Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/sVRlQNnFEpMFh7Z-arsUw3341CM.roa
File: sVRlQNnFEpMFh7Z-arsUw3341CM.roa (raw, json)
Hash identifier: 2gDLQelvJXeDBd6rrUVvDKfgImuMZKtgIkOLhqAXTwc=
Subject key identifier: B1:54:65:40:D9:C5:12:93:05:87:B6:7E:6A:BB:14:C3:7D:F8:D4:23
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C3D
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/sVRlQNnFEpMFh7Z-arsUw3341CM.roa
Signing time: Mon 26 May 2025 22:08:07 +0000
ROA not before: Mon 26 May 2025 22:08:07 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7229 (0x1c3d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 26 22:08:07 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B1546540D9C512930587B67E6ABB14C37DF8D423
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:da:a2:67:8a:2b:c5:bf:33:8f:9a:b9:a5:ec:
41:e0:fa:ef:37:4d:db:88:88:0b:d7:7c:75:17:23:
1d:71:10:c9:a6:91:46:55:c3:c9:70:29:47:e0:32:
01:b3:e4:14:40:aa:0c:09:19:b4:66:77:a1:01:09:
0e:c1:af:d8:c0:ed:58:7c:3e:dd:24:fa:ad:7d:b4:
e7:41:73:0a:e8:24:10:78:06:33:73:5e:8d:06:f5:
b0:b3:85:8f:87:34:96:ae:78:46:e0:96:79:d1:ff:
84:74:7f:70:2c:17:5f:58:7d:b1:51:f7:71:98:04:
9f:f3:7b:21:96:a4:41:ed:83:e3:eb:39:86:2b:64:
f2:51:e9:00:b0:00:05:dd:8a:ba:fe:b8:10:2c:db:
49:5e:f0:08:f2:35:64:e3:50:bf:ac:7b:62:51:3e:
4d:5b:cb:be:b3:5b:18:60:ae:04:d3:f1:05:8c:d8:
51:05:63:c7:84:4d:bb:71:92:cc:0c:f0:56:99:b7:
12:29:70:b2:e0:b5:d5:80:6a:97:b1:4a:7b:b7:30:
ce:8e:42:8f:7e:72:c4:a9:74:cd:2b:51:c6:f9:43:
64:e5:32:42:73:de:78:8a:12:68:9a:73:b7:52:02:
3a:d8:e3:00:47:e4:35:e6:93:7f:3d:c7:f1:ce:04:
ae:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:54:65:40:D9:C5:12:93:05:87:B6:7E:6A:BB:14:C3:7D:F8:D4:23
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/sVRlQNnFEpMFh7Z-arsUw3341CM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
98:54:27:e9:5f:db:1c:a5:fe:a2:fd:a0:71:f9:ca:65:72:fc:
39:20:38:dd:3c:0e:89:e6:40:d5:90:94:67:19:16:10:48:f4:
93:ae:7b:c1:a8:71:0d:e3:b3:e3:8d:dc:b7:17:63:90:04:61:
6a:ee:c6:60:58:15:e6:f1:5c:26:2a:19:ef:6f:6d:c6:a6:45:
0b:04:5b:90:20:7b:9f:29:3e:cf:45:1a:4f:33:aa:0d:2c:d0:
1e:92:29:d0:2d:51:a4:82:4f:a8:74:dd:8a:af:8b:6c:71:06:
a7:9f:ae:e1:da:4c:10:0a:cf:1e:90:55:8a:c9:f8:d3:3c:e5:
04:a4:ee:ca:9a:f3:51:76:33:0c:c0:39:a7:92:3f:ab:3a:77:
c9:40:19:cc:af:f7:b5:91:a9:ad:a0:3e:0e:f5:6f:fe:3b:3f:
fa:7f:29:92:29:fb:17:84:c7:16:d6:5a:3d:1b:cf:ac:1c:da:
ea:50:6a:c8:fa:df:23:b6:f7:0d:25:6a:33:ee:08:33:d6:7e:
8e:19:4c:16:00:c2:d3:13:d5:79:f8:6b:29:e4:86:e4:31:dc:
c2:9f:ce:22:a0:97:ef:cf:41:a1:1c:6f:f3:3a:60:2b:99:b8:
ee:95:45:8b:50:e5:ca:f8:29:e9:4f:c7:36:e7:d1:98:21:4f:
d4:95:f1:cf
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHD0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MjYy
MjA4MDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEIxNTQ2NTQwRDlDNTEy
OTMwNTg3QjY3RTZBQkIxNEMzN0RGOEQ0MjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDD2qJniivFvzOPmrml7EHg+u83TduIiAvXfHUXIx1xEMmmkUZV
w8lwKUfgMgGz5BRAqgwJGbRmd6EBCQ7Br9jA7Vh8Pt0k+q19tOdBcwroJBB4BjNz
Xo0G9bCzhY+HNJaueEbglnnR/4R0f3AsF19YfbFR93GYBJ/zeyGWpEHtg+PrOYYr
ZPJR6QCwAAXdirr+uBAs20le8AjyNWTjUL+se2JRPk1by76zWxhgrgTT8QWM2FEF
Y8eETbtxkswM8FaZtxIpcLLgtdWAapexSnu3MM6OQo9+csSpdM0rUcb5Q2TlMkJz
3niKEmiac7dSAjrY4wBH5DXmk389x/HOBK5LAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUsVRlQNnFEpMFh7Z+arsUw3341CMwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvc1ZSbFFObkZFcE1G
aDdaLWFyc1V3MzM0MUNNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAJhUJ+lf2xyl/qL9oHH5ymVy/Dkg
ON08DonmQNWQlGcZFhBI9JOue8GocQ3js+ON3LcXY5AEYWruxmBYFebxXCYqGe9v
bcamRQsEW5Age58pPs9FGk8zqg0s0B6SKdAtUaSCT6h03Yqvi2xxBqefruHaTBAK
zx6QVYrJ+NM85QSk7sqa81F2MwzAOaeSP6s6d8lAGcyv97WRqa2gPg71b/47P/p/
KZIp+xeExxbWWj0bz6wc2upQasj63yO29w0lajPuCDPWfo4ZTBYAwtMT1Xn4aynk
huQx3MKfziKgl+/PQaEcb/M6YCuZuO6VRYtQ5cr4KelPxzbn0ZghT9SV8c8=
-----END CERTIFICATE-----
Generated at Sat Jun 21 07:15:20 2025 by rpki-client