Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/y1VBl8RPfJHQzuOpeuP3xuI6FiY.roa
File: y1VBl8RPfJHQzuOpeuP3xuI6FiY.roa (raw, json)
Hash identifier: 74fqi/XlmMDgIxD/52OEhJCKilS9O/zZBYKRa3/Z8vE=
Subject key identifier: CB:55:41:97:C4:4F:7C:91:D0:CE:E3:A9:7A:E3:F7:C6:E2:3A:16:26
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C43
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/y1VBl8RPfJHQzuOpeuP3xuI6FiY.roa
Signing time: Mon 26 May 2025 23:08:08 +0000
ROA not before: Mon 26 May 2025 23:08:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7235 (0x1c43)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 26 23:08:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CB554197C44F7C91D0CEE3A97AE3F7C6E23A1626
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:ab:5d:4d:66:c4:41:27:d9:d2:8f:dc:c4:b1:
d5:1a:f7:1b:8c:6f:3d:5c:5d:24:5c:ec:9b:67:c1:
ff:d9:fd:7a:36:66:a9:d0:45:9a:09:c2:d7:09:31:
80:fa:2d:0f:06:9c:9e:7d:92:21:a5:37:75:42:c0:
25:71:d7:4f:c4:bf:d4:a1:75:61:bd:62:08:c4:9c:
ca:cb:e4:73:5b:8b:ac:54:fb:8b:3d:60:51:6a:5b:
30:98:85:bf:91:1d:e2:b9:d3:c4:a6:49:6a:2f:26:
bc:d7:a0:ef:6c:0c:c1:71:9a:3b:bf:66:71:00:aa:
19:40:82:85:ec:06:c7:8f:c4:95:fd:58:42:4a:6d:
8e:c5:3f:da:a8:44:93:a8:29:9f:2b:01:6a:8f:79:
b4:c3:26:9b:c0:82:78:a7:c7:5f:10:2b:8c:a5:ee:
d7:a2:18:04:c1:7f:7f:d4:b7:1c:2d:b8:a5:8a:7e:
e5:f5:1a:e7:2a:45:85:44:7b:1d:e6:eb:e9:e8:44:
2d:85:05:0e:66:a6:dc:34:74:ad:0f:be:af:e4:46:
4e:f4:6b:ca:58:da:38:e6:a1:20:b0:7c:81:89:38:
dc:f9:7b:bb:0a:2f:d6:45:05:3a:78:b9:b3:a0:d1:
03:a3:e5:5d:7d:10:39:4f:e1:cf:f8:a5:ef:5c:02:
10:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:55:41:97:C4:4F:7C:91:D0:CE:E3:A9:7A:E3:F7:C6:E2:3A:16:26
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/y1VBl8RPfJHQzuOpeuP3xuI6FiY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
3b:95:6f:a4:75:1d:ca:2a:92:b2:ba:aa:d5:f0:e5:ea:84:d4:
3c:4f:56:44:0b:98:16:15:a1:de:3d:db:08:54:64:ef:62:49:
55:e5:ef:7d:f1:c2:43:ad:5c:47:72:e7:47:b9:42:cf:04:f9:
ae:b9:cc:3d:85:59:ea:5c:40:e5:ff:6a:63:16:f9:8f:1b:80:
c6:62:cc:da:ff:ea:70:b1:18:4b:11:48:72:b2:ed:19:cf:1c:
b3:a6:8f:56:0d:26:7d:33:92:18:8e:7f:95:32:73:03:2a:d3:
a3:09:2e:cd:4c:00:7e:dd:88:0a:99:72:24:ba:d8:88:c7:39:
44:76:30:27:98:b2:4f:fe:23:df:46:4f:40:b6:a4:93:02:11:
ad:75:31:b0:5b:24:df:e8:92:36:02:df:72:15:a5:1e:88:72:
b6:af:5c:88:29:89:3e:6d:9d:7b:01:cc:0c:b1:38:bf:ed:13:
0d:f7:83:78:4e:64:b7:ad:58:84:8d:ad:81:6b:c1:83:38:5e:
d9:fa:26:22:80:4d:23:ac:2c:55:74:04:81:3c:bb:ca:3e:ec:
da:ae:ef:2b:66:7e:3a:c9:f8:f2:30:48:22:53:78:7c:32:c9:
d9:d5:8b:70:9d:3e:a2:8b:c5:f2:44:51:2a:b2:c5:6a:f7:35:
c6:f6:dc:53
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHEMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MjYy
MzA4MDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENCNTU0MTk3QzQ0RjdD
OTFEMENFRTNBOTdBRTNGN0M2RTIzQTE2MjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMq11NZsRBJ9nSj9zEsdUa9xuMbz1cXSRc7Jtnwf/Z/Xo2ZqnQ
RZoJwtcJMYD6LQ8GnJ59kiGlN3VCwCVx10/Ev9ShdWG9YgjEnMrL5HNbi6xU+4s9
YFFqWzCYhb+RHeK508SmSWovJrzXoO9sDMFxmju/ZnEAqhlAgoXsBsePxJX9WEJK
bY7FP9qoRJOoKZ8rAWqPebTDJpvAgninx18QK4yl7teiGATBf3/UtxwtuKWKfuX1
GucqRYVEex3m6+noRC2FBQ5mptw0dK0Pvq/kRk70a8pY2jjmoSCwfIGJONz5e7sK
L9ZFBTp4ubOg0QOj5V19EDlP4c/4pe9cAhA/AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUy1VBl8RPfJHQzuOpeuP3xuI6FiYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgveTFWQmw4UlBmSkhR
enVPcGV1UDN4dUk2RmlZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBADuVb6R1HcoqkrK6qtXw5eqE1DxP
VkQLmBYVod492whUZO9iSVXl733xwkOtXEdy50e5Qs8E+a65zD2FWepcQOX/amMW
+Y8bgMZizNr/6nCxGEsRSHKy7RnPHLOmj1YNJn0zkhiOf5UycwMq06MJLs1MAH7d
iAqZciS62IjHOUR2MCeYsk/+I99GT0C2pJMCEa11MbBbJN/okjYC33IVpR6Icrav
XIgpiT5tnXsBzAyxOL/tEw33g3hOZLetWISNrYFrwYM4Xtn6JiKATSOsLFV0BIE8
u8o+7Nqu7ytmfjrJ+PIwSCJTeHwyydnVi3CdPqKLxfJEUSqyxWr3Ncb23FM=
-----END CERTIFICATE-----
Generated at Sat Jun 21 21:12:10 2025 by rpki-client