Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/sNDsAEzM5ILSRBnO4-Aa2IOVKto.roa
File: sNDsAEzM5ILSRBnO4-Aa2IOVKto.roa (raw, json)
Hash identifier: VSSWpQCm2GjTnRP+hOZvi7hZ3TQ2oqkK4NBRPhi4WVE=
Subject key identifier: B0:D0:EC:00:4C:CC:E4:82:D2:44:19:CE:E3:E0:1A:D8:83:95:2A:DA
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 20FD
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/sNDsAEzM5ILSRBnO4-Aa2IOVKto.roa
Signing time: Wed 04 Jun 2025 08:38:39 +0000
ROA not before: Wed 04 Jun 2025 08:38:39 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8445 (0x20fd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 4 08:38:39 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B0D0EC004CCCE482D24419CEE3E01AD883952ADA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:68:3c:40:77:87:eb:53:03:77:49:da:9b:df:
a6:8d:d7:22:05:dd:6e:a3:a3:f6:eb:c0:3e:5b:b7:
b2:e2:fc:08:db:81:99:8a:fb:6d:69:5b:0b:2e:80:
83:b0:09:4f:40:48:3c:2b:3a:93:f8:cc:ef:d7:40:
c8:85:25:3f:8b:fc:56:08:cc:2f:51:dd:40:5b:55:
d9:4e:af:32:04:71:32:54:ac:47:cb:9c:36:3d:1f:
aa:03:03:88:02:ee:07:2f:46:18:23:82:cb:c2:f9:
b9:de:a0:e3:76:96:f1:a1:82:a2:cb:cd:f2:e4:c2:
e0:16:46:ed:f4:ec:31:0a:95:eb:82:4d:3d:95:bc:
84:6a:03:92:9d:d4:cb:bf:36:1c:69:2c:fc:82:83:
3b:67:ae:71:e6:00:d4:8b:44:18:35:c2:a7:47:aa:
22:ce:d5:23:c8:05:ab:9c:a3:22:e1:13:b5:6e:a1:
9e:94:71:1f:96:cf:c6:36:37:21:41:18:99:40:8d:
c9:06:b7:15:2f:61:91:67:3e:ef:65:39:87:95:c5:
20:32:55:73:7a:b2:aa:36:06:fb:73:fd:b8:e6:fe:
c9:56:f1:a4:80:ef:af:e0:64:22:ff:de:dc:86:86:
a9:4e:98:37:6c:6c:73:45:8a:36:e2:79:8f:4f:8d:
cd:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:D0:EC:00:4C:CC:E4:82:D2:44:19:CE:E3:E0:1A:D8:83:95:2A:DA
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/sNDsAEzM5ILSRBnO4-Aa2IOVKto.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
04:75:24:6a:6e:45:83:54:21:61:a6:b8:74:0f:0f:9c:01:24:
a0:9e:bc:c8:e4:94:6f:dd:7e:d6:2a:90:27:f2:19:03:6e:15:
52:f3:83:27:2b:27:74:4e:f4:6c:9a:fe:0f:68:c0:fe:10:b2:
5c:1c:3d:32:d2:69:33:36:e0:3e:27:7c:81:99:4a:dd:a5:a5:
04:86:04:9a:f4:cb:03:db:57:a5:4c:65:d7:3b:fb:b7:76:dd:
24:0e:b0:5d:e7:23:db:3c:10:60:40:52:5b:05:49:94:b8:0e:
b4:f2:7e:81:fc:04:0a:b2:ab:fe:32:60:fb:2c:25:61:3f:59:
da:61:47:e4:53:39:17:80:8b:21:2d:ab:bc:fe:cb:c2:95:8a:
54:17:70:b6:96:04:8f:03:63:d5:91:30:30:81:8d:5e:88:d1:
94:cb:83:04:97:a6:22:66:9f:0f:32:83:88:e4:9d:3f:87:2e:
37:33:62:d7:12:c8:be:2d:04:30:0d:ab:1e:57:33:ae:fc:bd:
1a:05:c2:83:c8:ca:01:db:00:dd:37:21:7f:01:0b:31:8e:54:
34:f4:d0:39:96:84:c5:80:0f:b4:22:b4:ac:bc:7f:a1:55:51:
49:f6:cf:43:5c:87:43:e5:21:09:28:25:41:07:13:cc:c8:9f:
0c:15:66:14
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIP0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDQw
ODM4MzlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEIwRDBFQzAwNENDQ0U0
ODJEMjQ0MTlDRUUzRTAxQUQ4ODM5NTJBREEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpaDxAd4frUwN3Sdqb36aN1yIF3W6jo/brwD5bt7Li/AjbgZmK
+21pWwsugIOwCU9ASDwrOpP4zO/XQMiFJT+L/FYIzC9R3UBbVdlOrzIEcTJUrEfL
nDY9H6oDA4gC7gcvRhgjgsvC+bneoON2lvGhgqLLzfLkwuAWRu307DEKleuCTT2V
vIRqA5Kd1Mu/NhxpLPyCgztnrnHmANSLRBg1wqdHqiLO1SPIBaucoyLhE7VuoZ6U
cR+Wz8Y2NyFBGJlAjckGtxUvYZFnPu9lOYeVxSAyVXN6sqo2Bvtz/bjm/slW8aSA
76/gZCL/3tyGhqlOmDdsbHNFijbieY9Pjc0PAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUsNDsAEzM5ILSRBnO4+Aa2IOVKtowHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvc05Ec0FFek01SUxT
UkJuTzQtQWEySU9WS3RvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAAR1JGpuRYNUIWGmuHQPD5wBJKCe
vMjklG/dftYqkCfyGQNuFVLzgycrJ3RO9Gya/g9owP4QslwcPTLSaTM24D4nfIGZ
St2lpQSGBJr0ywPbV6VMZdc7+7d23SQOsF3nI9s8EGBAUlsFSZS4DrTyfoH8BAqy
q/4yYPssJWE/WdphR+RTOReAiyEtq7z+y8KVilQXcLaWBI8DY9WRMDCBjV6I0ZTL
gwSXpiJmnw8yg4jknT+HLjczYtcSyL4tBDANqx5XM678vRoFwoPIygHbAN03IX8B
CzGOVDT00DmWhMWAD7QitKy8f6FVUUn2z0Nch0PlIQkoJUEHE8zInwwVZhQ=
-----END CERTIFICATE-----
Generated at Sat Jun 21 21:36:23 2025 by rpki-client