Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/aSDmKfhq9oaytCWRvWFaq6D4sao.roa
File: aSDmKfhq9oaytCWRvWFaq6D4sao.roa (raw, json)
Hash identifier: RLy8EsnVUJstM+DrmEY6iUxtuvJmlOXscLo1dA6COjo=
Subject key identifier: 69:20:E6:29:F8:6A:F6:86:B2:B4:25:91:BD:61:5A:AB:A0:F8:B1:AA
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 6EAB
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/aSDmKfhq9oaytCWRvWFaq6D4sao.roa
Signing time: Mon 20 Oct 2025 22:35:39 +0000
ROA not before: Mon 20 Oct 2025 22:35:39 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28331 (0x6eab)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Oct 20 22:35:39 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=6920E629F86AF686B2B42591BD615AABA0F8B1AA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:5e:f6:18:ca:29:d5:4c:6e:dc:42:0d:19:66:
df:35:06:5d:29:f6:9f:86:af:38:6c:38:1a:4c:6d:
77:bb:95:b0:4b:1c:96:ce:f7:c4:a4:f1:ce:fb:b8:
43:a2:5f:20:80:cd:92:93:b8:63:52:b5:13:24:2b:
80:87:d8:b3:0b:ed:04:a6:14:94:98:28:89:b5:e1:
12:9a:1c:20:ad:c2:96:34:75:f9:16:bc:10:48:19:
fb:cf:0d:05:33:28:50:86:ea:f9:42:0c:06:d7:66:
1d:e3:3b:3b:41:16:ee:0a:99:9b:b8:ec:f7:94:ec:
73:87:b6:5c:31:94:6d:01:13:36:9a:ab:21:14:28:
8a:90:94:9a:d3:3a:10:f0:e8:ad:96:ff:5a:d8:01:
92:76:71:e6:ca:73:70:2d:54:bc:e1:1e:1d:f2:10:
31:cf:30:39:47:fd:20:d2:1d:74:61:1b:65:a0:05:
4a:03:44:cf:3f:a7:8c:8b:9f:02:aa:a2:10:4a:70:
a9:2d:43:a7:fa:42:03:10:af:02:fe:8a:3f:37:37:
e8:7e:fe:be:24:e2:6d:e1:9a:c5:50:60:16:7a:ae:
af:f5:e7:e5:f2:7f:f0:ca:1e:18:70:39:08:6b:4e:
03:3a:27:c7:ca:c6:4e:51:7f:fc:1d:37:da:7d:24:
02:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:20:E6:29:F8:6A:F6:86:B2:B4:25:91:BD:61:5A:AB:A0:F8:B1:AA
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/aSDmKfhq9oaytCWRvWFaq6D4sao.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
4d:97:26:47:62:6c:01:21:e2:fd:fc:ab:93:0b:38:0c:c4:c9:
42:59:b6:15:36:d0:44:4e:2a:ad:8e:7b:c2:69:8e:2e:70:58:
56:76:6d:d6:66:be:e2:ea:1f:ee:93:78:8a:f2:e5:a5:5f:d2:
1c:d1:42:e8:4a:e3:51:62:b2:92:ff:ab:68:6a:f9:90:52:e6:
b4:64:48:3d:0f:7e:c9:dc:97:41:57:5b:3b:05:be:2b:36:8a:
a6:55:f1:1b:0f:3e:a2:e2:c2:0a:30:49:54:d8:d7:e1:fd:e5:
91:8f:8b:b1:26:5c:6a:6d:b4:d2:b3:0c:0a:4f:c5:e4:ad:fe:
0e:06:00:43:91:91:fa:40:c3:e8:eb:02:9b:b2:a8:44:9b:44:
f8:e1:af:a0:24:a4:90:9b:6d:6d:70:35:76:96:82:89:d9:23:
8b:b7:7d:e4:d1:79:5e:a6:f9:cc:c3:5a:32:8f:db:6a:2e:28:
df:14:99:04:f4:92:d6:ef:39:eb:20:d1:1c:db:83:52:da:0f:
b7:1d:6d:95:59:69:6f:2e:1a:c1:40:65:fd:08:4b:70:2a:7b:
f5:68:93:c6:07:cb:61:b6:a7:fc:6d:84:61:fd:c5:95:af:fb:
68:c7:6d:25:c1:a2:67:cf:43:cf:40:5a:cd:77:36:b3:2b:3d:
cb:2d:03:8d
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICbqswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTEwMjAy
MjM1MzlaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDY5MjBFNjI5Rjg2QUY2
ODZCMkI0MjU5MUJENjE1QUFCQTBGOEIxQUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBXvYYyinVTG7cQg0ZZt81Bl0p9p+GrzhsOBpMbXe7lbBLHJbO
98Sk8c77uEOiXyCAzZKTuGNStRMkK4CH2LML7QSmFJSYKIm14RKaHCCtwpY0dfkW
vBBIGfvPDQUzKFCG6vlCDAbXZh3jOztBFu4KmZu47PeU7HOHtlwxlG0BEzaaqyEU
KIqQlJrTOhDw6K2W/1rYAZJ2cebKc3AtVLzhHh3yEDHPMDlH/SDSHXRhG2WgBUoD
RM8/p4yLnwKqohBKcKktQ6f6QgMQrwL+ij83N+h+/r4k4m3hmsVQYBZ6rq/15+Xy
f/DKHhhwOQhrTgM6J8fKxk5Rf/wdN9p9JALhAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUaSDmKfhq9oaytCWRvWFaq6D4saowHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvYVNEbUtmaHE5b2F5
dENXUnZXRmFxNkQ0c2FvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAE2XJkdibAEh4v38q5MLOAzEyUJZ
thU20EROKq2Oe8Jpji5wWFZ2bdZmvuLqH+6TeIry5aVf0hzRQuhK41FispL/q2hq
+ZBS5rRkSD0Pfsncl0FXWzsFvis2iqZV8RsPPqLiwgowSVTY1+H95ZGPi7EmXGpt
tNKzDApPxeSt/g4GAEORkfpAw+jrApuyqESbRPjhr6AkpJCbbW1wNXaWgonZI4u3
feTReV6m+czDWjKP22ouKN8UmQT0ktbvOesg0Rzbg1LaD7cdbZVZaW8uGsFAZf0I
S3Aqe/Vok8YHy2G2p/xthGH9xZWv+2jHbSXBomfPQ89AWs13NrMrPcstA40=
-----END CERTIFICATE-----
Generated at Tue Oct 21 09:38:25 2025 by rpki-client