Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/wqC9OclIJ0Orl6FWL1W_8j4EJXg.roa
File: wqC9OclIJ0Orl6FWL1W_8j4EJXg.roa (raw, json)
Hash identifier: hhWGWdUPGUG6lCdknMJ0MHis8wtZXsIAjAHjxjhRbck=
Subject key identifier: C2:A0:BD:39:C9:48:27:43:AB:97:A1:56:2F:55:BF:F2:3E:04:25:78
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 26EB
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/wqC9OclIJ0Orl6FWL1W_8j4EJXg.roa
Signing time: Sat 14 Jun 2025 21:39:33 +0000
ROA not before: Sat 14 Jun 2025 21:39:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9963 (0x26eb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 14 21:39:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C2A0BD39C9482743AB97A1562F55BFF23E042578
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:ac:ac:f8:79:45:fe:80:9b:bb:92:dc:72:3d:
58:75:49:ac:cb:8b:44:9c:be:d2:80:c8:00:72:63:
0a:cf:0c:5c:8a:b8:45:b3:67:eb:f6:ea:02:6b:6a:
3c:97:01:c4:0d:0d:6d:f0:f0:64:a5:5b:34:dc:e1:
c2:ce:37:a1:e8:7c:30:b4:a6:41:96:82:37:ee:2c:
ed:90:f5:9d:ca:53:68:37:4b:31:cc:b9:ee:cc:a4:
2e:cb:c5:9b:cb:7d:ed:be:b4:14:65:30:cf:31:12:
ee:93:a0:a7:f0:bf:fe:46:09:80:ae:e5:c8:31:83:
eb:f5:f1:fd:69:a9:c8:4d:53:ce:fe:c4:1e:25:fc:
6f:5b:c4:7b:e1:02:81:49:08:82:bb:49:5d:47:ad:
1b:b0:05:da:61:7f:ff:26:7d:ad:43:13:e4:fd:ec:
01:54:a6:11:1e:af:23:5a:09:0a:f8:cb:76:4d:a2:
fa:e8:97:26:37:43:9f:82:1d:fe:0c:4d:b9:e9:97:
6e:bf:a1:46:74:af:ba:8d:08:fb:aa:38:6d:5b:bf:
f4:e5:1a:2e:f8:94:70:14:ed:03:d0:4d:2d:8e:4c:
cf:47:47:e5:04:1e:2e:19:61:54:79:81:8b:f5:cc:
8d:90:97:60:ae:2b:77:e7:d6:15:3b:44:f5:51:73:
99:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:A0:BD:39:C9:48:27:43:AB:97:A1:56:2F:55:BF:F2:3E:04:25:78
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/wqC9OclIJ0Orl6FWL1W_8j4EJXg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
16:82:c1:25:41:c9:7e:24:c8:65:76:66:1e:39:93:92:af:9b:
96:c4:b7:b8:52:8b:46:50:25:44:00:80:44:aa:c0:17:e9:f5:
e5:03:dd:3c:2e:33:a9:e9:3c:2a:d6:bf:d0:71:e5:57:94:06:
d4:87:b8:4f:53:d8:a3:c6:4e:20:2c:00:f4:f3:9a:f0:6f:f8:
94:2c:34:ac:de:5a:22:9d:3c:ba:55:34:3a:4d:54:a9:d0:59:
f1:e5:61:0c:fb:c1:2a:b5:2e:a7:60:f7:23:ab:da:42:b8:b2:
c5:78:15:ea:23:dd:40:d8:72:86:aa:06:4a:1e:60:35:90:04:
7f:0d:de:a2:0b:47:61:32:8e:e8:c7:e4:b5:1d:2b:e8:7e:d7:
f9:4c:94:e7:1c:22:b0:d2:d9:0d:43:b3:b6:49:82:0b:5b:06:
43:21:7c:dc:62:e4:0a:4f:24:3a:4c:52:6d:a0:b4:6b:27:cd:
51:d1:e1:7d:26:ba:e1:ec:b8:89:11:d0:fe:57:c2:54:ad:c3:
ac:6e:db:7f:c5:4a:ec:be:9c:a3:92:3d:80:a8:45:52:8a:7f:
80:93:12:95:ad:e3:cf:95:39:04:89:54:43:01:a8:b5:bb:32:
80:1a:6f:03:18:22:c2:54:6b:b0:ad:4e:20:b8:51:7c:1c:97:
c0:e4:3e:98
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJuswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTQy
MTM5MzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEMyQTBCRDM5Qzk0ODI3
NDNBQjk3QTE1NjJGNTVCRkYyM0UwNDI1NzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9rKz4eUX+gJu7ktxyPVh1SazLi0ScvtKAyAByYwrPDFyKuEWz
Z+v26gJrajyXAcQNDW3w8GSlWzTc4cLON6HofDC0pkGWgjfuLO2Q9Z3KU2g3SzHM
ue7MpC7LxZvLfe2+tBRlMM8xEu6ToKfwv/5GCYCu5cgxg+v18f1pqchNU87+xB4l
/G9bxHvhAoFJCIK7SV1HrRuwBdphf/8mfa1DE+T97AFUphEeryNaCQr4y3ZNovro
lyY3Q5+CHf4MTbnpl26/oUZ0r7qNCPuqOG1bv/TlGi74lHAU7QPQTS2OTM9HR+UE
Hi4ZYVR5gYv1zI2Ql2CuK3fn1hU7RPVRc5mzAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUwqC9OclIJ0Orl6FWL1W/8j4EJXgwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvd3FDOU9jbElKME9y
bDZGV0wxV184ajRFSlhnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABaCwSVByX4kyGV2Zh45k5Kvm5bE
t7hSi0ZQJUQAgESqwBfp9eUD3TwuM6npPCrWv9Bx5VeUBtSHuE9T2KPGTiAsAPTz
mvBv+JQsNKzeWiKdPLpVNDpNVKnQWfHlYQz7wSq1Lqdg9yOr2kK4ssV4Feoj3UDY
coaqBkoeYDWQBH8N3qILR2EyjujH5LUdK+h+1/lMlOccIrDS2Q1Ds7ZJggtbBkMh
fNxi5ApPJDpMUm2gtGsnzVHR4X0muuHsuIkR0P5XwlStw6xu23/FSuy+nKOSPYCo
RVKKf4CTEpWt48+VOQSJVEMBqLW7MoAabwMYIsJUa7CtTiC4UXwcl8DkPpg=
-----END CERTIFICATE-----
Generated at Fri Jun 20 22:47:30 2025 by rpki-client