Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/uom5Sv7vPNxBzBfoOIfJyTnzoeM.roa
File: uom5Sv7vPNxBzBfoOIfJyTnzoeM.roa (raw, json)
Hash identifier: 3cTD9C0kSywqvOkIHTyCJAmwoXRYnWWnysxqfoKDZ18=
Subject key identifier: BA:89:B9:4A:FE:EF:3C:DC:41:CC:17:E8:38:87:C9:C9:39:F3:A1:E3
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 20F4
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/uom5Sv7vPNxBzBfoOIfJyTnzoeM.roa
Signing time: Wed 04 Jun 2025 07:08:41 +0000
ROA not before: Wed 04 Jun 2025 07:08:41 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8436 (0x20f4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 4 07:08:41 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BA89B94AFEEF3CDC41CC17E83887C9C939F3A1E3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:3b:40:35:c8:8a:e5:ce:e8:94:d7:b0:dd:c6:
29:b1:c7:39:24:d3:88:90:43:49:20:3d:e8:6a:c2:
e0:3a:62:ca:21:43:8e:2f:46:fb:90:13:c1:79:de:
c3:c7:2e:f1:33:a4:c9:75:75:ab:19:0c:5a:8a:0a:
fa:8e:3a:f6:98:20:d4:31:51:4f:38:b3:21:81:78:
2c:20:31:d9:1b:c5:30:db:11:d8:f4:89:f5:b7:a8:
cb:c9:01:a4:5b:23:72:21:af:67:f9:08:5f:18:6e:
34:c3:ad:ba:d0:64:aa:5d:b4:a4:1f:df:f9:2b:0c:
35:8e:83:62:9b:54:25:64:8a:aa:94:f7:99:1f:03:
f4:2c:5d:e7:6a:c5:d5:e4:08:97:e1:73:19:87:e5:
72:1c:87:a7:eb:bf:df:6c:a1:dc:de:d5:99:53:f9:
69:fc:98:0b:e9:04:90:3e:a3:d5:d3:15:42:e5:57:
e2:b2:fd:25:b6:f2:6c:f0:9b:13:37:5f:88:45:c1:
65:db:6e:17:f3:6b:96:1d:fb:9b:f1:7c:86:8e:2a:
34:d0:5c:92:73:07:6b:75:2f:5f:93:16:f2:9b:a5:
f0:36:db:69:a8:1b:0e:29:e7:17:79:06:a3:3e:d7:
33:2e:00:5b:94:85:fd:c5:ea:6a:bf:f6:a6:e8:94:
e2:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:89:B9:4A:FE:EF:3C:DC:41:CC:17:E8:38:87:C9:C9:39:F3:A1:E3
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/uom5Sv7vPNxBzBfoOIfJyTnzoeM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
0a:a6:85:ce:1a:1e:6c:9b:fa:48:18:61:3e:c1:7c:d2:c0:c1:
42:02:6f:16:aa:49:7f:82:48:45:78:e3:53:0c:fa:e3:28:51:
c9:19:39:31:11:69:b2:06:93:f9:3e:34:17:c2:2d:df:b4:80:
20:1a:84:78:20:55:cc:82:00:87:13:d2:1d:78:86:24:a0:dc:
c7:49:ed:38:34:c2:fd:66:42:f4:52:58:c5:9e:25:62:5e:7b:
68:16:3b:5a:aa:61:dd:d0:ac:e6:35:80:c2:39:51:f9:3f:a6:
8a:a7:fa:8d:73:cc:bb:64:6a:73:51:57:bd:5c:cf:eb:56:14:
11:b6:34:21:66:a5:0b:f7:19:57:0a:0c:35:1b:e7:a3:2b:ad:
c0:9b:10:6a:1a:25:e3:16:1e:e8:5b:b4:85:31:59:0a:68:b0:
4a:ea:50:df:81:31:44:1b:8e:e5:55:7a:88:10:92:3a:e7:74:
2d:80:38:8c:2d:b3:d4:22:62:b4:bf:f3:fc:40:50:7f:18:2a:
9b:e7:e0:e2:67:44:d3:11:92:8a:a3:bf:fd:8e:b2:7d:09:9f:
e3:ba:6b:9f:f9:72:f2:d3:45:82:cb:c2:e0:a0:c7:19:d0:ec:
87:85:5d:6a:d9:44:ba:5d:82:6b:2f:7a:a3:2b:d5:fc:ae:c3:
2e:da:07:26
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIPQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDQw
NzA4NDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJBODlCOTRBRkVFRjND
REM0MUNDMTdFODM4ODdDOUM5MzlGM0ExRTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJO0A1yIrlzuiU17Ddximxxzkk04iQQ0kgPehqwuA6YsohQ44v
RvuQE8F53sPHLvEzpMl1dasZDFqKCvqOOvaYINQxUU84syGBeCwgMdkbxTDbEdj0
ifW3qMvJAaRbI3Ihr2f5CF8YbjTDrbrQZKpdtKQf3/krDDWOg2KbVCVkiqqU95kf
A/QsXedqxdXkCJfhcxmH5XIch6frv99sodze1ZlT+Wn8mAvpBJA+o9XTFULlV+Ky
/SW28mzwmxM3X4hFwWXbbhfza5Yd+5vxfIaOKjTQXJJzB2t1L1+TFvKbpfA222mo
Gw4p5xd5BqM+1zMuAFuUhf3F6mq/9qbolOKzAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUuom5Sv7vPNxBzBfoOIfJyTnzoeMwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvdW9tNVN2N3ZQTnhC
ekJmb09JZkp5VG56b2VNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAAqmhc4aHmyb+kgYYT7BfNLAwUIC
bxaqSX+CSEV441MM+uMoUckZOTERabIGk/k+NBfCLd+0gCAahHggVcyCAIcT0h14
hiSg3MdJ7Tg0wv1mQvRSWMWeJWJee2gWO1qqYd3QrOY1gMI5Ufk/poqn+o1zzLtk
anNRV71cz+tWFBG2NCFmpQv3GVcKDDUb56MrrcCbEGoaJeMWHuhbtIUxWQposErq
UN+BMUQbjuVVeogQkjrndC2AOIwts9QiYrS/8/xAUH8YKpvn4OJnRNMRkoqjv/2O
sn0Jn+O6a5/5cvLTRYLLwuCgxxnQ7IeFXWrZRLpdgmsveqMr1fyuwy7aByY=
-----END CERTIFICATE-----
Generated at Sun Jun 22 05:33:37 2025 by rpki-client