Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/ysU0j3FEU1r1637jY0FmRbBw2_U.roa
File: ysU0j3FEU1r1637jY0FmRbBw2_U.roa (raw, json)
Hash identifier: rwU4CMA19cLZtiQTiJ3gtbnQs29dUFcGlGdXTSbUhKI=
Subject key identifier: CA:C5:34:8F:71:44:53:5A:F5:EB:7E:E3:63:41:66:45:B0:70:DB:F5
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2294
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ysU0j3FEU1r1637jY0FmRbBw2_U.roa
Signing time: Sat 07 Jun 2025 04:38:51 +0000
ROA not before: Sat 07 Jun 2025 04:38:51 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8852 (0x2294)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 7 04:38:51 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CAC5348F7144535AF5EB7EE363416645B070DBF5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:c7:ee:bc:03:0b:4d:24:61:e2:e1:02:90:4f:
36:9b:fd:4d:39:44:8b:ac:f2:36:b7:b8:e4:88:61:
3f:0d:e2:a3:bb:4c:8d:e2:55:4b:c5:3b:e9:e7:1d:
1d:e4:d2:26:32:ba:e1:8b:95:9f:cb:e4:6c:c1:2d:
fd:43:11:8e:4f:60:85:d9:d1:5a:61:35:25:ae:1c:
77:87:9a:80:65:2e:c7:2a:4f:3a:95:a9:ee:da:a0:
c0:fb:5e:ef:53:0b:5a:0b:64:06:ab:3f:f7:b7:b6:
d4:a1:3d:ec:9c:e3:09:9e:ad:a5:01:d8:0a:7a:87:
40:c6:b7:d4:e0:0f:ed:d5:f9:8a:7a:f4:dd:65:fd:
59:35:f5:ba:55:3a:73:bb:ef:ca:a0:6c:6a:8e:4d:
f9:3e:c7:2a:d7:ae:a1:37:12:58:8c:b8:1e:fd:64:
d9:2d:fe:70:7c:47:59:e7:ef:be:62:24:7b:7c:c6:
5f:c5:1d:5a:64:19:c9:ef:78:c8:34:3c:cc:1d:da:
40:75:3c:27:03:15:41:e6:61:c2:11:69:20:27:e6:
fc:0d:d1:e9:45:a9:0f:5e:95:72:04:30:f4:e5:e0:
85:08:fb:5c:6e:5a:8e:7b:68:4d:57:6f:91:23:78:
2f:79:bb:f0:b9:97:c5:76:00:e8:a7:7a:fe:32:dd:
5c:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:C5:34:8F:71:44:53:5A:F5:EB:7E:E3:63:41:66:45:B0:70:DB:F5
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ysU0j3FEU1r1637jY0FmRbBw2_U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
1a:3d:ea:0f:bc:1f:78:e0:e6:12:85:d6:ef:46:c3:20:fc:b4:
a4:c2:4f:1a:d2:93:da:05:41:fa:41:c7:4d:bb:31:4a:9e:f1:
33:27:88:bc:d0:1b:75:3e:62:b2:e5:77:41:73:16:b7:68:93:
8b:25:d0:45:3c:65:0d:55:0a:8a:29:ba:43:98:34:08:99:aa:
e5:25:d9:45:ba:7a:c9:77:5b:33:6e:f4:18:ce:9e:ca:1c:5e:
bd:14:5e:57:c5:39:80:c6:a6:f8:dd:39:6f:f6:f7:a1:9c:e1:
58:ba:81:36:9e:ed:5f:df:f2:6b:2e:04:47:5f:20:84:67:b4:
1d:11:d5:97:49:34:b5:8f:e2:8b:2e:4b:bb:93:a3:6b:6f:56:
5e:11:0a:f2:bc:df:f7:b4:c4:ee:e0:74:54:90:5d:db:3e:52:
a7:48:ee:28:5b:4d:cd:a5:d3:d4:14:5e:5a:25:88:13:4f:41:
6e:da:18:35:20:2d:5c:79:f0:e3:be:3b:3e:ee:5c:ad:98:50:
1b:17:b4:22:14:70:ff:7d:72:4c:93:83:71:38:d2:8d:86:98:
36:15:ce:2f:09:dc:89:0a:c6:08:37:29:15:65:d6:d9:88:fe:
b2:ab:41:ff:77:60:64:3a:08:61:f0:90:d8:35:9b:e9:e0:c2:
74:4c:77:71
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIpQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDcw
NDM4NTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENBQzUzNDhGNzE0NDUz
NUFGNUVCN0VFMzYzNDE2NjQ1QjA3MERCRjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8x+68AwtNJGHi4QKQTzab/U05RIus8ja3uOSIYT8N4qO7TI3i
VUvFO+nnHR3k0iYyuuGLlZ/L5GzBLf1DEY5PYIXZ0VphNSWuHHeHmoBlLscqTzqV
qe7aoMD7Xu9TC1oLZAarP/e3ttShPeyc4wmeraUB2Ap6h0DGt9TgD+3V+Yp69N1l
/Vk19bpVOnO778qgbGqOTfk+xyrXrqE3EliMuB79ZNkt/nB8R1nn775iJHt8xl/F
HVpkGcnveMg0PMwd2kB1PCcDFUHmYcIRaSAn5vwN0elFqQ9elXIEMPTl4IUI+1xu
Wo57aE1Xb5EjeC95u/C5l8V2AOinev4y3Vx3AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUysU0j3FEU1r1637jY0FmRbBw2/UwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgveXNVMGozRkVVMXIx
NjM3alkwRm1SYkJ3Ml9VLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABo96g+8H3jg5hKF1u9GwyD8tKTC
TxrSk9oFQfpBx027MUqe8TMniLzQG3U+YrLld0FzFrdok4sl0EU8ZQ1VCoopukOY
NAiZquUl2UW6esl3WzNu9BjOnsocXr0UXlfFOYDGpvjdOW/296Gc4Vi6gTae7V/f
8msuBEdfIIRntB0R1ZdJNLWP4osuS7uTo2tvVl4RCvK83/e0xO7gdFSQXds+UqdI
7ihbTc2l09QUXloliBNPQW7aGDUgLVx58OO+Oz7uXK2YUBsXtCIUcP99ckyTg3E4
0o2GmDYVzi8J3IkKxgg3KRVl1tmI/rKrQf93YGQ6CGHwkNg1m+ngwnRMd3E=
-----END CERTIFICATE-----
Generated at Sun Jun 22 11:06:32 2025 by rpki-client