Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/zBXHUXOEzuYdcWoG9pUQuCjtJqY.roa
File: zBXHUXOEzuYdcWoG9pUQuCjtJqY.roa (raw, json)
Hash identifier: A2uJieaKjIn6JOM6MI2J3jVhGlbzbRfNdZbHIlN1IaM=
Subject key identifier: CC:15:C7:51:73:84:CE:E6:1D:71:6A:06:F6:95:10:B8:28:ED:26:A6
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 265D
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/zBXHUXOEzuYdcWoG9pUQuCjtJqY.roa
Signing time: Fri 13 Jun 2025 22:09:19 +0000
ROA not before: Fri 13 Jun 2025 22:09:19 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9821 (0x265d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 22:09:19 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CC15C7517384CEE61D716A06F69510B828ED26A6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:fb:c0:7a:eb:89:9e:07:03:d5:9d:10:b3:e3:
d6:a0:e2:0a:36:b0:38:fe:1f:45:33:5a:f9:07:57:
ce:52:91:46:af:6a:25:95:6b:b1:e9:9f:7b:43:f6:
90:61:53:b2:02:63:52:3d:25:aa:22:06:6b:71:4a:
20:d8:0c:2b:6c:37:03:0f:54:18:f4:6b:8a:1e:6f:
34:cf:ab:19:5c:61:c4:de:8c:5c:0c:15:cc:39:b7:
85:66:a1:db:f6:c7:cc:39:c7:a9:2f:66:be:34:69:
c6:53:e5:fe:10:fe:0f:92:9a:db:f0:55:93:7b:88:
79:38:41:e0:b0:01:94:0f:0e:8b:9f:2b:ae:f7:ac:
c6:6a:b4:20:3d:87:bb:db:80:2d:8f:ce:c5:a9:96:
a5:88:dd:98:78:33:53:9b:66:df:e9:2f:11:34:b4:
81:12:4e:47:5f:28:fe:75:b5:6b:cd:5a:bb:49:35:
e2:90:97:c5:d5:e9:f6:ad:ac:e8:11:d4:44:34:a5:
ee:17:2a:9e:1d:cf:a3:44:e6:91:9a:f4:a4:59:15:
2c:f7:70:99:1e:56:58:fe:1b:1c:33:f0:6a:60:88:
85:d0:e2:76:a9:e5:f3:47:e0:74:2a:f3:86:dd:c7:
df:ee:a2:44:72:bd:1b:f9:9c:dd:d5:2a:02:62:54:
cc:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:15:C7:51:73:84:CE:E6:1D:71:6A:06:F6:95:10:B8:28:ED:26:A6
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/zBXHUXOEzuYdcWoG9pUQuCjtJqY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
90:22:90:25:31:bc:c1:59:b7:a1:d7:ea:2a:38:92:66:29:e3:
3a:23:ae:61:2e:72:c7:dc:95:7f:23:ec:70:d4:5e:af:10:4e:
da:2c:e4:7a:86:ef:fc:ea:11:ec:84:9a:ae:19:57:4f:cd:a9:
ba:48:65:65:d4:de:49:3d:88:e5:24:da:75:da:a4:d5:e5:c9:
1d:bd:96:a1:b0:fb:90:5e:8f:10:30:d6:7e:1d:62:b6:d3:93:
e3:58:3b:c9:04:90:2d:77:2b:f7:0a:dd:bc:2e:9d:35:2a:71:
98:86:77:1a:1d:c1:76:78:07:0d:04:b5:0c:bf:27:3b:96:b0:
0b:13:12:62:17:0a:0e:52:0d:56:fc:05:be:2b:9b:98:b7:66:
11:d6:30:4f:bc:30:30:bd:48:37:32:85:a4:67:b6:fc:f5:3e:
b2:0b:6f:e0:9a:17:c7:84:79:ba:77:8a:30:cb:5c:4e:7a:89:
df:79:08:d4:98:aa:c5:fa:fe:38:ac:e7:23:66:1f:2a:1d:b6:
d9:c1:2d:f8:d1:56:d4:22:27:1a:fa:e0:63:b1:82:83:b8:18:
fd:78:0d:2c:17:2b:7e:17:56:8e:af:af:f5:30:0d:aa:c5:7f:
59:46:fc:ce:cb:d1:34:12:ab:f6:da:e1:7d:f3:03:2a:41:fa:
73:7c:1f:9d
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJl0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMy
MjA5MTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENDMTVDNzUxNzM4NENF
RTYxRDcxNkEwNkY2OTUxMEI4MjhFRDI2QTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5+8B664meBwPVnRCz49ag4go2sDj+H0UzWvkHV85SkUavaiWV
a7Hpn3tD9pBhU7ICY1I9JaoiBmtxSiDYDCtsNwMPVBj0a4oebzTPqxlcYcTejFwM
Fcw5t4Vmodv2x8w5x6kvZr40acZT5f4Q/g+SmtvwVZN7iHk4QeCwAZQPDoufK673
rMZqtCA9h7vbgC2PzsWplqWI3Zh4M1ObZt/pLxE0tIESTkdfKP51tWvNWrtJNeKQ
l8XV6fatrOgR1EQ0pe4XKp4dz6NE5pGa9KRZFSz3cJkeVlj+Gxwz8GpgiIXQ4nap
5fNH4HQq84bdx9/uokRyvRv5nN3VKgJiVMz/AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUzBXHUXOEzuYdcWoG9pUQuCjtJqYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvekJYSFVYT0V6dVlk
Y1dvRzlwVVF1Q2p0SnFZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAJAikCUxvMFZt6HX6io4kmYp4zoj
rmEucsfclX8j7HDUXq8QTtos5HqG7/zqEeyEmq4ZV0/NqbpIZWXU3kk9iOUk2nXa
pNXlyR29lqGw+5BejxAw1n4dYrbTk+NYO8kEkC13K/cK3bwunTUqcZiGdxodwXZ4
Bw0EtQy/JzuWsAsTEmIXCg5SDVb8Bb4rm5i3ZhHWME+8MDC9SDcyhaRntvz1PrIL
b+CaF8eEebp3ijDLXE56id95CNSYqsX6/jis5yNmHyodttnBLfjRVtQiJxr64GOx
goO4GP14DSwXK34XVo6vr/UwDarFf1lG/M7L0TQSq/ba4X3zAypB+nN8H50=
-----END CERTIFICATE-----
Generated at Sat Jun 21 23:20:26 2025 by rpki-client