Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/yKsJ9NVKz7dNGmJIq37Glcqxbos.roa
File: yKsJ9NVKz7dNGmJIq37Glcqxbos.roa (raw, json)
Hash identifier: XxgkAhm5k5VnnLqohLz4B/4WnGLHXIunHRnNifk/kWM=
Subject key identifier: C8:AB:09:F4:D5:4A:CF:B7:4D:1A:62:48:AB:7E:C6:95:CA:B1:6E:8B
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C0D
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/yKsJ9NVKz7dNGmJIq37Glcqxbos.roa
Signing time: Mon 26 May 2025 14:08:12 +0000
ROA not before: Mon 26 May 2025 14:08:12 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7181 (0x1c0d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 26 14:08:12 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C8AB09F4D54ACFB74D1A6248AB7EC695CAB16E8B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:d1:9f:00:9f:78:b5:a1:ba:ef:d8:65:19:5c:
6c:c2:0a:3c:8c:29:e6:0c:95:60:07:57:c8:57:93:
1d:09:d6:46:ee:67:60:7a:4b:ff:7f:e3:bc:66:c2:
0c:85:9a:dc:e7:2f:4b:82:b1:fd:f7:a6:d4:f5:48:
ba:e9:74:7c:94:a3:d0:20:c9:50:de:47:e3:c5:07:
21:51:a0:3c:78:a7:17:1e:5f:4b:57:39:8c:a4:07:
b0:01:97:c3:b3:0b:1c:32:df:dc:27:4c:c3:25:df:
ee:4a:b3:2c:34:c2:ed:f6:49:71:c9:67:45:4d:34:
94:ef:b6:b7:75:e8:98:e5:8e:eb:e2:62:5a:be:56:
ce:cd:cc:3f:9c:07:2f:a7:29:4d:8d:68:56:28:32:
1d:ce:09:39:ec:f5:31:5e:5e:4a:98:49:11:93:5f:
79:02:b8:4d:ee:c2:0b:57:b4:bd:8e:88:4d:b4:18:
37:49:90:57:4d:ab:5b:3a:13:59:8e:6f:16:d8:59:
3f:dc:46:c8:ec:2d:ed:50:70:cd:71:48:69:df:92:
f3:41:ee:1b:4e:14:57:6c:ef:8b:64:af:66:9b:6a:
b2:d0:18:d9:5d:1b:02:f9:46:c0:9c:72:82:5f:19:
96:b5:00:b1:8e:bb:a4:d6:13:ae:72:e9:99:86:ec:
0d:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:AB:09:F4:D5:4A:CF:B7:4D:1A:62:48:AB:7E:C6:95:CA:B1:6E:8B
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/yKsJ9NVKz7dNGmJIq37Glcqxbos.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
3a:e0:95:08:88:5f:a9:30:ad:15:8a:66:2e:ae:be:95:3d:63:
be:ab:d4:db:c0:05:9e:13:8e:c4:14:58:8f:2c:76:38:ee:0e:
6a:09:e4:bf:c5:a6:48:8d:9f:07:c2:e4:d7:43:4b:60:24:91:
64:78:28:25:94:6f:1d:05:ad:12:b3:2c:d9:87:d6:16:12:df:
4f:92:c4:20:ea:24:99:9a:7e:14:55:b8:2e:2b:c6:e2:64:ef:
a2:e8:f9:50:6b:59:fc:e6:1e:7e:a2:18:ea:09:aa:58:11:20:
fa:55:2d:22:bb:f9:29:2a:99:b8:d4:7a:75:37:26:4d:7d:06:
f6:eb:cb:3b:34:f8:3a:28:ce:94:b5:55:1c:e8:ab:93:5f:f6:
25:70:79:73:5f:bf:31:1a:3a:db:e1:c4:3a:8f:b5:17:5b:4c:
3a:27:34:82:87:04:21:5f:66:6c:ee:bd:ac:06:7a:a2:65:df:
ac:aa:58:ed:80:98:19:9e:ee:07:3e:30:d1:db:ac:5a:e2:eb:
a0:67:39:e5:e4:a4:63:ba:f8:5e:2c:8b:94:25:42:fa:59:1f:
e2:6a:b5:1a:4a:cd:85:14:39:79:8e:0d:7b:23:c2:d2:25:d1:
23:2e:81:f6:bd:9b:7c:84:48:18:bc:b5:40:73:1e:24:36:35:
68:06:d7:c2
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHA0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MjYx
NDA4MTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEM4QUIwOUY0RDU0QUNG
Qjc0RDFBNjI0OEFCN0VDNjk1Q0FCMTZFOEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDN0Z8An3i1obrv2GUZXGzCCjyMKeYMlWAHV8hXkx0J1kbuZ2B6
S/9/47xmwgyFmtznL0uCsf33ptT1SLrpdHyUo9AgyVDeR+PFByFRoDx4pxceX0tX
OYykB7ABl8OzCxwy39wnTMMl3+5Ksyw0wu32SXHJZ0VNNJTvtrd16JjljuviYlq+
Vs7NzD+cBy+nKU2NaFYoMh3OCTns9TFeXkqYSRGTX3kCuE3uwgtXtL2OiE20GDdJ
kFdNq1s6E1mObxbYWT/cRsjsLe1QcM1xSGnfkvNB7htOFFds74tkr2abarLQGNld
GwL5RsCccoJfGZa1ALGOu6TWE65y6ZmG7A0BAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUyKsJ9NVKz7dNGmJIq37GlcqxboswHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgveUtzSjlOVkt6N2RO
R21KSXEzN0dsY3F4Ym9zLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBADrglQiIX6kwrRWKZi6uvpU9Y76r
1NvABZ4TjsQUWI8sdjjuDmoJ5L/FpkiNnwfC5NdDS2AkkWR4KCWUbx0FrRKzLNmH
1hYS30+SxCDqJJmafhRVuC4rxuJk76Lo+VBrWfzmHn6iGOoJqlgRIPpVLSK7+Skq
mbjUenU3Jk19Bvbryzs0+DoozpS1VRzoq5Nf9iVweXNfvzEaOtvhxDqPtRdbTDon
NIKHBCFfZmzuvawGeqJl36yqWO2AmBme7gc+MNHbrFri66BnOeXkpGO6+F4si5Ql
QvpZH+JqtRpKzYUUOXmODXsjwtIl0SMugfa9m3yESBi8tUBzHiQ2NWgG18I=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:54:29 2025 by rpki-client