Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/tk1SFkXHZglESoYjGrZcYH5tIWg.roa
File: tk1SFkXHZglESoYjGrZcYH5tIWg.roa (raw, json)
Hash identifier: LX0M/NBh0hZPHr4sElcpNeqt8fSy9wlZn4x3pZuYkeA=
Subject key identifier: B6:4D:52:16:45:C7:66:09:44:4A:86:23:1A:B6:5C:60:7E:6D:21:68
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 25C7
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/tk1SFkXHZglESoYjGrZcYH5tIWg.roa
Signing time: Thu 12 Jun 2025 21:09:19 +0000
ROA not before: Thu 12 Jun 2025 21:09:19 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9671 (0x25c7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 21:09:19 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B64D521645C76609444A86231AB65C607E6D2168
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:37:0b:71:cf:89:5d:5c:b2:a0:8e:19:cf:96:
b7:81:94:17:79:34:f5:92:04:99:a0:c5:70:b5:65:
81:d9:5c:68:98:26:c5:30:88:b6:0b:05:ff:28:3d:
ef:98:f0:85:ad:a3:b2:1b:60:e1:c8:35:f5:eb:15:
0c:2e:77:ed:75:2e:4d:f3:7a:11:87:1f:a6:0b:d1:
55:54:ce:a3:a4:b9:b8:0a:33:94:41:b8:f1:cf:b0:
60:40:b3:c9:35:2e:45:71:90:d6:34:04:35:a2:31:
1a:f1:e3:2b:b9:a9:c3:a8:7a:f9:b1:75:33:ca:fe:
fb:e6:00:fb:74:11:06:06:a1:09:7a:19:46:0a:62:
e6:44:d3:b2:bc:b0:92:0f:bf:5b:53:e6:7a:2e:35:
6c:06:ee:1c:46:07:d1:d5:d2:8e:54:ef:b3:b7:7c:
b4:50:e6:b0:b6:40:0b:8e:a8:24:ab:77:66:e6:4b:
b7:71:d8:62:d8:16:4d:3f:6e:e4:47:d8:7d:08:be:
14:23:d5:1a:6c:fe:64:f8:e1:5e:1d:12:f8:4f:10:
7f:8e:50:2d:54:21:43:da:31:c5:ec:07:18:0d:c3:
e0:c9:2b:cb:80:5d:0c:1f:32:fb:13:34:f6:ac:bb:
69:00:8b:c9:3a:c7:6a:13:bf:32:ff:7b:8c:01:04:
97:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:4D:52:16:45:C7:66:09:44:4A:86:23:1A:B6:5C:60:7E:6D:21:68
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/tk1SFkXHZglESoYjGrZcYH5tIWg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
85:d2:83:be:8c:81:72:c2:05:5c:21:09:f8:b9:39:45:ec:c9:
b9:a4:e1:a8:30:87:57:fe:d0:23:9e:11:18:26:fe:17:1b:f4:
67:32:05:6f:27:1f:3e:1a:6c:71:d8:34:b3:32:26:bb:2e:19:
0d:f2:b3:98:04:38:66:0a:f4:b7:b9:8b:f0:5f:82:4f:fc:4a:
14:ec:40:63:6c:ac:31:52:21:3c:25:5c:84:41:3e:a8:f1:ab:
8b:75:43:9e:34:01:86:f9:0d:67:73:00:e6:61:78:50:22:07:
63:1d:30:2e:9e:1b:60:4c:cc:aa:f3:ad:34:2a:28:9a:e1:92:
cd:f8:9f:0a:25:ec:9a:db:6f:97:60:23:4c:12:2a:b8:7b:93:
54:91:07:54:a7:57:82:ab:7c:06:3c:2d:2d:d0:2d:7b:ca:01:
47:2e:a2:e8:da:cd:db:ed:b2:62:5d:8f:71:72:46:9b:38:70:
06:ce:42:39:a1:29:6d:72:69:ba:1a:4c:90:d3:74:7b:ab:6d:
84:d6:84:61:72:c2:b7:32:b6:5d:39:41:08:dc:c9:66:6f:da:
58:2c:b7:6b:6f:d8:7e:dd:4d:5e:ad:8c:1e:13:60:b6:bd:3b:
e3:3e:b5:e3:2c:db:55:61:89:45:91:9b:9c:15:0f:f5:98:a8:
53:74:fe:39
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJccwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIy
MTA5MTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI2NEQ1MjE2NDVDNzY2
MDk0NDRBODYyMzFBQjY1QzYwN0U2RDIxNjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKNwtxz4ldXLKgjhnPlreBlBd5NPWSBJmgxXC1ZYHZXGiYJsUw
iLYLBf8oPe+Y8IWto7IbYOHINfXrFQwud+11Lk3zehGHH6YL0VVUzqOkubgKM5RB
uPHPsGBAs8k1LkVxkNY0BDWiMRrx4yu5qcOoevmxdTPK/vvmAPt0EQYGoQl6GUYK
YuZE07K8sJIPv1tT5nouNWwG7hxGB9HV0o5U77O3fLRQ5rC2QAuOqCSrd2bmS7dx
2GLYFk0/buRH2H0IvhQj1Rps/mT44V4dEvhPEH+OUC1UIUPaMcXsBxgNw+DJK8uA
XQwfMvsTNPasu2kAi8k6x2oTvzL/e4wBBJc/AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUtk1SFkXHZglESoYjGrZcYH5tIWgwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvdGsxU0ZrWEhaZ2xF
U29ZakdyWmNZSDV0SVdnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAIXSg76MgXLCBVwhCfi5OUXsybmk
4agwh1f+0COeERgm/hcb9GcyBW8nHz4abHHYNLMyJrsuGQ3ys5gEOGYK9Le5i/Bf
gk/8ShTsQGNsrDFSITwlXIRBPqjxq4t1Q540AYb5DWdzAOZheFAiB2MdMC6eG2BM
zKrzrTQqKJrhks34nwol7Jrbb5dgI0wSKrh7k1SRB1SnV4KrfAY8LS3QLXvKAUcu
oujazdvtsmJdj3FyRps4cAbOQjmhKW1yaboaTJDTdHurbYTWhGFywrcytl05QQjc
yWZv2lgst2tv2H7dTV6tjB4TYLa9O+M+teMs21VhiUWRm5wVD/WYqFN0/jk=
-----END CERTIFICATE-----
Generated at Sat Jun 21 07:06:16 2025 by rpki-client