Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/sB7kd_ZNcrSCp-F4-WrhjZKP4Jo.roa
File: sB7kd_ZNcrSCp-F4-WrhjZKP4Jo.roa (raw, json)
Hash identifier: HilaY1RdmzJHYOsbIPAZFZU3zmtueGgKipCGnfQ0FqA=
Subject key identifier: B0:1E:E4:77:F6:4D:72:B4:82:A7:E1:78:F9:6A:E1:8D:92:8F:E0:9A
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1F67
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/sB7kd_ZNcrSCp-F4-WrhjZKP4Jo.roa
Signing time: Sun 01 Jun 2025 13:08:43 +0000
ROA not before: Sun 01 Jun 2025 13:08:43 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8039 (0x1f67)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 1 13:08:43 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B01EE477F64D72B482A7E178F96AE18D928FE09A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:f5:c1:cd:8d:0c:d8:35:8e:2f:49:5b:ca:b4:
ed:02:ca:65:6c:29:4f:84:2e:85:0a:93:f1:54:90:
d1:d0:d9:b1:c8:c6:d1:79:0d:7f:fd:3d:62:e0:ae:
82:e4:57:20:0b:97:65:87:d7:30:03:c3:6a:11:94:
1a:04:07:d1:3e:da:d2:e0:fd:d7:ed:02:6c:7f:d4:
6f:7e:e6:90:c2:71:0c:f2:c3:f6:a9:f6:e6:cd:6b:
ff:c7:c7:35:27:3e:e5:03:ff:ff:9b:3c:e4:fe:71:
00:b0:99:ab:bb:29:3e:59:05:2e:17:db:ea:8c:5c:
ee:e0:87:91:7a:6e:9e:41:8f:77:77:77:66:f5:62:
2a:ca:5b:18:fb:12:d4:21:c2:55:a9:73:6c:fe:05:
bd:f7:56:94:3e:15:72:b2:12:09:34:fc:26:56:50:
32:08:c6:a9:a8:59:02:ba:5f:eb:3f:47:b4:5d:b5:
0e:ec:aa:2b:e4:86:2e:37:fb:1e:d9:77:8d:6a:1b:
52:f7:8e:ea:95:ad:41:11:de:ef:51:f6:8e:49:a6:
e3:2a:5b:c6:95:ba:52:15:32:7a:07:a1:75:e8:3a:
ee:26:18:81:6d:64:bd:74:32:12:f1:2b:05:2c:7b:
29:9a:98:d8:f1:08:31:1a:3e:d8:8f:a5:59:2c:19:
ea:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:1E:E4:77:F6:4D:72:B4:82:A7:E1:78:F9:6A:E1:8D:92:8F:E0:9A
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/sB7kd_ZNcrSCp-F4-WrhjZKP4Jo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
a3:45:11:1a:20:ae:5e:36:81:b1:58:d4:e1:87:e1:20:64:d5:
cd:86:8b:b2:9b:fe:aa:b6:63:6a:8b:1d:ce:4e:6d:97:00:40:
a5:79:c3:b7:7c:4b:f5:d8:f2:a4:96:32:26:1a:cd:f0:4c:0c:
12:ba:2d:3a:b2:29:5c:49:61:52:89:8a:81:41:b8:76:cc:f5:
f2:dc:55:61:80:b8:31:4c:87:82:97:b5:be:45:22:61:89:67:
9d:fc:01:25:90:09:a3:72:7f:05:41:75:bf:57:20:47:92:0c:
4b:7f:5e:a0:5e:13:cf:fc:36:47:1c:2f:0a:f8:14:6a:31:da:
9e:60:4d:92:b2:82:47:9f:ed:32:c7:bb:d7:fa:20:13:b7:a4:
ca:08:48:68:ea:46:9f:06:5f:fb:f8:59:7e:05:45:b5:9e:e9:
4d:7e:f3:dc:55:c7:3d:8f:c8:93:cd:fc:cf:02:92:8c:9f:3e:
ee:c7:63:2e:4a:75:d3:92:cc:a8:03:14:e4:54:01:6a:f4:09:
06:f5:7c:d1:1a:82:d3:9d:c4:1d:fe:d2:a8:05:1c:02:b4:ed:
88:2a:b1:11:e5:62:a5:89:87:97:0d:98:a0:b8:1f:f1:9f:55:
94:bf:11:34:0c:dd:1a:f4:68:d9:b4:25:f6:ea:53:54:67:6b:
e0:5f:3a:f4
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICH2cwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDEx
MzA4NDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEIwMUVFNDc3RjY0RDcy
QjQ4MkE3RTE3OEY5NkFFMThEOTI4RkUwOUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC49cHNjQzYNY4vSVvKtO0CymVsKU+ELoUKk/FUkNHQ2bHIxtF5
DX/9PWLgroLkVyALl2WH1zADw2oRlBoEB9E+2tLg/dftAmx/1G9+5pDCcQzyw/ap
9ubNa//HxzUnPuUD//+bPOT+cQCwmau7KT5ZBS4X2+qMXO7gh5F6bp5Bj3d3d2b1
YirKWxj7EtQhwlWpc2z+Bb33VpQ+FXKyEgk0/CZWUDIIxqmoWQK6X+s/R7RdtQ7s
qivkhi43+x7Zd41qG1L3juqVrUER3u9R9o5JpuMqW8aVulIVMnoHoXXoOu4mGIFt
ZL10MhLxKwUseymamNjxCDEaPtiPpVksGepNAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUsB7kd/ZNcrSCp+F4+WrhjZKP4JowHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvc0I3a2RfWk5jclND
cC1GNC1XcmhqWktQNEpvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAKNFERogrl42gbFY1OGH4SBk1c2G
i7Kb/qq2Y2qLHc5ObZcAQKV5w7d8S/XY8qSWMiYazfBMDBK6LTqyKVxJYVKJioFB
uHbM9fLcVWGAuDFMh4KXtb5FImGJZ538ASWQCaNyfwVBdb9XIEeSDEt/XqBeE8/8
NkccLwr4FGox2p5gTZKygkef7TLHu9f6IBO3pMoISGjqRp8GX/v4WX4FRbWe6U1+
89xVxz2PyJPN/M8CkoyfPu7HYy5KddOSzKgDFORUAWr0CQb1fNEagtOdxB3+0qgF
HAK07YgqsRHlYqWJh5cNmKC4H/GfVZS/ETQM3Rr0aNm0JfbqU1Rna+BfOvQ=
-----END CERTIFICATE-----
Generated at Sat Jun 21 00:51:59 2025 by rpki-client