Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/rFqRtGomxkBVPtJalluD-FLhvkQ.roa
File: rFqRtGomxkBVPtJalluD-FLhvkQ.roa (raw, json)
Hash identifier: pa0bIOVrOVj49yukPEVG2G0FIo6dFJa5D/hmqmA/ST0=
Subject key identifier: AC:5A:91:B4:6A:26:C6:40:55:3E:D2:5A:96:5B:83:F8:52:E1:BE:44
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 25EB
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/rFqRtGomxkBVPtJalluD-FLhvkQ.roa
Signing time: Fri 13 Jun 2025 03:31:47 +0000
ROA not before: Fri 13 Jun 2025 03:31:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9707 (0x25eb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 03:31:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=AC5A91B46A26C640553ED25A965B83F852E1BE44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:c1:4c:ff:1d:1b:aa:c6:5c:44:3f:fc:b3:d3:
25:32:21:84:c1:58:a9:e0:2b:15:91:17:e0:8a:f2:
a9:09:f7:11:5c:b9:f5:b8:0c:74:14:29:ee:1e:0e:
e5:20:95:96:03:b5:51:74:53:8b:7c:b2:fc:cb:3a:
c8:8d:89:98:af:0e:2d:d2:0b:15:0e:3f:c4:32:75:
a1:d1:35:bb:0c:8e:d3:80:cf:01:3f:01:5d:2b:3f:
d0:57:14:82:38:4f:7f:33:35:bd:c1:71:5d:5b:77:
d1:40:8b:48:9e:d9:40:b4:2c:26:58:46:db:2e:8f:
a0:e0:e1:5d:c7:75:e7:7f:89:02:78:90:f8:68:1f:
ac:2d:7c:a7:35:34:67:f0:65:d9:77:fe:6b:d8:bd:
04:73:28:0f:b8:00:fb:75:5a:01:31:4c:0d:f0:24:
71:79:f8:34:ff:b7:49:b2:c3:b1:16:43:38:e7:5e:
51:2b:f2:e8:81:37:4f:1c:87:3e:de:73:14:cb:5f:
11:ca:da:b1:49:3b:b7:de:94:1c:85:4c:1d:71:e2:
a5:9a:b0:1a:6e:a2:db:36:73:b5:91:2f:88:67:54:
3b:08:96:74:e7:25:65:6c:00:53:54:60:09:d7:64:
cf:44:27:73:db:26:eb:e7:7a:58:68:70:b7:bf:c8:
8a:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:5A:91:B4:6A:26:C6:40:55:3E:D2:5A:96:5B:83:F8:52:E1:BE:44
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/rFqRtGomxkBVPtJalluD-FLhvkQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
80:20:6b:37:df:6c:39:8e:a4:53:f3:7a:72:69:9b:f4:6b:10:
da:b4:70:b6:07:74:b5:a4:84:ba:52:63:0b:f6:2b:8b:5c:83:
cd:e4:18:58:1f:e2:e8:19:0f:21:eb:bb:f4:14:a2:39:6b:36:
7b:dc:7c:5c:bf:29:02:c4:de:c9:0b:58:2a:30:19:b5:b9:83:
ca:3e:85:be:c0:fb:6b:20:e1:89:96:7d:b0:2c:f4:9e:eb:74:
ce:78:40:fa:7d:cc:e0:9d:67:25:22:03:72:49:69:c5:11:2f:
4c:54:a8:c4:f1:4f:8e:20:19:01:9b:14:07:e7:b9:b7:c0:e4:
a5:55:cc:74:3c:b2:32:26:43:1b:98:9e:0f:92:cf:3a:c6:f3:
c0:cc:e6:dc:60:85:3b:8c:94:24:a4:1e:bc:40:16:1f:e4:a2:
3f:f1:46:cf:72:d5:e1:bb:a1:5d:2d:55:d2:8a:1b:94:94:6e:
28:52:6f:7a:ca:95:85:6d:fb:3d:8d:72:bb:75:1f:cc:d2:ea:
60:3e:bf:c2:89:b3:8a:1a:41:40:60:65:f3:9f:75:8e:e6:a9:
e8:23:26:2b:6f:5d:ae:34:2d:f6:f1:5e:87:25:53:d7:b2:18:
65:f9:dc:85:e0:73:66:dc:5b:23:a7:23:fb:60:c1:3c:ce:28:
8c:a9:cd:69
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJeswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMw
MzMxNDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFDNUE5MUI0NkEyNkM2
NDA1NTNFRDI1QTk2NUI4M0Y4NTJFMUJFNDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtwUz/HRuqxlxEP/yz0yUyIYTBWKngKxWRF+CK8qkJ9xFcufW4
DHQUKe4eDuUglZYDtVF0U4t8svzLOsiNiZivDi3SCxUOP8QydaHRNbsMjtOAzwE/
AV0rP9BXFII4T38zNb3BcV1bd9FAi0ie2UC0LCZYRtsuj6Dg4V3Hded/iQJ4kPho
H6wtfKc1NGfwZdl3/mvYvQRzKA+4APt1WgExTA3wJHF5+DT/t0myw7EWQzjnXlEr
8uiBN08chz7ecxTLXxHK2rFJO7felByFTB1x4qWasBpuots2c7WRL4hnVDsIlnTn
JWVsAFNUYAnXZM9EJ3PbJuvnelhocLe/yIrNAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUrFqRtGomxkBVPtJalluD+FLhvkQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvckZxUnRHb214a0JW
UHRKYWxsdUQtRkxodmtRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAIAgazffbDmOpFPzenJpm/RrENq0
cLYHdLWkhLpSYwv2K4tcg83kGFgf4ugZDyHru/QUojlrNnvcfFy/KQLE3skLWCow
GbW5g8o+hb7A+2sg4YmWfbAs9J7rdM54QPp9zOCdZyUiA3JJacURL0xUqMTxT44g
GQGbFAfnubfA5KVVzHQ8sjImQxuYng+SzzrG88DM5txghTuMlCSkHrxAFh/koj/x
Rs9y1eG7oV0tVdKKG5SUbihSb3rKlYVt+z2Ncrt1H8zS6mA+v8KJs4oaQUBgZfOf
dY7mqegjJitvXa40LfbxXoclU9eyGGX53IXgc2bcWyOnI/tgwTzOKIypzWk=
-----END CERTIFICATE-----
Generated at Sun Jun 22 05:26:53 2025 by rpki-client