Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/5BLy4S2FqC_pyYC5aBrzpX1VlQs.roa
File: 5BLy4S2FqC_pyYC5aBrzpX1VlQs.roa (raw, json)
Hash identifier: oaqkuHroTxFtAEAn/bB3VrU8s+0ixinHMWsTZXF9ZUo=
Subject key identifier: E4:12:F2:E1:2D:85:A8:2F:E9:C9:80:B9:68:1A:F3:A5:7D:55:95:0B
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 3165
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/5BLy4S2FqC_pyYC5aBrzpX1VlQs.roa
Signing time: Fri 04 Jul 2025 00:11:56 +0000
ROA not before: Fri 04 Jul 2025 00:11:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12645 (0x3165)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jul 4 00:11:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E412F2E12D85A82FE9C980B9681AF3A57D55950B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:52:b7:e3:e5:05:eb:76:4c:c3:7d:1c:ac:e0:
ba:96:f0:60:ab:ee:8d:3a:d9:d3:4c:4f:fa:df:40:
1b:96:52:3c:2b:92:82:b8:ab:85:d6:77:ab:8e:0d:
03:d0:30:08:7a:df:6c:9b:ee:ae:d7:d7:9a:fc:f7:
aa:c2:83:c9:72:0e:9f:84:cb:5d:9e:03:17:19:d1:
48:cd:f2:ed:fc:32:8c:ee:26:29:41:0a:65:e2:ae:
df:32:8e:ef:24:ad:2f:96:a7:76:fc:08:b6:fb:5d:
7b:c4:ae:cb:8f:58:25:02:ab:a1:a1:30:a1:5f:8a:
5a:9e:41:2e:1d:66:d8:eb:45:00:2c:d8:15:4b:a2:
17:95:e9:fa:98:3a:c2:80:3f:d8:63:5a:f9:94:7b:
32:cc:2f:b3:57:91:74:93:dd:5a:a7:b7:88:4e:2b:
74:49:79:d5:7f:ab:9a:31:36:17:9a:67:9a:74:78:
0b:f9:4a:78:d1:ec:05:90:5f:0b:73:8d:28:4c:60:
b7:77:da:56:95:fa:c0:25:8f:16:57:91:75:78:06:
55:67:ab:99:5f:3f:6b:43:8b:8f:81:09:56:04:5e:
e3:d3:10:13:ff:2a:9a:ef:05:21:7e:f4:06:9f:01:
11:07:7c:c9:b0:ba:0e:5d:10:e5:38:51:17:e5:27:
8c:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:12:F2:E1:2D:85:A8:2F:E9:C9:80:B9:68:1A:F3:A5:7D:55:95:0B
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/5BLy4S2FqC_pyYC5aBrzpX1VlQs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
b1:21:e4:7a:a8:93:4e:b8:6d:1a:4b:4f:1b:0e:cd:25:c1:e1:
d7:9e:2d:c7:a5:17:90:38:3c:6c:b4:3e:d6:3e:a3:f7:52:18:
73:b0:4b:0f:7d:92:d4:40:f8:59:6f:cb:27:05:76:8d:ff:7f:
6f:78:4d:79:de:84:42:47:d7:6c:f2:16:8d:2d:28:30:1f:35:
06:6b:47:2b:8a:d9:89:53:53:b5:45:35:64:77:a9:41:6f:9f:
8d:7d:66:dd:17:ec:b1:dd:44:7a:a7:bd:7d:2c:bc:25:ef:0f:
8d:7a:3e:5c:d1:01:8b:50:1f:31:06:c2:03:00:8b:3e:d2:22:
0d:9b:7c:78:f3:13:e0:b5:8a:76:74:8b:94:3c:86:94:49:9a:
0d:49:b8:ad:d5:b9:1a:16:3d:92:2b:45:e8:be:c2:b6:7e:45:
e6:85:8a:bf:65:0b:89:42:03:81:85:6b:c4:39:59:21:3c:92:
e6:66:cb:90:24:24:77:b3:fb:84:26:f0:a2:64:1e:4d:bb:a3:
da:34:4d:af:8a:14:c2:be:2d:f6:9e:59:30:32:f5:82:79:09:
04:5f:b3:1c:a5:e6:a9:dd:15:df:55:ba:05:ee:62:77:32:05:
f1:31:e6:5e:ed:ab:5e:05:f2:2d:64:5a:31:62:c5:9d:f1:96:
66:55:cd:cf
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICMWUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA3MDQw
MDExNTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEU0MTJGMkUxMkQ4NUE4
MkZFOUM5ODBCOTY4MUFGM0E1N0Q1NTk1MEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDjUrfj5QXrdkzDfRys4LqW8GCr7o062dNMT/rfQBuWUjwrkoK4
q4XWd6uODQPQMAh632yb7q7X15r896rCg8lyDp+Ey12eAxcZ0UjN8u38MozuJilB
CmXirt8yju8krS+Wp3b8CLb7XXvErsuPWCUCq6GhMKFfilqeQS4dZtjrRQAs2BVL
oheV6fqYOsKAP9hjWvmUezLML7NXkXST3Vqnt4hOK3RJedV/q5oxNheaZ5p0eAv5
SnjR7AWQXwtzjShMYLd32laV+sAljxZXkXV4BlVnq5lfP2tDi4+BCVYEXuPTEBP/
KprvBSF+9AafAREHfMmwug5dEOU4URflJ4xhAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU5BLy4S2FqC/pyYC5aBrzpX1VlQswHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvNUJMeTRTMkZxQ19w
eVlDNWFCcnpwWDFWbFFzLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALEh5Hqok064bRpLTxsOzSXB4dee
LcelF5A4PGy0PtY+o/dSGHOwSw99ktRA+FlvyycFdo3/f294TXnehEJH12zyFo0t
KDAfNQZrRyuK2YlTU7VFNWR3qUFvn419Zt0X7LHdRHqnvX0svCXvD416PlzRAYtQ
HzEGwgMAiz7SIg2bfHjzE+C1inZ0i5Q8hpRJmg1JuK3VuRoWPZIrRei+wrZ+ReaF
ir9lC4lCA4GFa8Q5WSE8kuZmy5AkJHez+4Qm8KJkHk27o9o0Ta+KFMK+LfaeWTAy
9YJ5CQRfsxyl5qndFd9VugXuYncyBfEx5l7tq14F8i1kWjFixZ3xlmZVzc8=
-----END CERTIFICATE-----
Generated at Fri Jul 4 08:17:33 2025 by rpki-client