Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/xqFrMDgLAqbo8KPLoPOeGingLoQ.roa
File: xqFrMDgLAqbo8KPLoPOeGingLoQ.roa (raw, json)
Hash identifier: sSTPd5ZlfUPT9xpKip9Vc3aBJHhvAlfgBj5C83DtamQ=
Subject key identifier: C6:A1:6B:30:38:0B:02:A6:E8:F0:A3:CB:A0:F3:9E:1A:29:E0:2E:84
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 257A
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/xqFrMDgLAqbo8KPLoPOeGingLoQ.roa
Signing time: Thu 12 Jun 2025 08:09:16 +0000
ROA not before: Thu 12 Jun 2025 08:09:16 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9594 (0x257a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 08:09:16 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C6A16B30380B02A6E8F0A3CBA0F39E1A29E02E84
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:04:32:76:f6:1a:dc:c2:a6:1a:4a:36:d3:31:
39:ce:43:30:75:d4:3f:95:03:9c:e0:cd:7d:cd:3a:
f4:5f:e3:79:b7:d1:b9:1c:b8:3e:bf:27:25:bb:aa:
00:7d:9e:f9:84:19:9f:24:dc:8a:1d:a1:47:7d:92:
f9:2e:4b:ee:67:45:92:58:4c:f7:7a:ef:99:ca:f6:
26:08:d5:f8:e5:12:f2:54:03:e0:75:e6:ad:64:43:
2e:94:89:e0:96:1b:58:79:a0:29:11:73:04:c5:0c:
58:c0:4c:4c:9f:03:06:99:66:99:73:5c:ac:b9:fd:
31:b3:3d:e8:52:03:ec:2e:6d:86:b3:42:5f:19:d4:
ca:8c:d0:fd:52:61:4f:5e:d4:ba:44:96:b9:10:20:
d9:61:6a:f5:14:27:a4:b1:da:d1:39:fb:1e:f6:d4:
ce:45:12:ed:12:18:9f:3a:07:86:ca:33:2f:be:48:
08:30:a7:91:48:d5:b4:b5:e5:9e:d8:30:1f:e0:29:
5f:af:5d:54:41:6e:bf:b2:e0:d5:38:63:7f:35:e4:
b2:aa:c2:8a:81:65:85:0a:75:1e:35:55:92:36:88:
0f:7f:3b:b8:72:d3:24:dd:22:a4:ce:84:3b:cd:69:
56:24:50:88:5f:22:5d:0b:33:2e:6d:15:8a:2e:35:
b2:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:A1:6B:30:38:0B:02:A6:E8:F0:A3:CB:A0:F3:9E:1A:29:E0:2E:84
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/xqFrMDgLAqbo8KPLoPOeGingLoQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
32:43:00:c1:78:34:a3:fb:5c:15:7a:13:bd:08:c6:51:a9:ca:
c7:c6:90:3c:b8:ac:69:2a:39:bd:ab:d4:2f:84:be:04:34:a0:
77:68:9a:84:93:af:92:66:04:70:5a:06:21:da:36:52:5f:b7:
6d:f9:e3:15:94:0e:f0:98:c1:29:42:3a:5b:73:3f:af:74:63:
34:8b:52:59:84:21:11:73:ea:6f:b3:ab:91:c9:23:4b:4c:61:
b6:74:4e:66:ab:94:86:83:39:48:02:2b:74:9b:44:5f:8e:5b:
6e:ce:4d:72:b5:2c:ad:0d:ad:92:d2:0e:d1:8a:b0:80:5d:b4:
1d:a2:ac:55:c1:f1:87:f9:44:72:9e:80:0c:c6:d3:a6:a5:a3:
7e:5d:bf:a5:eb:07:88:6d:d7:0b:c8:4d:52:d8:f6:f6:80:89:
8a:ff:be:e9:b3:80:c1:7d:13:de:cc:25:a0:0d:ea:0d:54:df:
dd:26:ea:c7:0a:b0:07:7b:dd:3d:3c:75:ff:d6:c9:45:81:68:
e5:dc:e4:17:13:3d:bf:f6:37:38:8e:a7:55:7d:ff:ca:90:5c:
e1:84:eb:4d:61:85:f2:3d:cd:75:67:4a:13:fc:4e:b9:28:f9:
7a:65:13:25:b9:7f:c1:eb:f6:d1:b2:30:69:93:0f:6e:0c:07:
dc:84:ab:00
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJXowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIw
ODA5MTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM2QTE2QjMwMzgwQjAy
QTZFOEYwQTNDQkEwRjM5RTFBMjlFMDJFODQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCXBDJ29hrcwqYaSjbTMTnOQzB11D+VA5zgzX3NOvRf43m30bkc
uD6/JyW7qgB9nvmEGZ8k3IodoUd9kvkuS+5nRZJYTPd675nK9iYI1fjlEvJUA+B1
5q1kQy6UieCWG1h5oCkRcwTFDFjATEyfAwaZZplzXKy5/TGzPehSA+wubYazQl8Z
1MqM0P1SYU9e1LpElrkQINlhavUUJ6Sx2tE5+x721M5FEu0SGJ86B4bKMy++SAgw
p5FI1bS15Z7YMB/gKV+vXVRBbr+y4NU4Y3815LKqwoqBZYUKdR41VZI2iA9/O7hy
0yTdIqTOhDvNaVYkUIhfIl0LMy5tFYouNbJ7AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUxqFrMDgLAqbo8KPLoPOeGingLoQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgveHFGck1EZ0xBcWJv
OEtQTG9QT2VHaW5nTG9RLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBADJDAMF4NKP7XBV6E70IxlGpysfG
kDy4rGkqOb2r1C+EvgQ0oHdomoSTr5JmBHBaBiHaNlJft2354xWUDvCYwSlCOltz
P690YzSLUlmEIRFz6m+zq5HJI0tMYbZ0TmarlIaDOUgCK3SbRF+OW27OTXK1LK0N
rZLSDtGKsIBdtB2irFXB8Yf5RHKegAzG06alo35dv6XrB4ht1wvITVLY9vaAiYr/
vumzgMF9E97MJaAN6g1U390m6scKsAd73T08df/WyUWBaOXc5BcTPb/2NziOp1V9
/8qQXOGE601hhfI9zXVnShP8Trko+XplEyW5f8Hr9tGyMGmTD24MB9yEqwA=
-----END CERTIFICATE-----
Generated at Sun Jun 22 05:30:50 2025 by rpki-client