Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/vwU4o-QgZvqywibTFAtst4clKSg.roa
File: vwU4o-QgZvqywibTFAtst4clKSg.roa (raw, json)
Hash identifier: Mx+tdXiAS2nPfPaI3rVXz+9dxITMhM6gtnUJXhqn9oo=
Subject key identifier: BF:05:38:A3:E4:20:66:FA:B2:C2:26:D3:14:0B:6C:B7:87:25:29:28
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2211
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/vwU4o-QgZvqywibTFAtst4clKSg.roa
Signing time: Fri 06 Jun 2025 06:38:48 +0000
ROA not before: Fri 06 Jun 2025 06:38:48 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8721 (0x2211)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 6 06:38:48 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=BF0538A3E42066FAB2C226D3140B6CB787252928
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:00:be:6d:fa:21:06:82:ba:70:ff:e4:fa:16:
6b:9e:30:df:7b:12:3f:1c:ab:9d:77:51:d8:3c:14:
61:bc:64:ed:11:5e:b0:6c:d6:ce:a6:4b:2e:2b:8a:
56:b9:67:f5:6f:58:ac:76:ef:4e:25:29:82:61:4d:
80:38:46:51:11:f8:9d:7b:fd:04:9e:de:7e:21:40:
68:bd:01:2b:ed:79:6d:fb:77:d4:7d:e7:c3:27:b1:
44:e8:51:9e:df:62:52:8b:c8:ce:5b:0f:2f:7e:4e:
82:49:fb:e2:45:86:11:87:46:b1:7c:b4:96:4e:59:
6e:ff:fe:6e:81:9f:f3:78:23:05:31:eb:3a:3e:7c:
a9:0f:33:51:a1:db:2c:cf:24:dc:88:c1:a3:d4:26:
2d:3b:09:b0:bc:9f:ac:a7:d9:69:37:5f:fc:15:62:
f2:56:fa:03:c4:0c:b7:7e:c4:9e:64:df:5b:e9:6c:
65:a0:d2:96:6e:f5:1e:ba:bb:8a:cc:a4:c4:01:17:
1e:9a:31:8a:91:d2:46:5f:64:46:0f:2e:85:54:d2:
30:42:c1:ca:f1:59:d5:d8:91:c2:66:4c:23:35:ff:
c9:3a:9e:78:f2:f0:ca:1e:c9:34:72:22:22:3a:6f:
bc:d2:5c:79:04:91:71:b2:c3:06:0a:63:33:e3:4e:
c8:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:05:38:A3:E4:20:66:FA:B2:C2:26:D3:14:0B:6C:B7:87:25:29:28
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/vwU4o-QgZvqywibTFAtst4clKSg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
b6:74:a2:bf:ef:f7:8d:f9:77:68:65:06:2e:e3:4a:3c:67:b4:
4d:cb:c5:cf:9e:17:bf:61:fb:1d:b2:93:f5:ed:70:1b:30:85:
00:6f:9f:39:1a:1d:e9:f6:15:87:5b:6f:b7:79:93:28:b9:c4:
d4:01:39:9c:93:83:d3:d8:ee:1c:bf:8e:c0:a8:72:b6:11:39:
22:a7:9c:3c:b4:ac:19:0d:e1:bf:43:8c:9e:57:c3:be:41:7c:
85:29:54:e1:41:2c:04:7b:f8:ee:4f:2a:13:4d:96:d1:78:46:
62:b2:b2:6c:46:40:a5:62:d4:54:ab:f0:1b:db:fe:4e:20:c0:
16:35:57:25:79:34:f1:e2:f7:4a:54:f6:50:b7:45:52:29:0c:
a6:a5:ec:c2:ef:c2:73:47:dd:6e:ed:f0:eb:a6:51:7d:43:e8:
db:4f:a5:fa:fd:cc:64:a3:85:bc:38:a3:74:0e:bd:fd:ce:63:
a0:46:61:7b:8f:f0:f8:e8:21:ea:54:ef:e6:1e:a1:80:67:6d:
9c:5d:03:b8:36:16:d1:25:5c:d0:00:95:64:29:84:75:4e:72:
fd:3a:6e:0b:c6:c5:b8:f9:83:cb:57:13:eb:bd:ef:d2:d1:73:
32:b0:57:82:63:73:0f:0b:81:6b:5c:6a:79:00:1b:dc:a9:19:
cd:39:08:95
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIhEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDYw
NjM4NDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEJGMDUzOEEzRTQyMDY2
RkFCMkMyMjZEMzE0MEI2Q0I3ODcyNTI5MjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCnAL5t+iEGgrpw/+T6FmueMN97Ej8cq513Udg8FGG8ZO0RXrBs
1s6mSy4rila5Z/VvWKx2704lKYJhTYA4RlER+J17/QSe3n4hQGi9ASvteW37d9R9
58MnsUToUZ7fYlKLyM5bDy9+ToJJ++JFhhGHRrF8tJZOWW7//m6Bn/N4IwUx6zo+
fKkPM1Gh2yzPJNyIwaPUJi07CbC8n6yn2Wk3X/wVYvJW+gPEDLd+xJ5k31vpbGWg
0pZu9R66u4rMpMQBFx6aMYqR0kZfZEYPLoVU0jBCwcrxWdXYkcJmTCM1/8k6nnjy
8MoeyTRyIiI6b7zSXHkEkXGywwYKYzPjTsjvAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUvwU4o+QgZvqywibTFAtst4clKSgwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvdndVNG8tUWdadnF5
d2liVEZBdHN0NGNsS1NnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALZ0or/v9435d2hlBi7jSjxntE3L
xc+eF79h+x2yk/XtcBswhQBvnzkaHen2FYdbb7d5kyi5xNQBOZyTg9PY7hy/jsCo
crYROSKnnDy0rBkN4b9DjJ5Xw75BfIUpVOFBLAR7+O5PKhNNltF4RmKysmxGQKVi
1FSr8Bvb/k4gwBY1VyV5NPHi90pU9lC3RVIpDKal7MLvwnNH3W7t8OumUX1D6NtP
pfr9zGSjhbw4o3QOvf3OY6BGYXuP8PjoIepU7+YeoYBnbZxdA7g2FtElXNAAlWQp
hHVOcv06bgvGxbj5g8tXE+u979LRczKwV4Jjcw8LgWtcankAG9ypGc05CJU=
-----END CERTIFICATE-----
Generated at Fri Jun 20 19:14:44 2025 by rpki-client