Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/ubk03iELkRNuYe6jrOxTlSOSazY.roa
File: ubk03iELkRNuYe6jrOxTlSOSazY.roa (raw, json)
Hash identifier: AMkTSBVhnbd5lcurlAMpVLJAa5OkfgLLpBXN13O3krw=
Subject key identifier: B9:B9:34:DE:21:0B:91:13:6E:61:EE:A3:AC:EC:53:95:23:92:6B:36
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 21DA
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ubk03iELkRNuYe6jrOxTlSOSazY.roa
Signing time: Thu 05 Jun 2025 21:38:50 +0000
ROA not before: Thu 05 Jun 2025 21:38:50 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8666 (0x21da)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 21:38:50 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B9B934DE210B91136E61EEA3ACEC539523926B36
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:79:e5:7a:eb:ff:19:ea:7c:ed:87:86:51:5b:
02:05:34:cc:d6:73:48:0c:f2:9b:26:06:22:4e:c6:
36:11:6c:35:ad:e1:93:27:0e:dd:8e:9e:e5:5a:50:
25:b3:e1:92:e0:c7:8e:7b:19:ee:d5:3b:df:b9:10:
a4:44:0d:20:df:3f:55:94:22:47:79:75:c3:7d:52:
e0:65:6e:27:77:f0:cf:fe:5c:cf:36:74:38:3c:5f:
76:df:cf:ce:25:75:41:f3:45:d9:2a:a0:62:ef:1c:
e0:51:18:49:65:94:f1:05:b8:0c:db:aa:58:5b:73:
e2:35:78:ff:35:7a:4f:47:67:a6:7e:a0:d1:56:21:
e4:79:4b:3a:d7:51:c0:36:69:10:1e:57:bb:90:1f:
b2:c5:04:4b:d5:9c:06:20:21:bd:bf:25:04:e2:a0:
53:70:ff:82:ef:6b:ac:4f:1b:b6:cd:90:39:7d:77:
30:a4:cf:4e:52:5b:1d:6d:b2:cf:3d:9f:76:d1:32:
df:92:6c:d8:70:02:83:df:16:17:fe:e1:b9:22:a3:
f2:24:65:d9:74:a1:0b:03:40:20:a1:f8:96:96:8f:
af:9e:85:9d:70:4f:dd:68:8a:e7:66:63:0c:54:23:
1b:05:e0:f3:64:c9:12:cc:73:54:2c:33:f3:39:97:
42:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:B9:34:DE:21:0B:91:13:6E:61:EE:A3:AC:EC:53:95:23:92:6B:36
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ubk03iELkRNuYe6jrOxTlSOSazY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
36:e0:97:50:41:a3:94:fd:a6:95:68:2e:e0:b8:37:95:8e:6e:
8e:ca:93:10:a3:6b:e5:10:48:6a:48:29:71:8f:66:c4:1e:5c:
6f:2e:4c:41:fd:5e:39:b2:49:30:f5:c5:4f:20:de:f8:79:52:
91:c9:e7:33:a8:72:90:74:df:8d:21:6b:cf:14:47:1e:48:4d:
bd:8a:b2:40:bb:ba:8d:a7:8b:68:6c:46:64:5a:d6:fe:6c:92:
cc:d7:58:4b:68:90:24:ec:b4:75:6d:fc:86:62:62:8f:b9:c2:
d8:7c:c4:de:77:d2:97:5a:68:cf:22:75:bb:97:c7:dd:b7:a9:
ce:47:8e:9a:53:ef:b8:ef:65:b3:78:b5:64:19:bb:a7:77:54:
14:1c:67:71:e4:27:96:1c:33:22:05:1f:08:f5:fb:cf:06:78:
80:f5:8a:1d:29:7c:23:a2:b9:18:8c:9f:87:4d:e6:a8:bf:0d:
e3:9a:2f:37:97:38:de:a2:34:92:a5:67:1f:04:ab:ec:b1:e9:
4b:e6:c9:b7:ef:1d:96:2f:bc:26:85:d7:ea:dc:2f:5a:34:0b:
00:fc:7e:8b:61:02:62:2e:44:3e:69:6c:7f:d4:9b:cc:d4:b5:
e1:6d:81:d4:5b:2d:e0:a1:f2:9c:89:d9:57:d9:40:a8:ea:3b:
75:70:0d:e4
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIdowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUy
MTM4NTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI5QjkzNERFMjEwQjkx
MTM2RTYxRUVBM0FDRUM1Mzk1MjM5MjZCMzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDmeeV66/8Z6nzth4ZRWwIFNMzWc0gM8psmBiJOxjYRbDWt4ZMn
Dt2OnuVaUCWz4ZLgx457Ge7VO9+5EKREDSDfP1WUIkd5dcN9UuBlbid38M/+XM82
dDg8X3bfz84ldUHzRdkqoGLvHOBRGElllPEFuAzbqlhbc+I1eP81ek9HZ6Z+oNFW
IeR5SzrXUcA2aRAeV7uQH7LFBEvVnAYgIb2/JQTioFNw/4Lva6xPG7bNkDl9dzCk
z05SWx1tss89n3bRMt+SbNhwAoPfFhf+4bkio/IkZdl0oQsDQCCh+JaWj6+ehZ1w
T91oiudmYwxUIxsF4PNkyRLMc1QsM/M5l0KBAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUubk03iELkRNuYe6jrOxTlSOSazYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvdWJrMDNpRUxrUk51
WWU2anJPeFRsU09TYXpZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBADbgl1BBo5T9ppVoLuC4N5WObo7K
kxCja+UQSGpIKXGPZsQeXG8uTEH9XjmySTD1xU8g3vh5UpHJ5zOocpB0340ha88U
Rx5ITb2KskC7uo2ni2hsRmRa1v5skszXWEtokCTstHVt/IZiYo+5wth8xN530pda
aM8idbuXx923qc5HjppT77jvZbN4tWQZu6d3VBQcZ3HkJ5YcMyIFHwj1+88GeID1
ih0pfCOiuRiMn4dN5qi/DeOaLzeXON6iNJKlZx8Eq+yx6UvmybfvHZYvvCaF1+rc
L1o0CwD8fothAmIuRD5pbH/Um8zUteFtgdRbLeCh8pyJ2VfZQKjqO3VwDeQ=
-----END CERTIFICATE-----
Generated at Sun Jun 22 22:44:52 2025 by rpki-client