Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/WiJWY4fGcZt5U0OxpWYUPT2B6Lo.roa
File: WiJWY4fGcZt5U0OxpWYUPT2B6Lo.roa (raw, json)
Hash identifier: NDg7tPMsjyXxxmM12v3Cnst2u9IbIwtEk4UXGf8osPU=
Subject key identifier: 5A:22:56:63:87:C6:71:9B:79:53:43:B1:A5:66:14:3D:3D:81:E8:BA
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 6E95
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/WiJWY4fGcZt5U0OxpWYUPT2B6Lo.roa
Signing time: Mon 20 Oct 2025 19:05:39 +0000
ROA not before: Mon 20 Oct 2025 19:05:39 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28309 (0x6e95)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Oct 20 19:05:39 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=5A22566387C6719B795343B1A566143D3D81E8BA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:8e:a4:9b:65:04:55:82:42:9c:72:a8:a6:38:
c4:39:2d:07:bd:08:5e:53:0c:9d:fa:73:40:46:9c:
46:b9:f5:26:f9:ae:f0:8b:b1:48:e5:3c:a0:f0:31:
0f:72:8e:44:d2:fa:86:e7:44:88:16:4c:e3:8e:03:
b0:c8:f0:27:8c:89:b7:65:b0:39:e4:32:2a:a9:ce:
0d:b0:55:a9:23:05:0f:2b:00:98:11:c5:df:bc:bd:
b2:70:f3:fe:74:d5:63:6b:4b:f0:bc:02:74:42:28:
7c:e4:6c:ab:3c:9e:c4:79:b5:45:0b:09:2d:c8:60:
2a:11:09:8d:6c:0a:c8:56:0e:5d:4a:3d:45:d6:49:
80:49:c8:3c:e6:0c:9f:9c:ed:ee:8d:cc:fe:ae:52:
70:61:58:61:7c:b1:56:f2:61:96:56:d4:fe:67:85:
58:c8:e1:32:7d:eb:db:7c:c8:6d:37:60:88:a9:64:
30:32:1a:8c:35:31:cc:3b:e2:d0:4f:49:3f:e8:5d:
18:0e:63:02:67:13:65:5e:47:02:65:e0:64:fe:a7:
35:46:9b:27:80:e4:59:74:81:62:59:56:da:3d:f3:
f4:b4:d5:db:d1:24:54:c9:84:cd:8e:24:a4:69:f0:
43:95:d1:f0:65:ef:b2:f1:09:f9:84:a4:15:47:5f:
5a:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:22:56:63:87:C6:71:9B:79:53:43:B1:A5:66:14:3D:3D:81:E8:BA
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/WiJWY4fGcZt5U0OxpWYUPT2B6Lo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
5b:60:4f:0d:3d:f9:71:e4:37:e6:a4:eb:61:88:46:c4:c7:f3:
c9:28:ee:f1:da:2c:cc:12:e1:fa:0a:3f:2b:8d:9e:d9:0e:9c:
06:b5:d8:a0:9f:cf:d9:c0:fe:b8:51:7b:e6:32:ec:6d:90:ba:
87:4b:67:8a:f9:4b:38:73:56:4e:f5:0a:2c:ab:00:47:d9:75:
65:b5:29:3e:f3:7b:70:19:14:ce:4e:71:9f:5e:1b:37:c9:c7:
71:06:e3:63:08:51:46:11:07:bd:e0:d3:ad:9a:ad:1d:1d:10:
50:66:e3:4f:2c:91:3c:67:ce:a8:b4:61:e8:2e:e5:41:0f:26:
8d:f1:6f:33:eb:f6:c1:4f:3e:e6:c8:39:7b:4c:04:3b:20:8d:
06:40:0f:0b:ea:91:c6:34:22:ee:b9:73:89:89:61:f8:91:b0:
2c:e5:d9:31:5a:b7:ed:c5:b2:fd:82:41:a3:61:19:e8:21:f7:
7c:6c:3d:a9:90:bf:a0:2a:2d:7e:be:2c:da:18:ac:21:9d:d1:
34:ed:4b:70:8e:00:82:78:96:23:b3:c3:18:2a:f2:46:34:ad:
0a:13:74:7c:da:70:6d:da:ae:0c:38:12:d2:bc:21:a5:b5:15:
ab:4f:4e:df:c5:fd:85:0a:bd:23:42:5a:4d:63:9d:96:35:cf:
5e:9a:69:9b
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICbpUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTEwMjAx
OTA1MzlaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDVBMjI1NjYzODdDNjcx
OUI3OTUzNDNCMUE1NjYxNDNEM0Q4MUU4QkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdjqSbZQRVgkKccqimOMQ5LQe9CF5TDJ36c0BGnEa59Sb5rvCL
sUjlPKDwMQ9yjkTS+obnRIgWTOOOA7DI8CeMibdlsDnkMiqpzg2wVakjBQ8rAJgR
xd+8vbJw8/501WNrS/C8AnRCKHzkbKs8nsR5tUULCS3IYCoRCY1sCshWDl1KPUXW
SYBJyDzmDJ+c7e6NzP6uUnBhWGF8sVbyYZZW1P5nhVjI4TJ969t8yG03YIipZDAy
Gow1Mcw74tBPST/oXRgOYwJnE2VeRwJl4GT+pzVGmyeA5Fl0gWJZVto98/S01dvR
JFTJhM2OJKRp8EOV0fBl77LxCfmEpBVHX1rdAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUWiJWY4fGcZt5U0OxpWYUPT2B6LowHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvV2lKV1k0ZkdjWnQ1
VTBPeHBXWVVQVDJCNkxvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAFtgTw09+XHkN+ak62GIRsTH88ko
7vHaLMwS4foKPyuNntkOnAa12KCfz9nA/rhRe+Yy7G2QuodLZ4r5SzhzVk71Ciyr
AEfZdWW1KT7ze3AZFM5OcZ9eGzfJx3EG42MIUUYRB73g062arR0dEFBm408skTxn
zqi0Yegu5UEPJo3xbzPr9sFPPubIOXtMBDsgjQZADwvqkcY0Iu65c4mJYfiRsCzl
2TFat+3Fsv2CQaNhGegh93xsPamQv6AqLX6+LNoYrCGd0TTtS3COAIJ4liOzwxgq
8kY0rQoTdHzacG3argw4EtK8IaW1FatPTt/F/YUKvSNCWk1jnZY1z16aaZs=
-----END CERTIFICATE-----
Generated at Tue Oct 21 02:19:52 2025 by rpki-client