Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/y0D15eaQsGPCIjB1ArNwk1u68_A.roa
File: y0D15eaQsGPCIjB1ArNwk1u68_A.roa (raw, json)
Hash identifier: aaALDbHBvwi6Dq5A+TkNHPyyP0Ijj4E+5TXcjmcEOqk=
Subject key identifier: CB:40:F5:E5:E6:90:B0:63:C2:22:30:75:02:B3:70:93:5B:BA:F3:F0
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2133
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/y0D15eaQsGPCIjB1ArNwk1u68_A.roa
Signing time: Wed 04 Jun 2025 17:38:42 +0000
ROA not before: Wed 04 Jun 2025 17:38:42 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8499 (0x2133)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 4 17:38:42 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CB40F5E5E690B063C222307502B370935BBAF3F0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:89:d9:17:33:8c:2b:91:a9:70:44:ee:f3:a7:
eb:11:fa:b8:7b:99:bb:51:62:15:88:d4:bc:66:13:
f8:d7:69:69:6c:1d:48:9d:28:d1:56:88:67:94:9f:
22:e0:e9:1c:03:8e:83:d0:4b:df:a8:8f:03:78:e6:
4c:5d:61:57:a1:91:6c:ca:fc:5e:43:0e:7a:b4:1d:
19:bc:6b:e6:82:56:9c:4e:0a:1c:17:12:79:d6:49:
09:34:9f:04:22:5d:17:3b:6c:ba:47:21:57:78:a1:
e6:51:58:fc:46:1c:9a:72:56:86:77:e0:d9:4a:29:
a8:1c:b7:c5:d5:3a:ed:7e:23:6f:1d:45:ee:c5:ca:
40:7e:fd:8f:2e:f1:3a:aa:7d:69:13:0e:50:ee:d9:
06:f9:21:1b:29:16:f1:5c:f3:31:82:aa:08:5e:ee:
07:4e:f4:7f:9b:d0:9c:a7:06:8b:25:37:c8:c4:56:
de:a9:9e:50:b5:f1:81:70:12:e8:75:17:ae:a5:c2:
93:1e:7c:6c:56:69:82:88:2c:40:99:5c:15:8b:9d:
ec:3b:f4:37:f6:95:0c:0a:fc:16:39:e8:9f:47:59:
21:96:ea:8b:d2:35:c5:d2:8b:c3:a6:d1:99:73:39:
f7:46:99:1f:67:7e:bd:fd:26:84:53:94:78:82:06:
46:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:40:F5:E5:E6:90:B0:63:C2:22:30:75:02:B3:70:93:5B:BA:F3:F0
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/y0D15eaQsGPCIjB1ArNwk1u68_A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
4f:a5:f3:97:41:3c:91:55:e5:7d:68:27:44:01:30:ce:06:24:
68:6a:6f:31:03:d0:b3:7b:76:8c:93:a1:a4:5a:f9:c5:79:19:
70:e2:79:7c:ec:cf:3a:07:b5:f8:90:de:8b:d5:1e:a5:8f:76:
2b:d0:f5:8d:1a:90:16:5b:cd:ea:da:72:52:c1:6f:79:ff:80:
eb:91:82:47:31:c9:ca:c6:17:5d:5f:3c:d5:75:7e:3c:e0:b5:
5d:48:d8:e1:69:fd:ac:91:30:e2:f9:e0:62:b3:4c:c9:c4:b6:
f9:17:ea:63:0b:d2:58:51:df:37:c3:da:53:c1:6f:5f:56:f5:
68:20:82:7f:c9:87:6e:b7:0a:19:aa:1f:cf:36:ed:08:4b:56:
c8:14:ea:9d:56:66:5f:5e:7c:48:75:17:04:77:55:5a:88:12:
51:e6:0c:0b:53:82:ab:e2:66:21:6f:21:75:e1:4c:de:4c:90:
6a:a7:a0:2a:96:81:46:6e:a3:29:b1:54:6f:b0:82:cf:35:60:
b5:4e:32:6a:b1:a7:24:90:34:04:e1:db:33:ce:db:f0:93:1f:
eb:de:fe:ba:e0:0a:27:21:c5:0a:4c:a0:fd:e4:c4:5e:f8:4e:
cb:fc:85:94:3f:9d:90:66:67:96:c7:f1:56:95:98:0d:fe:3f:
8b:98:11:ea
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICITMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDQx
NzM4NDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENCNDBGNUU1RTY5MEIw
NjNDMjIyMzA3NTAyQjM3MDkzNUJCQUYzRjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCjidkXM4wrkalwRO7zp+sR+rh7mbtRYhWI1LxmE/jXaWlsHUid
KNFWiGeUnyLg6RwDjoPQS9+ojwN45kxdYVehkWzK/F5DDnq0HRm8a+aCVpxOChwX
EnnWSQk0nwQiXRc7bLpHIVd4oeZRWPxGHJpyVoZ34NlKKagct8XVOu1+I28dRe7F
ykB+/Y8u8TqqfWkTDlDu2Qb5IRspFvFc8zGCqghe7gdO9H+b0JynBoslN8jEVt6p
nlC18YFwEuh1F66lwpMefGxWaYKILECZXBWLnew79Df2lQwK/BY56J9HWSGW6ovS
NcXSi8Om0ZlzOfdGmR9nfr39JoRTlHiCBkYDAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUy0D15eaQsGPCIjB1ArNwk1u68/AwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgveTBEMTVlYVFzR1BD
SWpCMUFyTndrMXU2OF9BLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAE+l85dBPJFV5X1oJ0QBMM4GJGhq
bzED0LN7doyToaRa+cV5GXDieXzszzoHtfiQ3ovVHqWPdivQ9Y0akBZbzeraclLB
b3n/gOuRgkcxycrGF11fPNV1fjzgtV1I2OFp/ayRMOL54GKzTMnEtvkX6mML0lhR
3zfD2lPBb19W9Wgggn/Jh263ChmqH8827QhLVsgU6p1WZl9efEh1FwR3VVqIElHm
DAtTgqviZiFvIXXhTN5MkGqnoCqWgUZuoymxVG+wgs81YLVOMmqxpySQNATh2zPO
2/CTH+ve/rrgCichxQpMoP3kxF74Tsv8hZQ/nZBmZ5bH8VaVmA3+P4uYEeo=
-----END CERTIFICATE-----
Generated at Sun Jun 22 05:32:54 2025 by rpki-client