Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/vLaBlzYK1Uws3i5qkP6j01QGuoE.roa
File: vLaBlzYK1Uws3i5qkP6j01QGuoE.roa (raw, json)
Hash identifier: I9hpjtEWyMG5IRPyTC/LfSD828dfnFpQE5wU0F9HnC0=
Subject key identifier: BC:B6:81:97:36:0A:D5:4C:2C:DE:2E:6A:90:FE:A3:D3:54:06:BA:81
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 228B
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/vLaBlzYK1Uws3i5qkP6j01QGuoE.roa
Signing time: Sat 07 Jun 2025 03:08:52 +0000
ROA not before: Sat 07 Jun 2025 03:08:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8843 (0x228b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 7 03:08:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BCB68197360AD54C2CDE2E6A90FEA3D35406BA81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:1b:38:75:50:a7:bb:44:9a:c2:69:77:f9:bc:
3b:48:cb:23:a9:18:05:8f:3b:db:b1:41:a0:01:b6:
c2:ee:55:c0:64:1e:3d:31:c3:5c:c0:15:38:b9:17:
21:d0:6f:32:95:de:1a:32:1a:3b:a6:96:9a:11:d9:
a3:87:cc:d6:eb:e8:02:8b:0a:7b:ee:8c:b5:f9:88:
2d:36:9e:a5:70:a1:cc:be:f1:80:ab:02:c6:61:0c:
2b:59:cd:b7:f9:bc:7f:25:9d:3e:5a:c5:a7:04:0b:
98:ac:11:86:3a:b1:2d:a1:af:6a:99:3f:95:19:8d:
ed:95:36:5a:9d:3c:1c:1a:69:85:ed:5c:a2:be:c7:
1f:e8:ad:95:3a:34:45:69:e1:64:c5:62:49:a1:95:
20:eb:3f:24:2b:c4:2e:d3:53:4e:4d:78:57:03:89:
ed:b9:a4:ac:36:d0:31:ed:a0:1c:ff:b5:98:d7:25:
47:06:1c:49:61:b2:79:e7:be:ee:e1:8c:9d:2d:b0:
a8:92:72:9f:cf:d6:0f:40:8c:44:98:09:15:4f:d6:
c8:ef:c7:52:3b:af:a1:70:5c:55:ab:b6:10:e0:12:
02:90:7c:83:65:62:87:97:53:5b:fa:f1:0e:dc:7b:
7c:47:98:00:73:12:21:42:8d:73:0c:db:43:4a:0d:
ca:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:B6:81:97:36:0A:D5:4C:2C:DE:2E:6A:90:FE:A3:D3:54:06:BA:81
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/vLaBlzYK1Uws3i5qkP6j01QGuoE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
5b:7a:f9:06:64:e1:e7:44:a5:b4:be:f3:62:d2:53:0b:28:e7:
46:09:a9:7d:63:50:aa:f3:03:89:7b:eb:d5:1e:45:1d:45:48:
6d:3e:23:ba:d8:49:2d:40:ec:e8:f5:56:07:96:a9:e5:17:b3:
5e:bf:b6:87:83:1a:78:ee:24:97:b6:31:b7:45:4d:93:e3:64:
63:35:b9:bb:26:e2:dd:c2:98:5a:9c:1f:6d:07:ca:75:76:ca:
80:e3:19:34:3e:12:a1:98:e4:d5:77:68:ea:08:49:4d:b9:8d:
fd:1f:09:f7:b8:e8:01:31:22:0c:ac:61:76:b1:12:7d:06:62:
87:6b:f7:78:20:6a:61:c5:16:2a:bc:f2:59:83:b3:0b:98:05:
f0:49:a6:e4:23:ce:eb:a8:ba:72:dc:17:bd:87:32:f5:db:0c:
0b:cb:db:f8:0c:48:a4:c5:1b:1d:f1:c5:f3:7a:d8:0a:ab:85:
27:51:26:37:f3:9b:8e:80:08:87:ac:a4:0d:4a:a4:4e:b9:fa:
ea:cd:fe:d4:bd:a0:46:41:60:82:11:07:21:63:bb:20:bb:6d:
1d:2c:b0:94:ad:b6:4c:9b:c8:58:93:26:ae:17:3b:32:e3:03:
14:33:9a:e5:f6:19:e7:86:cf:5a:6f:74:15:0d:f6:e7:a9:14:
5f:33:8d:42
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIoswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDcw
MzA4NTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJDQjY4MTk3MzYwQUQ1
NEMyQ0RFMkU2QTkwRkVBM0QzNTQwNkJBODEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8Gzh1UKe7RJrCaXf5vDtIyyOpGAWPO9uxQaABtsLuVcBkHj0x
w1zAFTi5FyHQbzKV3hoyGjumlpoR2aOHzNbr6AKLCnvujLX5iC02nqVwocy+8YCr
AsZhDCtZzbf5vH8lnT5axacEC5isEYY6sS2hr2qZP5UZje2VNlqdPBwaaYXtXKK+
xx/orZU6NEVp4WTFYkmhlSDrPyQrxC7TU05NeFcDie25pKw20DHtoBz/tZjXJUcG
HElhsnnnvu7hjJ0tsKiScp/P1g9AjESYCRVP1sjvx1I7r6FwXFWrthDgEgKQfINl
YoeXU1v68Q7ce3xHmABzEiFCjXMM20NKDcoxAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUvLaBlzYK1Uws3i5qkP6j01QGuoEwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvdkxhQmx6WUsxVXdz
M2k1cWtQNmowMVFHdW9FLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAFt6+QZk4edEpbS+82LSUwso50YJ
qX1jUKrzA4l769UeRR1FSG0+I7rYSS1A7Oj1VgeWqeUXs16/toeDGnjuJJe2MbdF
TZPjZGM1ubsm4t3CmFqcH20HynV2yoDjGTQ+EqGY5NV3aOoISU25jf0fCfe46AEx
IgysYXaxEn0GYodr93ggamHFFiq88lmDswuYBfBJpuQjzuuounLcF72HMvXbDAvL
2/gMSKTFGx3xxfN62AqrhSdRJjfzm46ACIespA1KpE65+urN/tS9oEZBYIIRByFj
uyC7bR0ssJSttkybyFiTJq4XOzLjAxQzmuX2GeeGz1pvdBUN9uepFF8zjUI=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:09:52 2025 by rpki-client