Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/5yr5L3nP7zpUKkq3ZBRVF2RcPUg.roa
File: 5yr5L3nP7zpUKkq3ZBRVF2RcPUg.roa (raw, json)
Hash identifier: yEDfY7McROadWH4oR9GmhOS1V9+LaJWLyJJa1pqksvI=
Subject key identifier: E7:2A:F9:2F:79:CF:EF:3A:54:2A:4A:B7:64:14:55:17:64:5C:3D:48
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 31AC
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/5yr5L3nP7zpUKkq3ZBRVF2RcPUg.roa
Signing time: Fri 04 Jul 2025 12:11:52 +0000
ROA not before: Fri 04 Jul 2025 12:11:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12716 (0x31ac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jul 4 12:11:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E72AF92F79CFEF3A542A4AB764145517645C3D48
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:6b:c3:ea:f7:66:47:fb:36:66:09:9c:26:4e:
57:9a:80:18:68:97:dc:0b:d5:67:2c:ac:63:75:09:
d9:96:4c:80:ef:74:c6:2f:3d:2b:cb:0b:7b:03:83:
fb:52:2a:0e:57:35:68:2d:3a:2e:9a:50:4e:18:90:
b1:12:8d:96:00:d5:94:32:b8:d5:3d:a5:06:4d:86:
b3:ea:49:6a:bc:b6:61:ae:d9:98:85:eb:b4:9b:b6:
4e:25:89:fe:b9:9b:4d:04:7a:b1:c2:28:ff:bc:3c:
8d:d9:b9:0d:6c:63:b7:a9:82:94:a0:ba:0c:34:bc:
05:29:2a:b1:74:31:6f:9d:ac:b9:69:b4:1a:50:28:
19:3a:a1:1a:92:18:2a:05:dd:ea:85:a3:31:69:88:
6d:c4:51:4d:6e:0a:c2:b5:f3:9b:87:ce:ea:9e:45:
a4:1f:31:4f:8c:c4:de:7e:b3:3c:12:9a:bf:7c:06:
a0:ab:f4:17:58:2c:d7:e9:7c:51:05:9f:bc:53:e7:
40:9a:38:df:1c:b5:0a:1c:2c:51:a4:e4:4a:57:bc:
f4:35:f7:56:fb:4d:26:12:58:f5:8a:96:df:bb:5f:
2d:01:df:1e:6a:08:bb:e5:79:45:7c:75:89:b6:3a:
94:c2:be:54:76:a8:81:45:72:a5:4c:81:8c:fb:de:
47:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:2A:F9:2F:79:CF:EF:3A:54:2A:4A:B7:64:14:55:17:64:5C:3D:48
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/5yr5L3nP7zpUKkq3ZBRVF2RcPUg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
85:c9:1f:dd:c9:1b:11:b1:c5:08:16:69:ba:b7:c5:dc:29:d4:
5c:de:7f:62:5a:c1:9a:f1:ac:98:e4:1e:a4:3c:be:e9:ab:cb:
06:8f:1b:4f:ba:d2:28:cb:ba:72:76:cd:85:65:e8:5b:8a:ee:
62:12:f4:6f:80:e2:f6:26:a8:d0:d5:f2:c5:58:28:b3:b1:bb:
a7:1a:ed:9b:85:3f:d7:6d:98:44:8d:ed:db:4c:02:fc:23:a5:
82:f5:c8:11:e4:99:f8:f1:4d:88:69:d4:80:89:76:57:dd:ec:
05:f9:9c:f4:07:78:7e:01:c7:f9:6d:ac:10:95:36:25:fb:85:
18:bb:f3:a1:92:d1:31:30:2b:e0:1a:ab:02:eb:0a:5d:01:ab:
e6:be:55:6a:2c:cb:7f:4f:ba:9a:fd:9f:db:86:cb:61:bd:e1:
df:c4:a6:53:88:c5:d7:b6:99:8e:c7:9d:da:82:d0:01:21:0f:
bc:9d:7c:1d:ca:24:00:fa:a5:ac:94:0b:f8:3c:22:e9:4d:4f:
e3:a2:1e:3c:ab:17:cb:7c:de:eb:ce:97:35:36:12:5d:7b:36:
05:81:22:a5:a7:ab:3f:9b:eb:69:d9:ef:aa:05:84:7b:10:4c:
46:c5:9d:58:c3:d7:27:9b:fc:96:fc:9a:4e:23:93:dd:e3:f6:
76:ff:af:08
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICMawwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA3MDQx
MjExNTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEU3MkFGOTJGNzlDRkVG
M0E1NDJBNEFCNzY0MTQ1NTE3NjQ1QzNENDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqa8Pq92ZH+zZmCZwmTleagBhol9wL1WcsrGN1CdmWTIDvdMYv
PSvLC3sDg/tSKg5XNWgtOi6aUE4YkLESjZYA1ZQyuNU9pQZNhrPqSWq8tmGu2ZiF
67Sbtk4lif65m00EerHCKP+8PI3ZuQ1sY7epgpSgugw0vAUpKrF0MW+drLlptBpQ
KBk6oRqSGCoF3eqFozFpiG3EUU1uCsK185uHzuqeRaQfMU+MxN5+szwSmr98BqCr
9BdYLNfpfFEFn7xT50CaON8ctQocLFGk5EpXvPQ191b7TSYSWPWKlt+7Xy0B3x5q
CLvleUV8dYm2OpTCvlR2qIFFcqVMgYz73kd5AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU5yr5L3nP7zpUKkq3ZBRVF2RcPUgwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvNXlyNUwzblA3enBV
S2txM1pCUlZGMlJjUFVnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAIXJH93JGxGxxQgWabq3xdwp1Fze
f2JawZrxrJjkHqQ8vumrywaPG0+60ijLunJ2zYVl6FuK7mIS9G+A4vYmqNDV8sVY
KLOxu6ca7ZuFP9dtmESN7dtMAvwjpYL1yBHkmfjxTYhp1ICJdlfd7AX5nPQHeH4B
x/ltrBCVNiX7hRi786GS0TEwK+AaqwLrCl0Bq+a+VWosy39Pupr9n9uGy2G94d/E
plOIxde2mY7HndqC0AEhD7ydfB3KJAD6payUC/g8IulNT+OiHjyrF8t83uvOlzU2
El17NgWBIqWnqz+b62nZ76oFhHsQTEbFnVjD1yeb/Jb8mk4jk93j9nb/rwg=
-----END CERTIFICATE-----
Generated at Fri Jul 4 20:23:01 2025 by rpki-client