Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/sJJ5m6hwXRZkphIK603jVS0-_AQ.roa
File: sJJ5m6hwXRZkphIK603jVS0-_AQ.roa (raw, json)
Hash identifier: 2iwJGZGCsLn10cF82kdfhjRDIkOHULOhxMguJlNNMs4=
Subject key identifier: B0:92:79:9B:A8:70:5D:16:64:A6:12:0A:EB:4D:E3:55:2D:3E:FC:04
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2001
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/sJJ5m6hwXRZkphIK603jVS0-_AQ.roa
Signing time: Mon 02 Jun 2025 14:38:37 +0000
ROA not before: Mon 02 Jun 2025 14:38:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8193 (0x2001)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 2 14:38:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B092799BA8705D1664A6120AEB4DE3552D3EFC04
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:c4:a9:d2:f3:e3:5f:93:94:2f:7d:58:b8:c4:
0c:6a:cd:30:f9:57:ad:bd:6c:cf:99:27:ee:18:dd:
90:86:63:46:50:46:eb:54:f2:fd:a6:df:9b:71:ec:
b1:57:96:61:61:a7:8e:e7:ea:ff:15:6c:97:79:36:
67:5a:0b:02:20:e5:ee:e5:40:3d:de:83:04:72:d8:
09:85:da:fc:60:81:24:ab:d5:ff:fe:52:e3:d3:46:
f5:fe:cf:a6:bb:fe:4c:05:02:42:3a:ae:0b:ed:ed:
20:d5:68:22:8b:72:41:2d:7b:66:1f:e0:77:62:81:
dd:05:02:d4:01:0b:61:9a:75:d2:f3:67:f0:a3:f3:
dc:63:b8:85:d5:57:af:e1:c1:4c:bd:85:77:b5:c0:
b8:7b:b9:a2:d3:6a:b6:5b:18:31:ec:e0:25:8f:1f:
32:37:eb:2a:d3:37:c6:88:9b:6f:fa:47:9f:8d:92:
9f:f6:61:a5:09:b5:1f:76:bd:6f:1a:7b:01:b6:02:
22:e7:e5:fc:3b:b7:e3:2e:9d:62:3a:10:28:7b:ad:
b1:99:11:89:12:95:e7:8d:0c:ca:ce:3d:9e:d8:86:
4c:fd:58:a0:ed:5d:9a:e3:9b:52:2c:24:4a:71:c5:
29:34:60:32:22:a0:ea:0e:fe:81:02:5f:e3:01:11:
b3:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:92:79:9B:A8:70:5D:16:64:A6:12:0A:EB:4D:E3:55:2D:3E:FC:04
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/sJJ5m6hwXRZkphIK603jVS0-_AQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
03:75:da:1d:26:48:b4:f9:ff:63:38:5b:9c:93:29:32:b0:73:
81:e3:4b:dd:50:65:c0:d1:33:17:d4:be:48:ea:b7:97:2e:8f:
30:20:0d:cf:56:45:bd:8b:d3:fe:7d:5c:67:c0:ff:66:c4:d2:
2a:71:4d:5f:64:b5:2c:83:4a:97:03:9e:5c:3a:1b:59:74:18:
ad:3e:77:2a:b8:3d:bb:8c:63:66:bc:2c:42:16:73:87:ee:6a:
d3:7c:87:b8:11:78:6b:ca:47:3b:e1:08:c3:95:8c:c4:7e:bf:
a4:2a:6d:d9:09:3a:b8:c8:31:60:52:42:ef:18:c8:69:e0:90:
93:44:94:fb:04:4e:4c:9b:f6:06:c4:ad:b3:b4:5f:23:0d:cf:
c2:53:92:ab:60:48:12:a3:66:b3:84:36:67:f7:41:08:3b:d9:
90:0c:8a:f4:cf:92:07:17:2d:28:5a:3d:cc:2c:c1:92:e4:a8:
d4:15:70:05:73:40:44:41:24:a3:1e:43:e9:ef:ac:f6:1e:69:
41:88:d5:2e:6f:ae:da:25:69:75:17:e8:dd:02:17:66:7e:e0:
47:89:c2:58:54:04:f5:b1:ff:f1:75:cd:90:65:dc:b1:36:0f:
06:03:8a:a6:9f:9e:e3:03:96:7e:1f:23:93:95:f0:05:ec:a6:
40:0b:1d:ef
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIAEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDIx
NDM4MzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEIwOTI3OTlCQTg3MDVE
MTY2NEE2MTIwQUVCNERFMzU1MkQzRUZDMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUxKnS8+Nfk5QvfVi4xAxqzTD5V629bM+ZJ+4Y3ZCGY0ZQRutU
8v2m35tx7LFXlmFhp47n6v8VbJd5NmdaCwIg5e7lQD3egwRy2AmF2vxggSSr1f/+
UuPTRvX+z6a7/kwFAkI6rgvt7SDVaCKLckEte2Yf4Hdigd0FAtQBC2GaddLzZ/Cj
89xjuIXVV6/hwUy9hXe1wLh7uaLTarZbGDHs4CWPHzI36yrTN8aIm2/6R5+Nkp/2
YaUJtR92vW8aewG2AiLn5fw7t+MunWI6ECh7rbGZEYkSleeNDMrOPZ7Yhkz9WKDt
XZrjm1IsJEpxxSk0YDIioOoO/oECX+MBEbOdAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUsJJ5m6hwXRZkphIK603jVS0+/AQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvc0pKNW02aHdYUlpr
cGhJSzYwM2pWUzAtX0FRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAAN12h0mSLT5/2M4W5yTKTKwc4Hj
S91QZcDRMxfUvkjqt5cujzAgDc9WRb2L0/59XGfA/2bE0ipxTV9ktSyDSpcDnlw6
G1l0GK0+dyq4PbuMY2a8LEIWc4fuatN8h7gReGvKRzvhCMOVjMR+v6QqbdkJOrjI
MWBSQu8YyGngkJNElPsETkyb9gbErbO0XyMNz8JTkqtgSBKjZrOENmf3QQg72ZAM
ivTPkgcXLShaPcwswZLkqNQVcAVzQERBJKMeQ+nvrPYeaUGI1S5vrtolaXUX6N0C
F2Z+4EeJwlhUBPWx//F1zZBl3LE2DwYDiqafnuMDln4fI5OV8AXspkALHe8=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:57:44 2025 by rpki-client