Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/rhtmmvKiYWU3qYuobgIiWsd0rcs.roa
File: rhtmmvKiYWU3qYuobgIiWsd0rcs.roa (raw, json)
Hash identifier: I89bq9L9wMMOtCBJMK/efjTJMKrKt7rHeggpfmvM7Kw=
Subject key identifier: AE:1B:66:9A:F2:A2:61:65:37:A9:8B:A8:6E:02:22:5A:C7:74:AD:CB
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1FC2
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/rhtmmvKiYWU3qYuobgIiWsd0rcs.roa
Signing time: Mon 02 Jun 2025 04:08:35 +0000
ROA not before: Mon 02 Jun 2025 04:08:35 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8130 (0x1fc2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 2 04:08:35 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=AE1B669AF2A2616537A98BA86E02225AC774ADCB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:3c:77:ea:f5:d5:c5:90:f7:f2:1c:80:29:a7:
3d:09:3e:62:02:0f:25:4d:37:48:e0:8d:51:4f:9b:
d3:51:2e:81:88:4d:45:af:8b:8b:1a:ce:92:41:4e:
a5:65:62:ca:ad:50:0c:cc:ab:8c:a4:53:43:2f:94:
89:ef:f0:df:44:06:05:f6:56:64:50:3a:6b:69:2c:
55:3f:71:18:c5:2d:1a:08:6a:4a:7c:33:7c:01:b8:
09:27:0a:e1:8b:dd:67:ed:8d:8c:0a:dc:8e:4b:ef:
83:16:6a:34:2d:61:1f:93:7d:95:8c:01:ea:85:04:
32:03:45:13:da:85:f8:98:2d:9f:89:77:eb:0a:67:
f5:2a:18:b5:74:9c:10:85:2b:8f:72:aa:e5:e0:72:
49:f2:fd:e0:29:bb:05:3b:8b:17:f4:95:ca:87:ed:
0e:9b:ca:da:fb:ab:b0:07:40:77:34:14:99:69:7e:
fc:ce:e8:a1:1c:a0:d8:4a:cd:fa:b5:86:40:66:e4:
62:91:ad:97:ea:45:f5:c7:ab:46:35:c2:a7:27:d0:
03:54:f3:b3:3c:53:b8:33:91:de:19:a5:ea:4e:32:
20:e6:05:70:06:1a:a6:1d:c8:80:1d:f2:0f:69:48:
98:f1:1a:39:e4:dd:1b:61:1f:05:67:56:6e:b0:0b:
bf:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:1B:66:9A:F2:A2:61:65:37:A9:8B:A8:6E:02:22:5A:C7:74:AD:CB
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/rhtmmvKiYWU3qYuobgIiWsd0rcs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
b5:9f:c0:f9:e2:e5:03:76:48:df:22:4b:0d:7e:58:b9:3b:c3:
00:35:5e:a5:97:de:4c:3f:19:93:f4:4d:7e:4d:24:43:03:82:
f0:c4:b5:6b:2d:01:fb:bc:f3:84:69:09:d2:6d:62:0b:28:0c:
c5:7c:90:a3:cb:10:c7:62:86:e2:22:cd:e5:49:3c:65:68:08:
81:77:ac:cc:07:df:0e:83:6d:cf:00:2c:6f:08:6b:d5:29:9a:
16:ba:75:ea:c8:c9:56:84:0b:6c:dc:fd:af:e8:ef:1f:cd:c7:
8c:c5:a1:97:42:de:fe:50:37:c1:24:eb:e1:85:3c:ce:8d:3c:
5f:04:f4:59:3f:b1:aa:fd:ac:3b:71:b4:c1:3b:f9:8d:e6:c3:
0a:c3:a6:bd:c8:05:11:37:d5:4c:52:56:b1:30:03:cd:88:ad:
a2:9a:a2:e3:44:48:bb:ca:da:e9:ff:e8:4f:d4:48:29:5f:46:
42:e9:ed:50:fd:4c:b7:61:26:eb:da:a6:8d:2a:44:b6:33:cb:
96:17:44:d8:1f:3d:8a:8b:cd:1e:99:b1:cc:76:ff:20:34:fb:
43:1b:3a:5f:b0:54:7c:48:3f:56:05:60:07:e2:23:c8:50:a8:
1c:97:37:30:27:6c:b0:cf:b6:9d:25:3e:bf:41:63:7e:19:07:
4d:00:99:9d
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICH8IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDIw
NDA4MzVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFFMUI2NjlBRjJBMjYx
NjUzN0E5OEJBODZFMDIyMjVBQzc3NEFEQ0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzPHfq9dXFkPfyHIAppz0JPmICDyVNN0jgjVFPm9NRLoGITUWv
i4sazpJBTqVlYsqtUAzMq4ykU0MvlInv8N9EBgX2VmRQOmtpLFU/cRjFLRoIakp8
M3wBuAknCuGL3WftjYwK3I5L74MWajQtYR+TfZWMAeqFBDIDRRPahfiYLZ+Jd+sK
Z/UqGLV0nBCFK49yquXgckny/eApuwU7ixf0lcqH7Q6bytr7q7AHQHc0FJlpfvzO
6KEcoNhKzfq1hkBm5GKRrZfqRfXHq0Y1wqcn0ANU87M8U7gzkd4ZpepOMiDmBXAG
GqYdyIAd8g9pSJjxGjnk3RthHwVnVm6wC7+vAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUrhtmmvKiYWU3qYuobgIiWsd0rcswHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvcmh0bW12S2lZV1Uz
cVl1b2JnSWlXc2QwcmNzLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALWfwPni5QN2SN8iSw1+WLk7wwA1
XqWX3kw/GZP0TX5NJEMDgvDEtWstAfu884RpCdJtYgsoDMV8kKPLEMdihuIizeVJ
PGVoCIF3rMwH3w6Dbc8ALG8Ia9Upmha6derIyVaEC2zc/a/o7x/Nx4zFoZdC3v5Q
N8Ek6+GFPM6NPF8E9Fk/sar9rDtxtME7+Y3mwwrDpr3IBRE31UxSVrEwA82IraKa
ouNESLvK2un/6E/USClfRkLp7VD9TLdhJuvapo0qRLYzy5YXRNgfPYqLzR6Zscx2
/yA0+0MbOl+wVHxIP1YFYAfiI8hQqByXNzAnbLDPtp0lPr9BY34ZB00AmZ0=
-----END CERTIFICATE-----
Generated at Sat Jun 21 00:10:36 2025 by rpki-client