Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/zIhvIC5L0hMKAocr7AKJuMCNyz0.roa
File: zIhvIC5L0hMKAocr7AKJuMCNyz0.roa (raw, json)
Hash identifier: q1w5Mp5GE0V+uQsEQOapzg4sixIe8Eu/5ql8KDNaskU=
Subject key identifier: CC:88:6F:20:2E:4B:D2:13:0A:02:87:2B:EC:02:89:B8:C0:8D:CB:3D
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1FCB
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/zIhvIC5L0hMKAocr7AKJuMCNyz0.roa
Signing time: Mon 02 Jun 2025 05:38:37 +0000
ROA not before: Mon 02 Jun 2025 05:38:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8139 (0x1fcb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 2 05:38:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CC886F202E4BD2130A02872BEC0289B8C08DCB3D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:3a:3b:bb:92:30:06:23:53:d4:10:d8:74:b5:
c8:7f:5b:02:88:f7:2b:8f:98:dd:a1:c8:16:82:a9:
49:6b:aa:ed:a0:8f:3d:02:af:1e:7b:f2:ba:7a:ea:
41:7b:eb:ed:1a:55:4b:d5:e4:66:d7:7c:3e:b7:ca:
e9:cc:84:5f:0a:90:0c:a7:01:d2:64:45:91:a5:83:
57:88:f2:97:f4:33:7f:a6:5e:bc:35:1f:a9:21:e8:
57:62:0d:64:27:e1:bc:8a:bd:db:52:b8:86:45:39:
1b:4e:e4:ae:fe:73:88:60:e8:3e:68:f7:68:b1:f4:
ec:9c:7f:65:1e:1b:41:c2:42:44:18:c1:bc:da:b8:
5c:31:05:2c:5a:a3:5f:e3:35:da:10:49:3e:91:7a:
f2:cc:67:6f:a2:1c:fa:a5:17:61:f0:a3:4a:80:01:
ce:44:17:c0:5a:ac:0f:15:f9:fc:be:71:ec:b2:a0:
18:80:8f:84:37:ee:74:f9:fd:e9:bb:c9:47:66:02:
d4:17:48:32:8e:a0:a9:09:1b:14:22:30:80:ad:b3:
fa:ce:43:37:25:b6:5f:e5:b4:6e:ae:f0:2a:22:ad:
c9:81:a4:ed:f8:f9:c4:22:bf:12:25:68:3a:09:58:
ee:9b:0c:d3:27:ef:70:a7:d4:52:7a:8b:b1:40:14:
16:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:88:6F:20:2E:4B:D2:13:0A:02:87:2B:EC:02:89:B8:C0:8D:CB:3D
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/zIhvIC5L0hMKAocr7AKJuMCNyz0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
0b:0e:40:22:26:9d:67:b2:f4:88:c5:15:ff:ea:28:a0:ba:32:
ca:33:08:da:ad:8c:01:0c:0f:85:80:fc:ee:f1:29:85:91:25:
56:a7:77:8b:d2:d0:23:5c:61:1e:58:5c:a0:47:93:1d:2e:fe:
7b:62:e2:dd:1a:8c:cd:55:c4:2b:08:1e:5f:79:9a:25:dd:21:
36:6b:8b:0b:3a:7b:3c:34:b5:a1:d0:7e:76:0e:19:2b:70:6e:
59:c8:a7:58:d0:a2:f1:43:7e:7a:e5:da:cd:15:d3:17:6e:37:
00:8a:51:11:6b:af:f3:20:10:77:c4:be:8d:01:58:dd:39:fb:
c1:b5:c1:08:87:80:d0:f1:ca:13:ee:01:b2:83:35:a2:31:d1:
8e:2e:c7:92:b2:42:13:0b:7b:bf:5e:fb:c9:54:22:05:cd:ce:
c8:b1:50:cd:0e:5d:41:53:88:0b:66:7d:c7:7b:42:6c:2d:d5:
e3:88:5b:b4:49:ec:0c:96:05:c2:99:fa:5a:05:f2:ed:a3:75:
70:2a:31:fb:bd:a3:85:72:34:bf:a1:31:6e:1b:41:9a:d5:0a:
96:71:b6:50:a5:53:0a:7a:22:9f:47:cb:2c:ca:1c:bb:1c:1e:
a3:b0:e4:80:ea:87:d6:2b:67:02:a0:bb:f0:27:c7:91:70:b7:
3f:5e:ab:e1
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICH8swDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDIw
NTM4MzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENDODg2RjIwMkU0QkQy
MTMwQTAyODcyQkVDMDI4OUI4QzA4RENCM0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxOju7kjAGI1PUENh0tch/WwKI9yuPmN2hyBaCqUlrqu2gjz0C
rx578rp66kF76+0aVUvV5GbXfD63yunMhF8KkAynAdJkRZGlg1eI8pf0M3+mXrw1
H6kh6FdiDWQn4byKvdtSuIZFORtO5K7+c4hg6D5o92ix9Oycf2UeG0HCQkQYwbza
uFwxBSxao1/jNdoQST6RevLMZ2+iHPqlF2Hwo0qAAc5EF8BarA8V+fy+ceyyoBiA
j4Q37nT5/em7yUdmAtQXSDKOoKkJGxQiMICts/rOQzcltl/ltG6u8CoircmBpO34
+cQivxIlaDoJWO6bDNMn73Cn1FJ6i7FAFBa/AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUzIhvIC5L0hMKAocr7AKJuMCNyz0wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgveklodklDNUwwaE1L
QW9jcjdBS0p1TUNOeXowLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAAsOQCImnWey9IjFFf/qKKC6Msoz
CNqtjAEMD4WA/O7xKYWRJVand4vS0CNcYR5YXKBHkx0u/nti4t0ajM1VxCsIHl95
miXdITZriws6ezw0taHQfnYOGStwblnIp1jQovFDfnrl2s0V0xduNwCKURFrr/Mg
EHfEvo0BWN05+8G1wQiHgNDxyhPuAbKDNaIx0Y4ux5KyQhMLe79e+8lUIgXNzsix
UM0OXUFTiAtmfcd7Qmwt1eOIW7RJ7AyWBcKZ+loF8u2jdXAqMfu9o4VyNL+hMW4b
QZrVCpZxtlClUwp6Ip9HyyzKHLscHqOw5IDqh9YrZwKgu/Anx5Fwtz9eq+E=
-----END CERTIFICATE-----
Generated at Sat Jun 21 12:19:14 2025 by rpki-client