Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/ufoRPfcID4Br8kEHdgLILXa77Xc.roa
File: ufoRPfcID4Br8kEHdgLILXa77Xc.roa (raw, json)
Hash identifier: 7/Z3ZhXD3PRQFOjU0iMSKurLWMhR1Om8AvagbUGRo68=
Subject key identifier: B9:FA:11:3D:F7:08:0F:80:6B:F2:41:07:76:02:C8:2D:76:BB:ED:77
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 25F8
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ufoRPfcID4Br8kEHdgLILXa77Xc.roa
Signing time: Fri 13 Jun 2025 05:20:22 +0000
ROA not before: Fri 13 Jun 2025 05:20:22 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9720 (0x25f8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 05:20:22 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B9FA113DF7080F806BF241077602C82D76BBED77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:7d:67:55:90:e3:0a:5a:fe:c2:ee:e4:fa:66:
68:18:84:9d:60:5a:5c:57:c2:bb:1f:06:b1:76:db:
9c:4f:34:cd:05:29:24:e7:17:b7:0d:c6:c5:ef:6f:
31:23:10:6a:e9:31:ef:42:79:ed:d0:cd:33:95:a5:
2f:e9:a3:b1:83:35:59:79:2a:47:75:f2:08:c6:ed:
d0:14:d9:b9:19:43:2c:a9:f3:f8:2c:c8:55:48:89:
c3:26:19:da:f4:84:ec:4b:8d:6a:80:f5:5c:ae:a7:
a0:d4:c2:0e:c5:02:d0:54:7a:2e:7a:3e:72:80:ec:
0c:c8:13:52:af:d0:2e:85:ff:9a:4a:d5:6c:81:94:
35:77:2d:69:1f:cb:82:a0:a0:a9:2b:25:6c:73:3b:
70:cf:71:f5:36:70:bb:32:86:fe:b1:11:6a:1f:6a:
cf:08:ab:36:d9:39:24:6e:33:06:68:95:6d:b2:36:
8a:7c:9a:b9:75:53:27:3f:98:37:a5:40:1f:d0:e0:
67:07:6b:b5:27:4a:de:3d:de:ed:6a:bd:30:37:d3:
7e:f7:19:0e:59:22:e8:2c:4b:68:de:4f:c5:e5:24:
98:1d:62:61:a2:71:be:d9:81:d6:45:97:63:c2:16:
b7:88:4a:a0:b7:e3:b3:e2:1a:e2:fe:60:12:7d:14:
d1:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:FA:11:3D:F7:08:0F:80:6B:F2:41:07:76:02:C8:2D:76:BB:ED:77
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ufoRPfcID4Br8kEHdgLILXa77Xc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
4f:21:b3:ac:8e:e2:ac:0f:8f:82:1f:4d:e3:58:c1:e2:43:df:
e9:98:47:43:4e:4f:7a:17:c0:69:f3:d0:b7:81:15:f5:93:56:
ef:23:b0:28:c2:90:1e:26:59:9b:80:d4:af:8e:a2:c2:42:f3:
f9:fd:d9:19:cd:69:fe:ea:30:25:39:d5:bd:dd:4e:8f:30:64:
08:22:a8:82:c3:e2:98:d8:94:53:19:f9:77:59:cb:96:a0:8a:
43:58:fa:d2:98:f3:66:ae:88:78:92:f5:16:c0:5f:96:c9:c8:
49:75:d6:f9:62:9f:c5:43:05:fc:27:81:11:d0:c3:c2:68:55:
6e:50:99:9c:a9:2d:27:4a:f3:59:c0:b4:77:61:1f:a2:54:60:
0c:11:04:e3:f2:f4:f3:20:2b:d6:11:54:bb:e3:69:41:c6:db:
f1:55:18:26:b7:ac:cf:c2:a8:7c:b5:58:2d:97:14:69:9a:3c:
3d:64:0a:17:3a:6e:c0:ed:2a:a5:f9:29:48:27:23:d3:c9:2f:
3e:75:2b:fa:34:06:4a:f3:2d:50:94:38:53:30:b7:1a:64:5a:
a3:84:01:aa:dd:ce:55:7d:38:f8:5e:d7:d0:fc:75:b4:5b:f4:
46:8e:cc:de:08:33:63:15:b9:29:ac:56:1b:c5:8c:f0:a3:96:
79:fe:16:32
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJfgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMw
NTIwMjJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEI5RkExMTNERjcwODBG
ODA2QkYyNDEwNzc2MDJDODJENzZCQkVENzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtfWdVkOMKWv7C7uT6ZmgYhJ1gWlxXwrsfBrF225xPNM0FKSTn
F7cNxsXvbzEjEGrpMe9Cee3QzTOVpS/po7GDNVl5Kkd18gjG7dAU2bkZQyyp8/gs
yFVIicMmGdr0hOxLjWqA9Vyup6DUwg7FAtBUei56PnKA7AzIE1Kv0C6F/5pK1WyB
lDV3LWkfy4KgoKkrJWxzO3DPcfU2cLsyhv6xEWofas8IqzbZOSRuMwZolW2yNop8
mrl1Uyc/mDelQB/Q4GcHa7UnSt493u1qvTA30373GQ5ZIugsS2jeT8XlJJgdYmGi
cb7ZgdZFl2PCFreISqC347PiGuL+YBJ9FNF9AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUufoRPfcID4Br8kEHdgLILXa77XcwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvdWZvUlBmY0lENEJy
OGtFSGRnTElMWGE3N1hjLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAE8hs6yO4qwPj4IfTeNYweJD3+mY
R0NOT3oXwGnz0LeBFfWTVu8jsCjCkB4mWZuA1K+OosJC8/n92RnNaf7qMCU51b3d
To8wZAgiqILD4pjYlFMZ+XdZy5agikNY+tKY82auiHiS9RbAX5bJyEl11vlin8VD
BfwngRHQw8JoVW5QmZypLSdK81nAtHdhH6JUYAwRBOPy9PMgK9YRVLvjaUHG2/FV
GCa3rM/CqHy1WC2XFGmaPD1kChc6bsDtKqX5KUgnI9PJLz51K/o0BkrzLVCUOFMw
txpkWqOEAardzlV9OPhe19D8dbRb9EaOzN4IM2MVuSmsVhvFjPCjlnn+FjI=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:56:21 2025 by rpki-client