Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/y_X_MZyk2MSiVthT14qTINSwBa8.roa
File: y_X_MZyk2MSiVthT14qTINSwBa8.roa (raw, json)
Hash identifier: 1UJehh94mb/vtrVR/iJeUQ2qd4ei/79h5WWDFrEbADU=
Subject key identifier: CB:F5:FF:31:9C:A4:D8:C4:A2:56:D8:53:D7:8A:93:20:D4:B0:05:AF
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1F2C
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/y_X_MZyk2MSiVthT14qTINSwBa8.roa
Signing time: Sun 01 Jun 2025 03:08:33 +0000
ROA not before: Sun 01 Jun 2025 03:08:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7980 (0x1f2c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 1 03:08:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CBF5FF319CA4D8C4A256D853D78A9320D4B005AF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:4e:7b:4c:23:4c:35:d9:c7:ba:9d:0d:7a:86:
81:9e:40:93:f6:18:40:e7:86:cd:28:56:0e:32:e2:
18:b7:bd:30:45:aa:85:22:09:02:0a:bf:5b:c1:d6:
15:ac:14:5b:1c:18:4e:e6:66:a5:68:3d:11:5d:6f:
d8:22:e5:50:a5:ab:8e:56:db:17:e3:c7:63:f4:42:
05:da:cd:a4:77:71:e4:6c:b8:dd:51:59:af:2e:33:
a7:2e:19:d3:88:76:71:ec:69:98:76:fc:cf:39:15:
3f:7c:18:26:47:83:86:d1:18:a0:cb:a4:e1:e7:dd:
fd:00:d6:f8:76:61:55:0e:f7:76:46:59:d2:e6:5b:
9e:37:9c:ba:72:62:28:c9:48:c4:5e:c7:0e:e3:1c:
30:66:7d:d7:45:e6:0f:86:47:9f:e6:51:d1:ad:02:
69:17:2b:d2:cd:2b:9e:64:94:01:2a:f0:7c:39:d4:
52:83:ea:31:4f:45:46:bb:f1:28:82:7c:b8:65:62:
32:98:db:63:b9:a2:d7:f1:01:29:e2:ca:11:7f:78:
41:de:8e:9e:5c:a4:8c:ec:d6:33:6e:d7:3b:3f:90:
f8:bb:d9:22:de:52:5d:db:cc:3c:91:4b:03:6d:e2:
20:76:ff:b1:71:a2:3c:11:51:b1:32:dc:89:c5:0d:
6e:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:F5:FF:31:9C:A4:D8:C4:A2:56:D8:53:D7:8A:93:20:D4:B0:05:AF
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/y_X_MZyk2MSiVthT14qTINSwBa8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
5e:21:b6:4d:ba:fc:fb:2c:5b:28:65:85:98:e5:14:df:77:79:
2b:07:e0:63:c7:2c:77:b7:5a:37:88:44:c1:99:e5:25:9e:52:
b9:81:98:c9:14:42:38:d6:46:00:12:5c:35:64:9b:b0:00:88:
0e:41:a6:6e:b4:9d:5d:06:fe:54:a3:eb:ae:ff:ef:f4:f3:73:
de:68:c5:dc:01:90:3c:39:4a:4b:09:c5:1e:87:18:d3:35:ab:
b6:6f:c3:f1:27:c8:35:b6:d6:fc:19:82:fe:95:a1:cf:e4:31:
58:20:3a:69:62:b2:0d:5e:0e:08:7c:03:9c:fb:5b:16:4d:88:
29:9a:bd:2b:f4:07:bd:78:a1:e4:c9:97:fb:1d:33:cd:15:f7:
9f:18:82:bf:3d:f2:8a:7b:92:c0:a5:b5:88:38:a0:5e:b0:a5:
7f:9d:75:56:ad:c2:d8:a5:17:79:56:61:ac:ac:36:eb:1f:08:
a7:93:15:8a:9a:dd:fb:dc:42:19:ba:cd:29:d5:3c:b1:17:a6:
81:43:e8:01:d5:7a:18:08:70:61:de:37:78:52:68:aa:c8:2b:
64:40:86:8a:b1:96:1b:e8:a7:c9:41:05:ed:f5:29:7a:ac:23:
87:6c:bd:dd:02:c6:f3:a3:63:38:fd:14:a1:69:cc:c1:7c:3b:
60:b9:42:23
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHywwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDEw
MzA4MzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENCRjVGRjMxOUNBNEQ4
QzRBMjU2RDg1M0Q3OEE5MzIwRDRCMDA1QUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqTntMI0w12ce6nQ16hoGeQJP2GEDnhs0oVg4y4hi3vTBFqoUi
CQIKv1vB1hWsFFscGE7mZqVoPRFdb9gi5VClq45W2xfjx2P0QgXazaR3ceRsuN1R
Wa8uM6cuGdOIdnHsaZh2/M85FT98GCZHg4bRGKDLpOHn3f0A1vh2YVUO93ZGWdLm
W543nLpyYijJSMRexw7jHDBmfddF5g+GR5/mUdGtAmkXK9LNK55klAEq8Hw51FKD
6jFPRUa78SiCfLhlYjKY22O5otfxASniyhF/eEHejp5cpIzs1jNu1zs/kPi72SLe
Ul3bzDyRSwNt4iB2/7FxojwRUbEy3InFDW4JAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUy/X/MZyk2MSiVthT14qTINSwBa8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgveV9YX01aeWsyTVNp
VnRoVDE0cVRJTlN3QmE4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAF4htk26/PssWyhlhZjlFN93eSsH
4GPHLHe3WjeIRMGZ5SWeUrmBmMkUQjjWRgASXDVkm7AAiA5Bpm60nV0G/lSj667/
7/Tzc95oxdwBkDw5SksJxR6HGNM1q7Zvw/EnyDW21vwZgv6Voc/kMVggOmlisg1e
Dgh8A5z7WxZNiCmavSv0B714oeTJl/sdM80V958Ygr898op7ksCltYg4oF6wpX+d
dVatwtilF3lWYaysNusfCKeTFYqa3fvcQhm6zSnVPLEXpoFD6AHVehgIcGHeN3hS
aKrIK2RAhoqxlhvop8lBBe31KXqsI4dsvd0CxvOjYzj9FKFpzMF8O2C5QiM=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:18:35 2025 by rpki-client