Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/tPpY9utPsMr5hqn2ne1OnBSSoVs.roa
File: tPpY9utPsMr5hqn2ne1OnBSSoVs.roa (raw, json)
Hash identifier: /mnl77PyFwYs+2XjVa2t9HMbykWSIOr2MuICUbLJOeY=
Subject key identifier: B4:FA:58:F6:EB:4F:B0:CA:F9:86:A9:F6:9D:ED:4E:9C:14:92:A1:5B
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2606
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/tPpY9utPsMr5hqn2ne1OnBSSoVs.roa
Signing time: Fri 13 Jun 2025 07:39:14 +0000
ROA not before: Fri 13 Jun 2025 07:39:14 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9734 (0x2606)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 07:39:14 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B4FA58F6EB4FB0CAF986A9F69DED4E9C1492A15B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:58:96:b2:e8:89:7d:bc:de:81:05:0e:93:7e:
c1:59:6c:e7:8d:cf:d8:7b:eb:0f:a6:49:6a:06:be:
12:77:8f:29:70:36:6c:b1:91:05:8c:b3:05:3b:32:
54:38:c0:15:7b:48:0b:7f:78:49:59:27:4b:fa:d6:
cb:37:a3:07:77:0f:99:b6:6e:e8:89:ca:d8:26:7f:
5c:6c:df:99:79:74:e8:59:21:93:78:43:1e:df:6b:
e1:00:3f:51:e3:c4:a1:d8:bc:3b:ca:3e:c6:c6:e1:
7a:bc:e9:57:8c:7f:c9:91:88:c7:09:29:de:55:63:
1d:a8:7f:2f:b4:76:73:07:57:4a:3a:ea:d2:7e:37:
18:d3:ef:2b:50:19:3e:8d:99:da:b2:2a:b1:18:8e:
77:07:f9:05:ac:7d:3a:db:59:7b:85:69:08:13:2b:
23:fc:66:04:3a:f5:11:67:8d:50:3e:d5:b9:ea:e1:
4b:d9:ad:4c:6a:3f:ac:29:e2:ab:40:f8:45:8d:7c:
98:9c:32:19:14:14:fb:09:76:4f:77:9c:4d:e6:94:
55:44:06:22:44:20:99:06:05:ed:ed:3b:1c:53:fa:
30:6c:29:d1:4f:42:e7:fa:d9:19:58:ff:3d:30:95:
b6:6e:74:03:95:c0:40:86:e3:f4:19:8b:39:52:c5:
03:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:FA:58:F6:EB:4F:B0:CA:F9:86:A9:F6:9D:ED:4E:9C:14:92:A1:5B
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/tPpY9utPsMr5hqn2ne1OnBSSoVs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
98:61:31:88:0d:d7:dd:ae:9c:fb:04:a9:21:79:ee:9b:3d:03:
35:c1:39:f9:ab:0c:0d:71:aa:2a:7a:6b:34:05:21:de:24:21:
73:01:61:cc:70:d1:53:41:e1:c8:7d:56:d1:f0:a7:40:07:87:
29:22:20:3c:43:c9:72:b7:8c:7c:89:71:51:d6:00:dc:94:d4:
4b:c7:ba:11:51:2c:27:60:71:62:a7:09:57:66:0c:7d:c3:e3:
0f:d0:65:77:97:08:73:d2:fe:ec:46:67:7c:8e:20:e7:91:a8:
a2:78:00:5a:2c:fb:69:90:0c:3e:3d:f1:6e:d9:29:fc:9c:67:
43:82:c8:2e:62:ef:12:93:81:29:6f:56:c9:af:31:3c:a2:9e:
c3:4a:83:64:c4:eb:f2:ac:05:a9:be:52:05:8e:57:b3:a0:db:
51:e0:eb:6d:33:7a:e5:46:76:66:53:d9:ed:24:1e:fb:cb:b7:
97:16:b2:42:2f:e0:54:37:d4:14:87:df:4a:e6:c5:1e:79:51:
c4:a8:30:29:f2:ac:3f:c5:3d:52:44:4d:13:e2:0d:2c:b5:b5:
bd:cf:eb:cb:1d:c3:ce:7a:3b:14:4d:a6:82:f7:0b:83:12:fe:
29:f3:4d:27:42:75:87:4b:fb:69:b9:55:1d:4a:aa:1d:cb:b1:
87:b4:c2:ba
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJgYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMw
NzM5MTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI0RkE1OEY2RUI0RkIw
Q0FGOTg2QTlGNjlERUQ0RTlDMTQ5MkExNUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMWJay6Il9vN6BBQ6TfsFZbOeNz9h76w+mSWoGvhJ3jylwNmyx
kQWMswU7MlQ4wBV7SAt/eElZJ0v61ss3owd3D5m2buiJytgmf1xs35l5dOhZIZN4
Qx7fa+EAP1HjxKHYvDvKPsbG4Xq86VeMf8mRiMcJKd5VYx2ofy+0dnMHV0o66tJ+
NxjT7ytQGT6NmdqyKrEYjncH+QWsfTrbWXuFaQgTKyP8ZgQ69RFnjVA+1bnq4UvZ
rUxqP6wp4qtA+EWNfJicMhkUFPsJdk93nE3mlFVEBiJEIJkGBe3tOxxT+jBsKdFP
Quf62RlY/z0wlbZudAOVwECG4/QZizlSxQOnAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUtPpY9utPsMr5hqn2ne1OnBSSoVswHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvdFBwWTl1dFBzTXI1
aHFuMm5lMU9uQlNTb1ZzLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAJhhMYgN192unPsEqSF57ps9AzXB
OfmrDA1xqip6azQFId4kIXMBYcxw0VNB4ch9VtHwp0AHhykiIDxDyXK3jHyJcVHW
ANyU1EvHuhFRLCdgcWKnCVdmDH3D4w/QZXeXCHPS/uxGZ3yOIOeRqKJ4AFos+2mQ
DD498W7ZKfycZ0OCyC5i7xKTgSlvVsmvMTyinsNKg2TE6/KsBam+UgWOV7Og21Hg
620zeuVGdmZT2e0kHvvLt5cWskIv4FQ31BSH30rmxR55UcSoMCnyrD/FPVJETRPi
DSy1tb3P68sdw856OxRNpoL3C4MS/inzTSdCdYdL+2m5VR1Kqh3LsYe0wro=
-----END CERTIFICATE-----
Generated at Fri Jun 20 23:08:30 2025 by rpki-client