Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/ytrdEpnmOhkl0-MLsaQH5Bxsgvk.roa
File: ytrdEpnmOhkl0-MLsaQH5Bxsgvk.roa (raw, json)
Hash identifier: hkZyhxDcIeUkAe2pjMhQWW+1w252qiPFe+B8HmojWJc=
Subject key identifier: CA:DA:DD:12:99:E6:3A:19:25:D3:E3:0B:B1:A4:07:E4:1C:6C:82:F9
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2672
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ytrdEpnmOhkl0-MLsaQH5Bxsgvk.roa
Signing time: Sat 14 Jun 2025 01:39:18 +0000
ROA not before: Sat 14 Jun 2025 01:39:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9842 (0x2672)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 14 01:39:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CADADD1299E63A1925D3E30BB1A407E41C6C82F9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:c9:76:29:c2:20:db:ea:b9:c0:19:a6:e1:3b:
30:46:23:4b:dd:84:cf:a2:ce:f7:fc:16:0a:f5:06:
9f:40:f1:d6:8a:b5:57:80:04:96:79:e1:45:7e:2c:
61:98:ef:69:0c:1f:cc:6a:b8:e5:4a:3c:3a:52:4c:
2b:ae:59:15:a0:cb:51:53:3c:3c:4d:e4:f8:8e:e2:
61:4a:71:13:18:16:e8:81:86:17:8e:f6:59:c0:65:
eb:e8:96:5d:8e:18:1d:a8:14:af:4a:2a:d0:33:23:
6b:56:86:36:c8:d2:08:94:f8:a3:76:dc:1e:6c:3c:
34:c4:9d:a5:e2:ba:ad:91:2d:4c:5e:d0:58:03:f1:
cb:44:d2:d6:5f:c7:03:d1:b7:51:b0:a7:6d:cf:87:
61:43:a1:ad:c9:10:08:dc:04:18:fb:d4:1b:f6:c3:
6c:fa:bd:0a:0f:7a:ef:6d:dc:1d:e1:98:09:89:ba:
78:bb:90:42:e8:c3:f4:99:72:16:fa:db:b8:6c:ba:
62:58:f2:d2:a8:de:23:ea:d7:e6:19:de:d7:41:4e:
fd:28:8a:e0:aa:e0:de:37:e0:59:04:56:8f:12:ff:
a3:e0:dc:85:2d:4d:55:09:75:e2:8d:b2:5e:55:f3:
a7:b8:c4:df:98:37:c0:b9:eb:bb:c0:e2:6e:bb:4a:
58:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:DA:DD:12:99:E6:3A:19:25:D3:E3:0B:B1:A4:07:E4:1C:6C:82:F9
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ytrdEpnmOhkl0-MLsaQH5Bxsgvk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
a7:8b:71:f1:30:8c:53:30:07:81:86:e4:50:f2:60:91:99:72:
06:81:60:de:31:fe:7c:cc:41:a0:71:47:35:8c:8f:e6:2f:6a:
36:6b:67:f2:60:1b:a1:fa:94:07:ca:b2:70:29:ee:4f:ec:d9:
97:c4:17:c0:b0:18:10:5d:8f:2f:11:b6:80:0f:a2:12:80:82:
ef:3b:a6:62:4a:11:61:6c:87:3b:1c:0e:cd:35:34:e4:ac:1b:
b3:9e:2a:44:6a:bb:61:23:b5:70:bf:37:6a:38:a5:11:0f:25:
49:70:7c:e3:05:b5:80:9b:e3:b0:45:f4:4a:ee:50:42:9a:97:
29:1a:34:79:9f:5b:73:f3:f5:f9:15:97:1c:44:a0:5f:fd:e5:
44:0c:ff:c6:9d:4b:3a:f2:5c:20:37:ff:03:7e:88:01:45:7f:
83:af:1a:4e:06:de:1b:e4:cf:a3:50:7a:b5:03:08:1f:12:74:
50:69:03:d9:52:f7:33:da:ae:81:b5:94:50:54:48:4a:02:51:
9d:dd:9a:a5:dd:95:2b:31:a8:21:4b:2d:11:8a:85:ab:71:b5:
39:83:dd:2b:35:3f:e1:54:78:8b:7f:86:3f:a6:ae:f1:fe:bc:
ef:c2:4b:d2:17:cc:fd:55:9a:27:bb:2d:38:dc:a7:62:75:4f:
e1:28:0d:12
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJnIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTQw
MTM5MThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENBREFERDEyOTlFNjNB
MTkyNUQzRTMwQkIxQTQwN0U0MUM2QzgyRjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0yXYpwiDb6rnAGabhOzBGI0vdhM+izvf8Fgr1Bp9A8daKtVeA
BJZ54UV+LGGY72kMH8xquOVKPDpSTCuuWRWgy1FTPDxN5PiO4mFKcRMYFuiBhheO
9lnAZevoll2OGB2oFK9KKtAzI2tWhjbI0giU+KN23B5sPDTEnaXiuq2RLUxe0FgD
8ctE0tZfxwPRt1Gwp23Ph2FDoa3JEAjcBBj71Bv2w2z6vQoPeu9t3B3hmAmJuni7
kELow/SZchb627hsumJY8tKo3iPq1+YZ3tdBTv0oiuCq4N434FkEVo8S/6Pg3IUt
TVUJdeKNsl5V86e4xN+YN8C567vA4m67SliDAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUytrdEpnmOhkl0+MLsaQH5BxsgvkwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgveXRyZEVwbm1PaGts
MC1NTHNhUUg1QnhzZ3ZrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAKeLcfEwjFMwB4GG5FDyYJGZcgaB
YN4x/nzMQaBxRzWMj+YvajZrZ/JgG6H6lAfKsnAp7k/s2ZfEF8CwGBBdjy8RtoAP
ohKAgu87pmJKEWFshzscDs01NOSsG7OeKkRqu2EjtXC/N2o4pREPJUlwfOMFtYCb
47BF9EruUEKalykaNHmfW3Pz9fkVlxxEoF/95UQM/8adSzryXCA3/wN+iAFFf4Ov
Gk4G3hvkz6NQerUDCB8SdFBpA9lS9zParoG1lFBUSEoCUZ3dmqXdlSsxqCFLLRGK
hatxtTmD3Ss1P+FUeIt/hj+mrvH+vO/CS9IXzP1Vmie7LTjcp2J1T+EoDRI=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:20:46 2025 by rpki-client