Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/8ZM2qaHuDy4DdRLKixRYS90OShY.roa
File: 8ZM2qaHuDy4DdRLKixRYS90OShY.roa (raw, json)
Hash identifier: l3x08TgpO6tm40585bu6xZSfjgfoiTpKQy841kAWf0c=
Subject key identifier: F1:93:36:A9:A1:EE:0F:2E:03:75:12:CA:8B:14:58:4B:DD:0E:4A:16
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 4E68
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/8ZM2qaHuDy4DdRLKixRYS90OShY.roa
Signing time: Sun 24 Aug 2025 14:31:44 +0000
ROA not before: Sun 24 Aug 2025 14:31:44 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20072 (0x4e68)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Aug 24 14:31:44 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=F19336A9A1EE0F2E037512CA8B14584BDD0E4A16
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:da:27:fc:63:9c:c9:06:f7:f3:a1:98:95:5e:
9c:a0:e5:2c:15:a9:ff:1b:e6:72:2e:a9:f3:da:6c:
82:e2:82:f5:03:b0:37:5c:16:ee:5c:c2:fd:86:c8:
3b:4f:0b:e0:38:f3:06:c4:2f:48:b0:91:8e:59:c5:
43:40:bf:a4:79:b1:bb:ba:72:fb:48:b0:d7:dd:0f:
77:06:e4:41:01:d1:40:ea:6e:cf:ed:bd:c7:82:85:
a9:e3:96:fe:cb:f3:de:89:1c:c4:69:9b:a9:be:a3:
49:be:61:c4:b4:38:b6:71:cf:5a:74:9c:a6:57:27:
b9:06:ca:38:6f:1a:15:2a:7f:dc:77:7a:d9:c8:34:
39:27:59:13:1f:f0:16:a1:8f:b0:60:6f:64:69:a1:
b4:bc:1e:91:b4:24:32:ff:ca:e5:ed:44:97:ec:61:
d8:60:94:60:a9:c5:82:c7:27:f0:9b:f0:e7:1a:90:
89:6d:7d:b0:9b:5b:4f:6b:88:5b:7d:1f:f5:74:45:
84:99:90:05:25:18:98:45:96:3b:e6:29:cf:c6:1b:
28:67:70:b9:87:2f:2d:c9:f2:26:05:13:84:92:ee:
36:4f:11:ea:c0:80:1e:6d:57:36:98:09:7a:3f:6d:
5d:2e:6c:b2:e0:22:88:4e:e2:3c:fa:bd:7b:76:4f:
ef:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:93:36:A9:A1:EE:0F:2E:03:75:12:CA:8B:14:58:4B:DD:0E:4A:16
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/8ZM2qaHuDy4DdRLKixRYS90OShY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
08:3c:3d:5d:28:78:27:e6:ca:70:22:c6:cd:34:07:16:dc:a5:
ce:f6:8e:1e:83:ee:e4:8d:ed:3b:67:0a:6f:00:4c:92:8d:f2:
4d:db:a3:c8:4a:db:76:a2:2b:f7:24:73:18:cd:e3:95:a6:04:
a5:0d:8f:38:bc:8a:24:0a:40:76:31:0b:2f:e3:d4:1b:ef:19:
47:8f:47:4b:29:9f:4a:4d:64:d9:83:da:dc:6f:9b:45:f3:03:
e7:99:22:cf:58:53:1f:64:f3:27:92:f9:1c:c3:85:12:d5:4c:
66:e5:28:08:07:a0:f4:12:c6:b5:09:d2:6d:9d:eb:8d:fa:71:
80:93:17:2c:5c:3f:76:3f:ef:0d:50:35:6c:29:12:b1:7f:a8:
f7:36:2d:b5:2f:b4:b5:16:4c:86:41:82:59:af:be:86:c6:99:
19:3f:3c:f3:e2:82:88:1d:d0:d7:97:52:f4:b7:85:55:89:48:
70:6e:a9:0b:8b:d1:e9:41:ca:68:31:02:52:49:b6:ad:17:8c:
f5:eb:3f:a8:a9:ca:cc:38:fe:de:e4:3a:40:36:d0:13:13:50:
c4:9b:5c:26:da:3f:a6:d5:45:1b:64:c2:89:78:e0:0d:a1:e4:
36:ef:c0:d4:4d:88:a2:02:5b:2e:5d:81:23:1d:ec:34:98:3e:
7f:e8:71:ed
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICTmgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA4MjQx
NDMxNDRaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEYxOTMzNkE5QTFFRTBG
MkUwMzc1MTJDQThCMTQ1ODRCREQwRTRBMTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCv2if8Y5zJBvfzoZiVXpyg5SwVqf8b5nIuqfPabILigvUDsDdc
Fu5cwv2GyDtPC+A48wbEL0iwkY5ZxUNAv6R5sbu6cvtIsNfdD3cG5EEB0UDqbs/t
vceChanjlv7L896JHMRpm6m+o0m+YcS0OLZxz1p0nKZXJ7kGyjhvGhUqf9x3etnI
NDknWRMf8Bahj7Bgb2RpobS8HpG0JDL/yuXtRJfsYdhglGCpxYLHJ/Cb8OcakIlt
fbCbW09riFt9H/V0RYSZkAUlGJhFljvmKc/GGyhncLmHLy3J8iYFE4SS7jZPEerA
gB5tVzaYCXo/bV0ubLLgIohO4jz6vXt2T+9xAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU8ZM2qaHuDy4DdRLKixRYS90OShYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvOFpNMnFhSHVEeTRE
ZFJMS2l4UllTOTBPU2hZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAAg8PV0oeCfmynAixs00Bxbcpc72
jh6D7uSN7TtnCm8ATJKN8k3bo8hK23aiK/ckcxjN45WmBKUNjzi8iiQKQHYxCy/j
1BvvGUePR0spn0pNZNmD2txvm0XzA+eZIs9YUx9k8yeS+RzDhRLVTGblKAgHoPQS
xrUJ0m2d6436cYCTFyxcP3Y/7w1QNWwpErF/qPc2LbUvtLUWTIZBglmvvobGmRk/
PPPigogd0NeXUvS3hVWJSHBuqQuL0elBymgxAlJJtq0XjPXrP6ipysw4/t7kOkA2
0BMTUMSbXCbaP6bVRRtkwol44A2h5DbvwNRNiKICWy5dgSMd7DSYPn/oce0=
-----END CERTIFICATE-----
Generated at Mon Aug 25 02:09:16 2025 by rpki-client