Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/vVAJUgEFBx-WoXMpRd5IQMGXnpo.roa
File: vVAJUgEFBx-WoXMpRd5IQMGXnpo.roa (raw, json)
Hash identifier: G97slhxGa+JBl4HZKaJ6WRzqV+CItc6IYUf7yMi/SxE=
Subject key identifier: BD:50:09:52:01:05:07:1F:96:A1:73:29:45:DE:48:40:C1:97:9E:9A
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1EC3
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/vVAJUgEFBx-WoXMpRd5IQMGXnpo.roa
Signing time: Sat 31 May 2025 09:38:29 +0000
ROA not before: Sat 31 May 2025 09:38:29 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7875 (0x1ec3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 31 09:38:29 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BD5009520105071F96A1732945DE4840C1979E9A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:78:1d:4e:66:6a:ac:82:85:6f:11:80:a5:9b:
f8:e7:32:fa:e5:ca:4e:6f:f2:f4:fb:c8:fe:d5:5d:
df:49:2f:88:70:ee:62:f4:6b:18:eb:18:7b:d2:6c:
39:d8:b4:8a:bd:1e:48:f6:c9:f5:85:7f:8d:41:73:
d2:17:9c:1c:3c:ed:d7:af:04:c1:66:33:e3:63:a6:
6c:d8:9a:aa:f8:62:6a:91:bd:23:f2:60:41:7c:ca:
9d:95:84:bd:ab:b8:30:c8:a4:c8:30:b2:47:3b:3d:
5d:99:3d:f8:3c:c8:ff:0a:1b:48:1e:50:42:23:73:
6b:30:98:47:4d:ca:35:f2:3e:57:dd:d1:28:39:3e:
9a:69:6e:9c:f6:f9:4a:b9:06:28:d5:f8:d2:95:60:
c8:b2:9d:86:20:92:fe:bd:43:22:a4:80:ad:17:75:
07:61:6b:3c:16:a9:7b:71:37:92:99:7c:91:99:d0:
f5:3f:dd:ae:9d:0a:c3:72:07:9a:e1:d6:73:96:72:
4d:ac:ad:d7:f3:1e:a3:84:d6:ea:d2:ab:c4:f2:5b:
20:f9:1b:3c:f9:34:ac:b2:62:15:71:0a:7f:db:db:
7b:31:47:f5:9e:63:fc:a6:f8:b5:2b:91:af:6b:74:
81:ac:b5:db:00:10:2e:fd:9b:f2:0a:2a:ec:fd:0b:
97:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:50:09:52:01:05:07:1F:96:A1:73:29:45:DE:48:40:C1:97:9E:9A
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/vVAJUgEFBx-WoXMpRd5IQMGXnpo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
04:d2:4e:be:18:8c:3f:6d:f6:ac:c8:84:40:d3:4f:40:ca:89:
62:a7:55:1d:8c:de:8c:df:11:22:9d:3b:c9:54:70:84:fa:82:
8b:7d:1e:23:ee:59:78:f1:2b:3b:f4:27:b0:0a:da:4b:11:d5:
e7:63:cc:f5:12:69:32:9f:b5:8d:63:ca:bd:da:66:5d:2b:a7:
ad:4f:70:20:44:56:e3:47:c0:fa:0a:f6:45:d0:77:c9:c0:92:
fa:7f:c3:eb:11:a3:80:6a:03:dd:80:c1:2e:f4:41:30:31:a2:
c9:b7:c6:b8:26:55:d0:cc:13:79:0a:2e:95:f0:b7:24:65:25:
9c:c9:7a:15:31:66:07:a3:3f:3d:53:d1:1a:7c:19:41:1f:bb:
e1:0b:0e:be:4c:f3:e3:cc:7e:42:7d:38:33:9a:21:5b:8f:04:
14:ff:18:53:89:5e:67:2d:10:1b:ee:c2:55:f4:00:56:c8:f9:
51:18:a4:b8:59:5e:a0:22:84:6b:39:e4:85:a2:99:0d:10:aa:
4a:6b:88:e4:22:a6:1a:2a:7a:24:66:47:9a:52:2d:9e:1d:6f:
a9:f4:33:1f:c6:cc:c6:22:f2:41:01:c2:d1:be:95:a5:57:35:
5e:90:60:15:2a:13:b6:1d:68:4a:4c:d4:1b:0f:46:bb:8c:6f:
cb:fb:b1:bf
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHsMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MzEw
OTM4MjlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJENTAwOTUyMDEwNTA3
MUY5NkExNzMyOTQ1REU0ODQwQzE5NzlFOUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCleB1OZmqsgoVvEYClm/jnMvrlyk5v8vT7yP7VXd9JL4hw7mL0
axjrGHvSbDnYtIq9Hkj2yfWFf41Bc9IXnBw87devBMFmM+NjpmzYmqr4YmqRvSPy
YEF8yp2VhL2ruDDIpMgwskc7PV2ZPfg8yP8KG0geUEIjc2swmEdNyjXyPlfd0Sg5
Ppppbpz2+Uq5BijV+NKVYMiynYYgkv69QyKkgK0XdQdhazwWqXtxN5KZfJGZ0PU/
3a6dCsNyB5rh1nOWck2srdfzHqOE1urSq8TyWyD5Gzz5NKyyYhVxCn/b23sxR/We
Y/ym+LUrka9rdIGstdsAEC79m/IKKuz9C5fPAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUvVAJUgEFBx+WoXMpRd5IQMGXnpowHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvdlZBSlVnRUZCeC1X
b1hNcFJkNUlRTUdYbnBvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAATSTr4YjD9t9qzIhEDTT0DKiWKn
VR2M3ozfESKdO8lUcIT6got9HiPuWXjxKzv0J7AK2ksR1edjzPUSaTKftY1jyr3a
Zl0rp61PcCBEVuNHwPoK9kXQd8nAkvp/w+sRo4BqA92AwS70QTAxosm3xrgmVdDM
E3kKLpXwtyRlJZzJehUxZgejPz1T0Rp8GUEfu+ELDr5M8+PMfkJ9ODOaIVuPBBT/
GFOJXmctEBvuwlX0AFbI+VEYpLhZXqAihGs55IWimQ0QqkpriOQiphoqeiRmR5pS
LZ4db6n0Mx/GzMYi8kEBwtG+laVXNV6QYBUqE7YdaEpM1BsPRruMb8v7sb8=
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:14:08 2025 by rpki-client