Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/vbdn3cRv5Agrg4eDJTJ1QiR6_Fk.roa
File: vbdn3cRv5Agrg4eDJTJ1QiR6_Fk.roa (raw, json)
Hash identifier: yLEhLC1jbLifzhD2cGEhnhwT0pLGzIL6GGygrKBE0YU=
Subject key identifier: BD:B7:67:DD:C4:6F:E4:08:2B:83:87:83:25:32:75:42:24:7A:FC:59
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 20C7
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/vbdn3cRv5Agrg4eDJTJ1QiR6_Fk.roa
Signing time: Tue 03 Jun 2025 23:38:40 +0000
ROA not before: Tue 03 Jun 2025 23:38:40 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8391 (0x20c7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 3 23:38:40 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BDB767DDC46FE4082B83878325327542247AFC59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:58:5f:71:9b:37:db:24:e4:84:94:33:ef:7e:
28:06:f3:d6:02:a2:cd:a6:ef:6b:1b:61:3c:a9:11:
e5:df:c8:b0:f5:41:34:81:78:2c:4f:87:c2:a0:2d:
d7:32:e2:93:31:66:84:30:9e:79:69:b8:31:95:36:
8c:b7:f0:38:cc:9d:08:7c:77:ea:f7:4b:1b:6c:21:
1d:de:46:44:11:fc:a0:14:7c:82:11:82:23:4d:90:
f6:15:22:a1:6f:83:ce:64:4c:bb:8c:f2:eb:b2:c0:
be:13:85:1a:23:e1:28:14:57:3c:9a:98:ca:89:bc:
6e:61:24:5e:4b:f4:18:6d:58:ea:89:fb:8c:3f:52:
f9:89:8a:cc:a7:f1:ca:f0:33:f5:29:a8:be:2c:84:
a1:70:ca:28:e0:30:42:ca:88:75:64:00:5f:c9:d1:
89:0c:b1:94:64:3c:37:fe:d0:25:77:ab:0e:69:12:
73:02:98:ea:15:e9:78:85:b4:92:be:3b:3d:37:9f:
9c:58:7c:6b:37:e0:3b:53:08:b1:04:7b:9f:6b:d8:
a7:84:80:39:b1:e0:02:17:ce:71:a1:0c:fa:58:a0:
77:f7:af:3c:2f:9f:5c:c9:e7:6b:cf:9f:72:ce:49:
19:4a:0e:5b:2a:dd:be:41:2e:6b:d3:2d:44:bc:4d:
28:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:B7:67:DD:C4:6F:E4:08:2B:83:87:83:25:32:75:42:24:7A:FC:59
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/vbdn3cRv5Agrg4eDJTJ1QiR6_Fk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
7a:cc:8d:21:44:d2:10:0a:d0:94:00:77:1f:e0:e9:e6:56:4f:
69:b4:64:a7:2d:35:cc:95:7b:cd:23:5a:76:58:3a:54:74:c8:
75:f7:d4:ec:bf:cc:3d:f5:57:98:33:37:5e:48:11:46:70:e4:
12:1f:e2:05:af:c2:67:eb:ca:d0:34:e9:18:86:31:be:9f:15:
85:f8:15:cc:2c:40:1b:f2:7f:5f:ab:26:ba:a3:a5:df:77:41:
b4:b1:a8:33:15:53:10:e3:f4:96:9a:bb:33:5d:83:c9:75:96:
a5:f1:1b:bd:c3:bc:ef:19:e4:17:9f:e8:e4:47:21:00:44:29:
9b:4c:2c:e3:4c:21:29:1a:e0:cf:e2:d4:b8:49:20:06:96:a6:
42:49:33:f1:cb:c9:5b:13:8b:12:6e:f3:3f:7c:86:0d:ab:af:
89:e3:c4:49:ce:56:23:71:43:0e:54:17:8c:9f:c6:a6:b1:d1:
6e:c2:6b:7a:2c:54:a1:79:b0:03:8d:f8:74:7f:09:ea:94:9a:
c3:b0:43:a5:4b:5b:00:2f:e9:ae:94:df:13:58:68:f5:1a:80:
8f:57:d0:84:0c:dd:58:18:9a:40:12:19:cb:b5:70:8b:13:d1:
21:75:70:9f:a4:f4:cd:96:3a:a0:ce:f3:12:19:81:d8:89:45:
20:b5:8f:ba
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIMcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDMy
MzM4NDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJEQjc2N0REQzQ2RkU0
MDgyQjgzODc4MzI1MzI3NTQyMjQ3QUZDNTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwWF9xmzfbJOSElDPvfigG89YCos2m72sbYTypEeXfyLD1QTSB
eCxPh8KgLdcy4pMxZoQwnnlpuDGVNoy38DjMnQh8d+r3SxtsIR3eRkQR/KAUfIIR
giNNkPYVIqFvg85kTLuM8uuywL4ThRoj4SgUVzyamMqJvG5hJF5L9BhtWOqJ+4w/
UvmJisyn8crwM/UpqL4shKFwyijgMELKiHVkAF/J0YkMsZRkPDf+0CV3qw5pEnMC
mOoV6XiFtJK+Oz03n5xYfGs34DtTCLEEe59r2KeEgDmx4AIXznGhDPpYoHf3rzwv
n1zJ52vPn3LOSRlKDlsq3b5BLmvTLUS8TShlAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUvbdn3cRv5Agrg4eDJTJ1QiR6/FkwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvdmJkbjNjUnY1QWdy
ZzRlREpUSjFRaVI2X0ZrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAHrMjSFE0hAK0JQAdx/g6eZWT2m0
ZKctNcyVe80jWnZYOlR0yHX31Oy/zD31V5gzN15IEUZw5BIf4gWvwmfrytA06RiG
Mb6fFYX4FcwsQBvyf1+rJrqjpd93QbSxqDMVUxDj9JaauzNdg8l1lqXxG73DvO8Z
5Bef6ORHIQBEKZtMLONMISka4M/i1LhJIAaWpkJJM/HLyVsTixJu8z98hg2rr4nj
xEnOViNxQw5UF4yfxqax0W7Ca3osVKF5sAON+HR/CeqUmsOwQ6VLWwAv6a6U3xNY
aPUagI9X0IQM3VgYmkASGcu1cIsT0SF1cJ+k9M2WOqDO8xIZgdiJRSC1j7o=
-----END CERTIFICATE-----
Generated at Sun Jun 22 08:09:14 2025 by rpki-client