Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/u1xvVt-0omflrrfPEptYJ3-UCqU.roa
File: u1xvVt-0omflrrfPEptYJ3-UCqU.roa (raw, json)
Hash identifier: f9Ndkxa8Gb873ENwdDeyeMX1kFZV5oEdfYMsZWPyvdg=
Subject key identifier: BB:5C:6F:56:DF:B4:A2:67:E5:AE:B7:CF:12:9B:58:27:7F:94:0A:A5
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 21C8
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/u1xvVt-0omflrrfPEptYJ3-UCqU.roa
Signing time: Thu 05 Jun 2025 18:38:47 +0000
ROA not before: Thu 05 Jun 2025 18:38:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8648 (0x21c8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 18:38:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BB5C6F56DFB4A267E5AEB7CF129B58277F940AA5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:4c:96:a8:cf:4f:e1:91:be:8a:42:c4:6e:57:
99:23:b9:fd:4b:74:38:1f:50:25:bf:07:8a:22:8f:
f5:ae:8f:05:a1:5a:86:60:b3:1e:e9:0a:02:42:d0:
8f:3f:96:48:6b:81:78:d1:1b:e4:55:d2:e0:5c:0a:
67:6a:0e:54:09:da:e9:1e:58:8f:ce:af:a3:81:b9:
f5:0e:a0:84:21:e5:a5:09:f8:d3:ce:0e:ae:ac:be:
5c:31:20:d9:e8:b7:18:56:fe:3f:92:6b:2f:6c:46:
33:61:35:5c:1a:f3:3d:1f:ef:65:5b:5a:8c:28:bb:
8b:65:39:3f:12:d7:28:5c:50:b3:d4:42:fa:9d:d6:
76:b0:1a:c8:2d:6f:f4:85:3b:f8:56:f4:40:5b:29:
3a:ce:0e:06:e0:7a:28:1b:fe:48:36:b1:62:81:f2:
9b:c8:01:08:e4:8e:86:80:93:cd:b4:f2:bf:ef:c7:
b8:19:39:e9:80:8d:97:cd:19:e5:31:d5:67:5f:86:
26:31:69:00:ca:91:7c:37:5f:e1:69:ce:fe:8a:ad:
e7:25:3d:54:67:f6:40:fb:72:7a:fb:00:99:cb:80:
fd:d2:a3:37:ab:49:1a:aa:e6:86:48:52:24:84:0f:
c9:ff:9e:ce:a7:5a:77:3d:55:a7:7a:e9:6f:0f:96:
55:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:5C:6F:56:DF:B4:A2:67:E5:AE:B7:CF:12:9B:58:27:7F:94:0A:A5
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/u1xvVt-0omflrrfPEptYJ3-UCqU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
4e:89:69:a3:c8:59:00:12:32:1f:17:e1:e2:91:b7:f8:34:09:
84:41:7e:d0:ce:29:3d:0a:35:b1:85:69:fe:f2:7f:81:c7:ac:
a0:64:20:69:a5:06:ea:75:f3:ad:fb:0e:25:47:bb:16:68:31:
74:43:91:a5:3f:f6:7c:3c:75:39:f8:39:77:5d:46:77:21:c6:
9d:09:a7:e8:b3:af:d1:1a:2d:76:13:d8:e7:3d:ee:b6:c6:7b:
2b:34:4b:78:70:ee:aa:ed:8f:58:2d:d3:e8:46:18:4c:6d:9a:
44:c7:fc:18:1b:6a:1a:50:85:74:58:68:3a:92:24:58:d8:cf:
6c:7c:6d:b4:64:0e:ca:20:84:89:a5:ec:e4:d3:c8:4f:2f:e3:
f2:f3:b6:66:37:82:65:f7:6e:b0:fb:24:5e:73:7a:7f:bd:fd:
bf:68:77:d7:e4:99:ab:b1:3b:57:17:da:6b:a3:3b:cf:d0:8d:
d0:84:0d:86:23:7d:5d:b1:62:1b:56:d1:40:7f:66:ce:8d:23:
66:4e:8e:7f:bd:c1:64:ff:bf:67:65:a7:29:21:78:27:29:ee:
56:be:29:75:bb:dc:c5:c6:32:ed:d2:72:6b:24:5f:d9:88:0d:
55:f2:0c:1c:19:3d:1d:ef:a3:31:17:78:d5:f3:e0:f2:73:ce:
07:f7:18:b6
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIcgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUx
ODM4NDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJCNUM2RjU2REZCNEEy
NjdFNUFFQjdDRjEyOUI1ODI3N0Y5NDBBQTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzTJaoz0/hkb6KQsRuV5kjuf1LdDgfUCW/B4oij/WujwWhWoZg
sx7pCgJC0I8/lkhrgXjRG+RV0uBcCmdqDlQJ2ukeWI/Or6OBufUOoIQh5aUJ+NPO
Dq6svlwxINnotxhW/j+Say9sRjNhNVwa8z0f72VbWowou4tlOT8S1yhcULPUQvqd
1nawGsgtb/SFO/hW9EBbKTrODgbgeigb/kg2sWKB8pvIAQjkjoaAk8208r/vx7gZ
OemAjZfNGeUx1WdfhiYxaQDKkXw3X+Fpzv6KreclPVRn9kD7cnr7AJnLgP3Sozer
SRqq5oZIUiSED8n/ns6nWnc9Vad66W8PllW9AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUu1xvVt+0omflrrfPEptYJ3+UCqUwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvdTF4dlZ0LTBvbWZs
cnJmUEVwdFlKMy1VQ3FVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAE6JaaPIWQASMh8X4eKRt/g0CYRB
ftDOKT0KNbGFaf7yf4HHrKBkIGmlBup18637DiVHuxZoMXRDkaU/9nw8dTn4OXdd
Rnchxp0Jp+izr9EaLXYT2Oc97rbGeys0S3hw7qrtj1gt0+hGGExtmkTH/BgbahpQ
hXRYaDqSJFjYz2x8bbRkDsoghIml7OTTyE8v4/LztmY3gmX3brD7JF5zen+9/b9o
d9fkmauxO1cX2mujO8/QjdCEDYYjfV2xYhtW0UB/Zs6NI2ZOjn+9wWT/v2dlpykh
eCcp7la+KXW73MXGMu3ScmskX9mIDVXyDBwZPR3vozEXeNXz4PJzzgf3GLY=
-----END CERTIFICATE-----
Generated at Sat Jun 21 08:06:59 2025 by rpki-client