Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/4fYbpNe8CQVYM5sf-n1vymbHxB8.roa
File: 4fYbpNe8CQVYM5sf-n1vymbHxB8.roa (raw, json)
Hash identifier: AnAnUofisqOZA5C22/BresBuf1+JOGJ2xmaLz1b+fPM=
Subject key identifier: E1:F6:1B:A4:D7:BC:09:05:58:33:9B:1F:FA:7D:6F:CA:66:C7:C4:1F
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 4E30
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/4fYbpNe8CQVYM5sf-n1vymbHxB8.roa
Signing time: Sun 24 Aug 2025 05:02:12 +0000
ROA not before: Sun 24 Aug 2025 05:02:12 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20016 (0x4e30)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Aug 24 05:02:12 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=E1F61BA4D7BC090558339B1FFA7D6FCA66C7C41F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:8c:ba:53:e5:cf:c1:18:8b:0b:78:30:26:d1:
db:bb:ed:62:aa:82:0b:84:9f:01:8a:55:dd:c2:f8:
da:b4:77:92:ff:5b:4a:1a:de:33:b2:8a:f7:dc:67:
a9:3c:f5:7a:76:a3:ae:9f:ed:d9:9d:96:8f:f7:16:
96:36:9a:79:7e:1f:7f:63:f0:87:66:20:f9:b2:f2:
4a:0d:c5:15:85:21:94:9f:c2:ee:d2:69:c6:9d:07:
4d:21:b1:2e:77:85:ab:f5:27:a5:e8:73:2c:02:f8:
11:ef:ab:9a:f6:93:51:ae:0a:7b:73:bc:ed:86:05:
63:e6:e2:96:5e:5d:93:be:98:10:21:e0:68:7d:f0:
c7:e8:e4:be:e4:0f:a8:0c:79:b9:e0:d1:db:6b:76:
af:1e:48:9d:2f:aa:44:6a:3d:17:6e:7f:ca:df:4d:
58:da:40:b2:69:1e:ab:fe:7d:b6:cc:c8:9a:18:5e:
c3:3a:f2:34:5d:37:59:dd:a6:ec:84:ac:fa:8f:6b:
4f:8b:c3:d0:47:fe:4c:64:87:ba:4c:49:b6:60:06:
e9:78:da:ba:fe:ca:26:95:1a:8c:aa:28:38:43:f3:
ad:b7:dd:5d:95:98:22:58:ea:4c:6b:53:07:63:a3:
41:ee:26:31:6b:b0:95:53:f5:90:60:59:54:e4:0f:
bb:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:F6:1B:A4:D7:BC:09:05:58:33:9B:1F:FA:7D:6F:CA:66:C7:C4:1F
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/4fYbpNe8CQVYM5sf-n1vymbHxB8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
69:1d:fe:f0:d4:47:a1:c8:a5:13:55:de:69:5e:5b:c6:cb:71:
5c:ea:da:64:6f:60:9d:53:87:9a:b7:b7:1d:f8:37:ea:56:4f:
db:df:28:00:9f:8f:fb:0d:f0:89:92:55:79:63:c3:c0:b5:00:
a4:db:46:17:43:c5:f6:b6:24:3d:52:83:1d:9d:0a:4a:e9:39:
fa:92:7b:4a:58:db:45:79:f7:9a:ba:47:6e:ad:8c:78:97:ca:
b7:03:2a:33:04:b7:c7:01:3a:e3:42:48:e1:5f:90:27:c7:51:
69:1b:21:29:fd:4a:fb:4d:d3:8f:f7:32:9c:40:4a:ad:0a:64:
7e:09:fd:dd:7c:85:95:5d:3a:a7:a1:88:f1:6d:c0:61:6a:71:
2d:17:c3:d6:79:7c:29:d2:6a:3e:c5:ca:03:7f:1d:d4:fb:7d:
77:c3:86:7d:bd:f2:55:de:1b:fd:66:41:a8:fe:92:57:a6:e1:
b2:48:69:08:9c:4b:27:0f:4c:42:22:7e:a4:5a:40:2b:e3:b1:
01:c8:c9:b5:cb:59:a4:c9:5f:d6:57:20:31:8d:09:19:94:61:
33:ed:bf:80:ba:4d:7b:c2:24:55:19:be:5d:8e:90:66:08:3a:
61:9c:71:24:90:75:76:6f:d9:68:ca:fc:80:79:c2:5c:78:43:
79:7f:8a:3f
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICTjAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA4MjQw
NTAyMTJaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEUxRjYxQkE0RDdCQzA5
MDU1ODMzOUIxRkZBN0Q2RkNBNjZDN0M0MUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDijLpT5c/BGIsLeDAm0du77WKqgguEnwGKVd3C+Nq0d5L/W0oa
3jOyivfcZ6k89Xp2o66f7dmdlo/3FpY2mnl+H39j8IdmIPmy8koNxRWFIZSfwu7S
acadB00hsS53hav1J6XocywC+BHvq5r2k1GuCntzvO2GBWPm4pZeXZO+mBAh4Gh9
8Mfo5L7kD6gMebng0dtrdq8eSJ0vqkRqPRduf8rfTVjaQLJpHqv+fbbMyJoYXsM6
8jRdN1ndpuyErPqPa0+Lw9BH/kxkh7pMSbZgBul42rr+yiaVGoyqKDhD86233V2V
mCJY6kxrUwdjo0HuJjFrsJVT9ZBgWVTkD7sjAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU4fYbpNe8CQVYM5sf+n1vymbHxB8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvNGZZYnBOZThDUVZZ
TTVzZi1uMXZ5bWJIeEI4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGkd/vDUR6HIpRNV3mleW8bLcVzq
2mRvYJ1Th5q3tx34N+pWT9vfKACfj/sN8ImSVXljw8C1AKTbRhdDxfa2JD1Sgx2d
CkrpOfqSe0pY20V595q6R26tjHiXyrcDKjMEt8cBOuNCSOFfkCfHUWkbISn9SvtN
04/3MpxASq0KZH4J/d18hZVdOqehiPFtwGFqcS0Xw9Z5fCnSaj7FygN/HdT7fXfD
hn298lXeG/1mQaj+klem4bJIaQicSycPTEIifqRaQCvjsQHIybXLWaTJX9ZXIDGN
CRmUYTPtv4C6TXvCJFUZvl2OkGYIOmGccSSQdXZv2WjK/IB5wlx4Q3l/ij8=
-----END CERTIFICATE-----
Generated at Sun Aug 24 11:39:42 2025 by rpki-client