDt75TQxhj7DqTsba7/
oc0/YZu7ljkoodOyWyBpgBMaA3qEoGRKDdXqUDDAMKiqWe0VoRlR6VNZ4wc=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:16:03 2025 by rpki-client