Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/tEWZReAwf129JyllaOT_euzgZUY.roa
File: tEWZReAwf129JyllaOT_euzgZUY.roa (raw, json)
Hash identifier: qd4hpMuk03kXTDoUiX64q/3liRgFI7Hh6J1wZK/Qo1M=
Subject key identifier: B4:45:99:45:E0:30:7F:5D:BD:27:29:65:68:E4:FF:7A:EC:E0:65:46
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C29
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/tEWZReAwf129JyllaOT_euzgZUY.roa
Signing time: Mon 26 May 2025 18:38:08 +0000
ROA not before: Mon 26 May 2025 18:38:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7209 (0x1c29)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 26 18:38:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B4459945E0307F5DBD27296568E4FF7AECE06546
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:97:4b:a7:b0:f0:81:72:ec:0c:14:13:ba:2c:
62:98:da:92:fa:86:8e:d6:2c:91:ff:6a:73:d5:16:
16:da:23:47:23:e3:80:26:e3:5b:8e:aa:fe:7f:1d:
c3:e1:9c:ea:a9:0e:cc:19:ef:7e:d5:b2:24:c7:0e:
4c:08:d3:06:72:76:71:9f:7a:60:e2:a3:66:b0:ef:
54:e3:d2:b1:bc:5c:6f:1b:80:47:f0:f0:75:d0:4d:
a3:47:07:e9:fe:20:13:a7:e8:e0:3b:b9:26:60:2d:
f9:d1:44:0f:48:81:1a:86:ef:7e:97:1a:18:b4:24:
20:31:8c:ca:cf:84:4f:74:84:9e:e8:33:7c:98:e6:
da:a2:58:90:1a:1e:08:19:fa:23:44:63:2a:e0:67:
83:e7:3e:c2:a7:c6:8c:fe:78:ce:d9:bb:8b:37:62:
91:55:60:c1:b5:48:15:ca:48:01:12:35:5a:d2:74:
b4:46:63:8e:69:1d:d6:b7:9e:51:b2:87:ca:3c:4f:
dc:87:c0:40:59:cf:52:fb:11:c2:11:0a:01:b2:9d:
01:14:8e:84:27:4a:35:66:d7:61:06:ad:6f:c4:39:
25:24:a3:36:e7:1b:26:3d:ed:7e:d1:5f:3f:10:3a:
71:d9:79:74:d7:b8:9f:a6:9e:f2:20:dc:da:1f:f1:
9c:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:45:99:45:E0:30:7F:5D:BD:27:29:65:68:E4:FF:7A:EC:E0:65:46
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/tEWZReAwf129JyllaOT_euzgZUY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
70:4d:2e:8e:ab:27:6d:21:5f:54:21:7c:f7:21:07:b8:c2:d6:
cf:a1:01:9a:90:34:46:9b:39:92:ea:79:62:15:2d:b3:28:2f:
41:75:6c:22:d9:37:9e:da:5e:38:f7:0e:18:35:fb:8d:cd:b6:
56:34:cd:3f:26:4b:a7:63:43:16:5e:e0:1d:70:f1:5a:d3:39:
f7:a3:b7:b8:18:d3:1c:77:1e:be:ae:fb:5d:d3:2e:20:c2:69:
f0:ff:4b:71:80:55:27:30:52:e9:06:73:d4:93:43:5c:0c:f7:
ab:f1:58:e4:fd:1b:2a:72:7d:0c:7a:21:c5:3e:b8:e2:b4:b1:
13:a9:a2:a0:bc:4d:62:0b:fe:d6:a6:91:f2:f1:db:fc:60:df:
ed:c2:3e:ee:36:40:16:cb:89:08:32:ca:c5:71:a3:56:d7:14:
a3:92:42:2b:04:75:35:47:10:80:0f:39:eb:12:31:c5:bb:51:
17:88:34:65:26:cd:a5:2c:f6:d5:d1:f2:cd:80:da:fc:99:8e:
d5:bb:bb:08:f2:84:bd:1b:17:9d:61:85:1c:ed:f9:f0:c4:8a:
c6:88:d7:f7:33:8e:01:da:6f:ee:57:b9:d0:d6:b4:a2:34:11:
91:b6:46:8e:95:a8:8e:bf:89:c7:1c:6a:bf:0d:12:55:99:a8:
36:52:01:78
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHCkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MjYx
ODM4MDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI0NDU5OTQ1RTAzMDdG
NURCRDI3Mjk2NTY4RTRGRjdBRUNFMDY1NDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYl0unsPCBcuwMFBO6LGKY2pL6ho7WLJH/anPVFhbaI0cj44Am
41uOqv5/HcPhnOqpDswZ737VsiTHDkwI0wZydnGfemDio2aw71Tj0rG8XG8bgEfw
8HXQTaNHB+n+IBOn6OA7uSZgLfnRRA9IgRqG736XGhi0JCAxjMrPhE90hJ7oM3yY
5tqiWJAaHggZ+iNEYyrgZ4PnPsKnxoz+eM7Zu4s3YpFVYMG1SBXKSAESNVrSdLRG
Y45pHda3nlGyh8o8T9yHwEBZz1L7EcIRCgGynQEUjoQnSjVm12EGrW/EOSUkozbn
GyY97X7RXz8QOnHZeXTXuJ+mnvIg3Nof8ZybAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUtEWZReAwf129JyllaOT/euzgZUYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvdEVXWlJlQXdmMTI5
SnlsbGFPVF9ldXpnWlVZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAHBNLo6rJ20hX1QhfPchB7jC1s+h
AZqQNEabOZLqeWIVLbMoL0F1bCLZN57aXjj3Dhg1+43NtlY0zT8mS6djQxZe4B1w
8VrTOfejt7gY0xx3Hr6u+13TLiDCafD/S3GAVScwUukGc9STQ1wM96vxWOT9Gypy
fQx6IcU+uOK0sROpoqC8TWIL/tamkfLx2/xg3+3CPu42QBbLiQgyysVxo1bXFKOS
QisEdTVHEIAPOesSMcW7UReINGUmzaUs9tXR8s2A2vyZjtW7uwjyhL0bF51hhRzt
+fDEisaI1/czjgHab+5XudDWtKI0EZG2Ro6VqI6/icccar8NElWZqDZSAXg=
-----END CERTIFICATE-----
Generated at Sat Jun 21 11:22:10 2025 by rpki-client