Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/W0ZyQESRVR_0mGanwvbBlwNPdMs.roa
File: W0ZyQESRVR_0mGanwvbBlwNPdMs.roa (raw, json)
Hash identifier: aLS06mtJJZpzK5jDMymN+ldmLbYqpCQ5R2CEVJueEGQ=
Subject key identifier: 5B:46:72:40:44:91:55:1F:F4:98:66:A7:C2:F6:C1:97:03:4F:74:CB
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 6EAA
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/W0ZyQESRVR_0mGanwvbBlwNPdMs.roa
Signing time: Mon 20 Oct 2025 22:35:38 +0000
ROA not before: Mon 20 Oct 2025 22:35:38 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28330 (0x6eaa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Oct 20 22:35:38 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=5B4672404491551FF49866A7C2F6C197034F74CB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:b4:bb:89:f7:d3:0e:40:e0:61:3f:b3:61:6a:
01:a4:01:81:66:51:86:e8:ef:5b:0e:12:7b:8e:da:
01:5e:ea:60:ad:25:a7:2d:3c:20:ab:cc:87:93:bd:
33:93:d5:4a:6d:fd:ce:76:9b:8e:a2:6d:79:53:83:
c8:89:9d:1e:24:7c:79:90:3c:b6:7e:e0:3e:9a:cf:
96:67:fa:c5:d6:a1:10:a3:a7:a8:9a:63:07:b6:0f:
3f:f7:26:4b:9b:81:78:db:93:62:a9:d6:ff:02:c0:
01:e0:1e:ef:33:de:39:35:0c:69:ae:3a:34:85:9d:
1c:a1:98:3c:2d:f0:3a:aa:75:96:13:08:2e:ee:10:
6a:25:fb:c7:f8:9b:ba:bd:2f:ca:1f:bb:c4:95:6b:
2e:86:62:2f:4e:5e:91:0a:12:38:ec:69:d3:29:99:
18:4c:5f:52:12:37:3b:10:bc:9d:d4:15:d0:0b:4e:
2d:5f:43:ab:14:56:72:b7:13:5b:e1:84:d9:56:11:
1c:4c:7e:96:08:79:a0:cd:7a:74:af:1c:37:1a:55:
6d:ce:ba:2b:2e:fe:ba:f1:ff:66:e4:0e:7b:ed:7c:
52:90:35:f7:6f:28:0e:5a:96:9d:38:ea:24:fd:aa:
28:93:f6:af:ae:8a:bd:cd:c3:5e:30:d6:1f:4b:76:
73:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:46:72:40:44:91:55:1F:F4:98:66:A7:C2:F6:C1:97:03:4F:74:CB
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/W0ZyQESRVR_0mGanwvbBlwNPdMs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
bb:ca:20:04:39:aa:9b:55:27:97:6f:b5:61:68:62:00:9a:cb:
38:c1:ad:42:6b:ff:af:8c:04:53:55:ad:88:e1:d2:cc:6b:cb:
b2:e4:c7:e8:39:0f:53:0a:4a:30:32:47:5c:30:23:cc:3d:96:
6f:c4:78:6e:cc:f3:40:a6:06:c8:28:87:b8:2b:57:9c:80:b6:
60:8c:c0:4e:55:ee:a1:20:d2:3c:fd:1f:8f:2a:8d:cd:74:5a:
3e:35:b7:94:62:a6:8e:b6:b7:c9:82:48:de:b6:77:8b:ec:a7:
37:9f:20:9c:fd:71:41:22:3c:91:d9:d4:90:bd:5e:9c:74:5b:
93:ad:c8:6b:66:35:55:e7:24:ba:21:cb:ee:5c:0c:34:88:59:
e6:0a:9b:46:4f:6a:7f:c9:a4:9d:14:fc:39:c3:a5:82:c6:a2:
5a:f6:b8:1b:8e:69:7b:c1:91:05:eb:b7:61:c5:6d:57:ad:80:
29:cc:0b:a2:f7:01:f3:9c:e4:eb:0b:bb:74:03:71:75:69:de:
64:b3:1e:d4:af:89:49:6a:f8:1a:08:4a:6c:81:33:82:cf:d6:
28:53:0c:52:29:80:17:0f:06:5c:fe:ef:bf:d2:cd:3a:83:67:
a9:cc:b2:c0:58:aa:23:67:1a:e9:9d:7b:b9:95:36:e9:82:b1:
05:7e:e8:71
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICbqowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTEwMjAy
MjM1MzhaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDVCNDY3MjQwNDQ5MTU1
MUZGNDk4NjZBN0MyRjZDMTk3MDM0Rjc0Q0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7tLuJ99MOQOBhP7NhagGkAYFmUYbo71sOEnuO2gFe6mCtJact
PCCrzIeTvTOT1Upt/c52m46ibXlTg8iJnR4kfHmQPLZ+4D6az5Zn+sXWoRCjp6ia
Ywe2Dz/3JkubgXjbk2Kp1v8CwAHgHu8z3jk1DGmuOjSFnRyhmDwt8DqqdZYTCC7u
EGol+8f4m7q9L8ofu8SVay6GYi9OXpEKEjjsadMpmRhMX1ISNzsQvJ3UFdALTi1f
Q6sUVnK3E1vhhNlWERxMfpYIeaDNenSvHDcaVW3Ouisu/rrx/2bkDnvtfFKQNfdv
KA5alp046iT9qiiT9q+uir3Nw14w1h9LdnPXAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUW0ZyQESRVR/0mGanwvbBlwNPdMswHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvVzBaeVFFU1JWUl8w
bUdhbnd2YkJsd05QZE1zLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALvKIAQ5qptVJ5dvtWFoYgCayzjB
rUJr/6+MBFNVrYjh0sxry7Lkx+g5D1MKSjAyR1wwI8w9lm/EeG7M80CmBsgoh7gr
V5yAtmCMwE5V7qEg0jz9H48qjc10Wj41t5Ripo62t8mCSN62d4vspzefIJz9cUEi
PJHZ1JC9Xpx0W5OtyGtmNVXnJLohy+5cDDSIWeYKm0ZPan/JpJ0U/DnDpYLGolr2
uBuOaXvBkQXrt2HFbVetgCnMC6L3AfOc5OsLu3QDcXVp3mSzHtSviUlq+BoISmyB
M4LP1ihTDFIpgBcPBlz+77/SzTqDZ6nMssBYqiNnGumde7mVNumCsQV+6HE=
-----END CERTIFICATE-----
Generated at Tue Oct 21 09:38:16 2025 by rpki-client