Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/uQKyE7Ev4mn5w3YMXxJq49Jk1IY.roa
File: uQKyE7Ev4mn5w3YMXxJq49Jk1IY.roa (raw, json)
Hash identifier: +oOCAxjcgmLSP9/+9Qj8kwrFEyXiYkYug2UMi6/3coo=
Subject key identifier: B9:02:B2:13:B1:2F:E2:69:F9:C3:76:0C:5F:12:6A:E3:D2:64:D4:86
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1F70
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/uQKyE7Ev4mn5w3YMXxJq49Jk1IY.roa
Signing time: Sun 01 Jun 2025 14:38:33 +0000
ROA not before: Sun 01 Jun 2025 14:38:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8048 (0x1f70)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 1 14:38:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B902B213B12FE269F9C3760C5F126AE3D264D486
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:c1:f2:38:9b:1b:10:64:6f:70:50:12:d0:ea:
98:c0:9f:12:93:95:fc:83:5b:57:5e:a1:55:e9:d1:
68:fe:b2:d1:60:a9:94:c3:dd:49:36:f2:83:be:dc:
6b:97:65:87:09:e3:1e:18:5c:44:e5:1d:12:68:45:
63:6b:9b:9f:8f:db:b7:da:7d:9c:da:1a:de:60:4b:
96:4e:99:4a:8a:cb:39:c6:45:d8:d9:09:80:9e:56:
ac:e5:33:9d:4f:56:ad:ed:5f:b2:da:05:55:61:5f:
6d:df:04:26:50:2d:27:7f:07:45:f8:1c:6a:64:9d:
e9:4b:dd:97:81:62:93:19:63:78:d8:9b:2b:75:32:
6f:e2:56:28:2f:99:f7:c1:7c:35:bc:07:1f:3f:c8:
8c:bf:e9:2b:a2:ec:5c:04:4d:14:87:d9:ed:b5:cb:
46:d3:07:50:14:47:02:92:75:6d:2c:ea:82:5b:79:
79:a5:bf:f7:67:27:0c:11:39:31:13:52:00:30:f4:
1f:d9:56:b9:ba:fc:f6:43:8d:dc:38:80:12:4d:79:
01:02:e3:07:e8:ed:42:bd:2d:68:ad:6e:4f:ff:5e:
1c:66:35:d3:a3:64:b8:88:81:8d:7a:38:6a:9a:ae:
94:94:2a:e8:21:70:e5:06:5e:f8:f7:4e:41:13:44:
84:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:02:B2:13:B1:2F:E2:69:F9:C3:76:0C:5F:12:6A:E3:D2:64:D4:86
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/uQKyE7Ev4mn5w3YMXxJq49Jk1IY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
85:57:7b:da:6a:3a:ad:35:f2:96:0b:2a:d8:a7:be:b6:06:8b:
72:64:5d:79:62:66:e1:9e:bd:c5:a1:35:e4:4d:d0:f2:aa:68:
3e:3d:21:76:e6:d6:34:4c:4a:c2:95:a0:36:e4:4d:81:2f:02:
02:ad:87:38:21:ac:75:65:f4:85:a0:36:9b:14:f6:fc:ca:54:
5b:1b:7e:d8:64:fc:28:41:69:98:37:05:34:9f:b2:33:a6:6a:
1b:50:5c:24:62:a6:c7:a3:77:51:88:9d:c9:c6:81:55:15:8a:
b9:8f:79:55:ca:e3:8d:4e:4f:00:09:8d:03:40:3f:e0:3f:d2:
50:fc:de:55:d3:83:50:17:59:9e:5b:6e:a4:f2:06:f3:58:ac:
f1:b9:b7:14:87:d9:f1:6d:d0:9f:ab:c4:9a:58:d0:86:eb:a9:
bd:13:7f:64:88:c0:d3:0f:a5:cd:d1:bd:e6:98:ae:67:6c:a3:
3e:b2:f1:e0:7a:dd:b7:b5:31:10:72:98:0c:12:b6:6f:e0:ec:
0a:69:b5:55:2a:ad:a3:a8:cc:fc:ce:a4:8d:9a:8a:18:e3:aa:
18:dd:cb:62:68:32:26:3c:ff:25:16:0f:b3:f0:8a:56:cd:b5:
75:bf:44:7e:21:11:e7:c0:e4:af:95:20:30:10:38:b5:b0:f7:
99:c0:9e:35
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICH3AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDEx
NDM4MzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI5MDJCMjEzQjEyRkUy
NjlGOUMzNzYwQzVGMTI2QUUzRDI2NEQ0ODYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpwfI4mxsQZG9wUBLQ6pjAnxKTlfyDW1deoVXp0Wj+stFgqZTD
3Uk28oO+3GuXZYcJ4x4YXETlHRJoRWNrm5+P27fafZzaGt5gS5ZOmUqKyznGRdjZ
CYCeVqzlM51PVq3tX7LaBVVhX23fBCZQLSd/B0X4HGpknelL3ZeBYpMZY3jYmyt1
Mm/iVigvmffBfDW8Bx8/yIy/6Sui7FwETRSH2e21y0bTB1AURwKSdW0s6oJbeXml
v/dnJwwROTETUgAw9B/ZVrm6/PZDjdw4gBJNeQEC4wfo7UK9LWitbk//XhxmNdOj
ZLiIgY16OGqarpSUKughcOUGXvj3TkETRIQFAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUuQKyE7Ev4mn5w3YMXxJq49Jk1IYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvdVFLeUU3RXY0bW41
dzNZTVh4SnE0OUprMUlZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAIVXe9pqOq018pYLKtinvrYGi3Jk
XXliZuGevcWhNeRN0PKqaD49IXbm1jRMSsKVoDbkTYEvAgKthzghrHVl9IWgNpsU
9vzKVFsbfthk/ChBaZg3BTSfsjOmahtQXCRipsejd1GIncnGgVUVirmPeVXK441O
TwAJjQNAP+A/0lD83lXTg1AXWZ5bbqTyBvNYrPG5txSH2fFt0J+rxJpY0Ibrqb0T
f2SIwNMPpc3RveaYrmdsoz6y8eB63be1MRBymAwStm/g7ApptVUqraOozPzOpI2a
ihjjqhjdy2JoMiY8/yUWD7PwilbNtXW/RH4hEefA5K+VIDAQOLWw95nAnjU=
-----END CERTIFICATE-----
Generated at Sat Jun 21 22:45:48 2025 by rpki-client