Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/xmF77xwqntNWGwl5IIb0lQlvxYk.roa
File: xmF77xwqntNWGwl5IIb0lQlvxYk.roa (raw, json)
Hash identifier: UKZZT96d04VelxiYM0MDSzhi/+/tJuugcCSVylp45qM=
Subject key identifier: C6:61:7B:EF:1C:2A:9E:D3:56:1B:09:79:20:86:F4:95:09:6F:C5:89
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 20AB
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/xmF77xwqntNWGwl5IIb0lQlvxYk.roa
Signing time: Tue 03 Jun 2025 19:08:40 +0000
ROA not before: Tue 03 Jun 2025 19:08:40 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8363 (0x20ab)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 3 19:08:40 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C6617BEF1C2A9ED3561B09792086F495096FC589
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:64:30:71:b7:5c:ee:b0:b7:93:79:75:9d:9c:
68:9b:2d:97:a8:49:84:41:b6:25:56:e3:62:64:fc:
9c:0a:fb:ee:91:2a:8a:e9:73:31:9e:66:4e:48:a3:
29:57:a5:65:15:77:f4:1a:23:ac:7f:c2:59:a2:91:
9f:f0:17:02:5f:16:fc:18:da:7b:02:c5:37:f3:b2:
61:8a:2e:e3:0c:b6:40:25:10:dd:d1:52:59:31:24:
b3:2b:46:9c:50:b0:37:67:28:84:de:24:33:bd:1b:
ef:b4:28:53:52:d6:dd:5c:40:65:e6:2a:6d:2b:22:
3f:cf:a6:38:07:51:c5:85:b7:d8:bb:8b:f5:08:6b:
22:b4:8a:f2:68:af:04:8a:af:5a:53:10:bf:2d:34:
b6:9c:e7:c0:87:51:cd:45:36:40:dd:f3:e3:b8:ea:
1f:f8:bc:be:01:fe:a9:13:c1:41:52:2c:b9:bb:02:
61:c8:64:c6:5d:57:18:e7:28:a9:9c:30:5e:23:5a:
8b:8e:e9:69:09:0b:6c:b3:03:c3:7c:26:04:9b:40:
27:66:bd:e4:86:ae:4a:92:74:8b:b9:e8:1b:ca:00:
6f:1a:a9:8a:b0:e8:92:11:91:bb:66:13:95:d3:f9:
42:6f:0d:74:fa:4d:64:ff:73:5d:0c:dd:55:d2:9c:
e5:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:61:7B:EF:1C:2A:9E:D3:56:1B:09:79:20:86:F4:95:09:6F:C5:89
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/xmF77xwqntNWGwl5IIb0lQlvxYk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
a5:cd:82:cf:e5:bc:84:75:3a:f6:7b:61:06:76:3a:48:d3:90:
5b:bc:23:fe:50:46:11:3d:dd:65:ae:28:a9:61:c6:09:7a:b5:
86:d8:50:6d:6c:a8:9d:27:ad:e3:8a:62:c8:13:7e:b4:26:19:
1e:5f:79:da:ba:df:a6:a6:0d:29:09:96:e9:1a:98:00:45:84:
43:65:6b:ae:be:e0:08:f1:bb:19:bb:66:44:87:61:ca:bf:33:
5f:5f:b1:34:fa:1b:44:d3:88:21:ca:61:6a:74:76:59:e1:e8:
17:79:42:d1:9d:a7:36:27:67:eb:03:8b:10:82:40:bb:1c:f2:
ad:c2:fa:d6:14:38:65:eb:86:d5:44:43:ef:4c:45:3b:be:c9:
34:0c:ab:75:cc:d2:d6:3e:18:5c:db:92:eb:e6:d4:5e:df:32:
3d:0f:02:dc:11:93:27:40:2d:b1:7e:14:6f:71:83:8c:2b:e9:
0f:14:ad:a7:e5:fb:23:28:2f:db:d6:67:75:c2:ca:9f:48:71:
4b:6f:af:a3:20:6f:e1:fe:76:80:fb:f5:0e:7f:c6:76:1e:e3:
10:a3:f3:87:cc:ee:21:90:94:94:77:6e:90:f4:49:c5:19:79:
80:47:1a:50:b4:be:96:89:08:1b:f1:c8:87:42:cc:9f:0e:81:
be:90:0c:db
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIKswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDMx
OTA4NDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM2NjE3QkVGMUMyQTlF
RDM1NjFCMDk3OTIwODZGNDk1MDk2RkM1ODkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7ZDBxt1zusLeTeXWdnGibLZeoSYRBtiVW42Jk/JwK++6RKorp
czGeZk5IoylXpWUVd/QaI6x/wlmikZ/wFwJfFvwY2nsCxTfzsmGKLuMMtkAlEN3R
UlkxJLMrRpxQsDdnKITeJDO9G++0KFNS1t1cQGXmKm0rIj/PpjgHUcWFt9i7i/UI
ayK0ivJorwSKr1pTEL8tNLac58CHUc1FNkDd8+O46h/4vL4B/qkTwUFSLLm7AmHI
ZMZdVxjnKKmcMF4jWouO6WkJC2yzA8N8JgSbQCdmveSGrkqSdIu56BvKAG8aqYqw
6JIRkbtmE5XT+UJvDXT6TWT/c10M3VXSnOVVAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUxmF77xwqntNWGwl5IIb0lQlvxYkwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgveG1GNzd4d3FudE5X
R3dsNUlJYjBsUWx2eFlrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAKXNgs/lvIR1OvZ7YQZ2OkjTkFu8
I/5QRhE93WWuKKlhxgl6tYbYUG1sqJ0nreOKYsgTfrQmGR5fedq636amDSkJluka
mABFhENla66+4Ajxuxm7ZkSHYcq/M19fsTT6G0TTiCHKYWp0dlnh6Bd5QtGdpzYn
Z+sDixCCQLsc8q3C+tYUOGXrhtVEQ+9MRTu+yTQMq3XM0tY+GFzbkuvm1F7fMj0P
AtwRkydALbF+FG9xg4wr6Q8Urafl+yMoL9vWZ3XCyp9IcUtvr6Mgb+H+doD79Q5/
xnYe4xCj84fM7iGQlJR3bpD0ScUZeYBHGlC0vpaJCBvxyIdCzJ8Ogb6QDNs=
-----END CERTIFICATE-----
Generated at Sat Jun 21 15:08:21 2025 by rpki-client