Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/yH9N97x76gwsti68u1xA_8eQuSQ.roa
File: yH9N97x76gwsti68u1xA_8eQuSQ.roa (raw, json)
Hash identifier: UuTTV8HntipWyqlGMUKirNJ8XVEwRgW2cNSKEtSZH/M=
Subject key identifier: C8:7F:4D:F7:BC:7B:EA:0C:2C:B6:2E:BC:BB:5C:40:FF:C7:90:B9:24
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1BF8
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/yH9N97x76gwsti68u1xA_8eQuSQ.roa
Signing time: Mon 26 May 2025 10:38:05 +0000
ROA not before: Mon 26 May 2025 10:38:05 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7160 (0x1bf8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 26 10:38:05 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C87F4DF7BC7BEA0C2CB62EBCBB5C40FFC790B924
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:81:4f:56:2f:77:31:af:98:7a:7b:ed:e4:eb:
9f:c7:e8:93:95:c5:79:11:e4:18:6c:c5:4c:0f:bb:
8a:6f:40:60:ef:36:6f:48:07:ef:8f:bb:fe:a3:c5:
cd:d0:d7:27:a4:f1:d0:59:bc:de:5a:1d:e7:ed:4a:
9b:dc:be:ca:13:e0:88:45:e3:62:54:0b:86:12:44:
0f:dd:5c:f4:6f:53:8b:bd:86:dd:d7:30:08:89:5f:
5f:23:80:f4:f9:3d:ef:32:ac:4c:af:d5:d0:bd:ac:
40:0e:54:9f:5b:92:29:d9:ca:bb:33:3b:dd:b3:36:
2d:a7:e9:97:d3:5d:22:85:bf:86:cd:88:c0:eb:32:
03:94:51:fb:ad:26:25:72:31:04:a0:da:a9:2d:06:
ad:7d:10:65:a3:33:49:5f:32:06:08:3d:ff:1a:0f:
48:eb:7e:a1:14:dd:bc:55:42:18:c8:ae:6e:8a:fa:
03:b0:25:37:ff:8c:92:b1:1f:df:51:ba:2e:5d:9e:
86:50:6f:18:87:85:ca:92:42:f3:82:80:b4:33:fb:
62:83:1f:e6:e1:df:6d:30:91:f3:d6:fc:04:d9:95:
5b:3e:d8:13:88:c0:4d:f4:f6:de:72:07:f7:40:c1:
d5:d0:2a:51:bf:d8:bb:e9:c5:89:46:f3:c4:bc:26:
6e:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:7F:4D:F7:BC:7B:EA:0C:2C:B6:2E:BC:BB:5C:40:FF:C7:90:B9:24
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/yH9N97x76gwsti68u1xA_8eQuSQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
8d:f0:24:65:66:eb:a8:4e:32:a2:ff:e3:3c:32:9f:1e:d6:b8:
ab:8d:ff:a2:28:6c:c9:47:2c:89:22:6a:1f:e5:0a:dd:ae:ca:
4f:c6:da:0e:a7:37:2e:ee:a0:36:b3:d4:af:49:90:06:34:8d:
84:bc:39:a8:04:92:12:5d:dd:98:99:6b:a7:e0:a1:03:62:3b:
67:0d:1b:4a:a6:fc:45:4e:a5:e8:ff:fa:61:24:18:f9:87:17:
ed:68:06:0e:d6:6b:47:94:dd:3a:9d:c0:2d:93:af:5f:f8:fe:
03:60:c1:2f:b3:5a:dc:b9:37:7c:c1:c4:15:c1:3d:c8:31:35:
c5:aa:4d:be:89:2a:fe:9a:55:9b:18:a3:54:5e:d7:de:97:96:
ab:56:34:fd:4f:1b:09:39:ef:3a:c5:b2:18:ab:5e:4a:0e:7d:
33:0f:02:41:0f:4d:57:dc:b3:6d:43:c0:db:db:6c:b5:fb:f0:
f8:51:54:3f:52:29:a2:fd:09:be:76:fa:4f:7e:d9:8a:a8:a2:
9a:41:c9:71:f9:88:54:63:88:1c:ed:1a:76:ac:ab:f2:a4:96:
74:ea:c9:b9:9b:c2:7e:a4:a5:bd:a4:fd:dd:8a:ac:97:33:88:
4a:4a:bc:af:79:f8:be:8a:93:0a:56:8a:49:a9:3b:30:56:90:
0e:06:4b:92
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICG/gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MjYx
MDM4MDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM4N0Y0REY3QkM3QkVB
MEMyQ0I2MkVCQ0JCNUM0MEZGQzc5MEI5MjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCgU9WL3cxr5h6e+3k65/H6JOVxXkR5BhsxUwPu4pvQGDvNm9I
B++Pu/6jxc3Q1yek8dBZvN5aHeftSpvcvsoT4IhF42JUC4YSRA/dXPRvU4u9ht3X
MAiJX18jgPT5Pe8yrEyv1dC9rEAOVJ9bkinZyrszO92zNi2n6ZfTXSKFv4bNiMDr
MgOUUfutJiVyMQSg2qktBq19EGWjM0lfMgYIPf8aD0jrfqEU3bxVQhjIrm6K+gOw
JTf/jJKxH99Rui5dnoZQbxiHhcqSQvOCgLQz+2KDH+bh320wkfPW/ATZlVs+2BOI
wE309t5yB/dAwdXQKlG/2LvpxYlG88S8Jm7xAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUyH9N97x76gwsti68u1xA/8eQuSQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgveUg5Tjk3eDc2Z3dz
dGk2OHUxeEFfOGVRdVNRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAI3wJGVm66hOMqL/4zwynx7WuKuN
/6IobMlHLIkiah/lCt2uyk/G2g6nNy7uoDaz1K9JkAY0jYS8OagEkhJd3ZiZa6fg
oQNiO2cNG0qm/EVOpej/+mEkGPmHF+1oBg7Wa0eU3TqdwC2Tr1/4/gNgwS+zWty5
N3zBxBXBPcgxNcWqTb6JKv6aVZsYo1Re196XlqtWNP1PGwk57zrFshirXkoOfTMP
AkEPTVfcs21DwNvbbLX78PhRVD9SKaL9Cb52+k9+2YqooppByXH5iFRjiBztGnas
q/KklnTqybmbwn6kpb2k/d2KrJcziEpKvK95+L6KkwpWikmpOzBWkA4GS5I=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:37:01 2025 by rpki-client