Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/bct2Keq7b8oMNh8d2_9zE8hZNV8.roa
File: bct2Keq7b8oMNh8d2_9zE8hZNV8.roa (raw, json)
Hash identifier: havY+PYxhR+9Q3x1y91oOHSTXjOVwv2iq5NgK0X72F4=
Subject key identifier: 6D:CB:76:29:EA:BB:6F:CA:0C:36:1F:1D:DB:FF:73:13:C8:59:35:5F
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 6E4E
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/bct2Keq7b8oMNh8d2_9zE8hZNV8.roa
Signing time: Mon 20 Oct 2025 07:05:26 +0000
ROA not before: Mon 20 Oct 2025 07:05:26 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28238 (0x6e4e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Oct 20 07:05:26 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=6DCB7629EABB6FCA0C361F1DDBFF7313C859355F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:e0:e8:f9:67:af:17:b2:f5:28:89:ab:84:59:
86:b3:14:45:83:3e:2a:92:c8:d0:e8:01:06:29:55:
84:ab:2d:da:28:8d:c4:dd:b1:76:12:4a:3d:58:a0:
e9:0d:3d:54:7f:59:18:90:90:98:8e:e1:d2:bf:ad:
bb:d3:4b:e5:b8:7e:ea:39:35:af:61:98:53:84:39:
25:14:5a:f0:41:28:5f:c3:ad:ab:68:e0:69:3e:2b:
31:79:01:40:b9:4f:c1:5b:4a:c8:1e:5f:cf:22:ed:
ae:db:a1:57:ca:0d:67:b3:bc:4b:9e:d9:38:fe:69:
5c:a3:5f:b5:3c:70:8f:e9:af:53:1e:7a:44:f1:2e:
a8:57:29:15:22:86:a4:05:c3:8d:0b:9b:ee:e8:f0:
5f:39:55:68:d5:75:aa:4b:a8:dc:92:60:4b:79:09:
d3:b3:4d:d4:0b:88:45:c0:80:51:eb:24:26:90:f8:
ad:98:fa:68:a6:2b:96:28:d7:a1:0d:c0:7b:5b:21:
00:ff:87:da:91:9a:2f:f3:9b:17:8f:2c:bb:f5:52:
4b:df:07:c0:0c:83:d8:b1:b6:c3:25:af:c8:78:5c:
32:66:d6:f7:fb:d8:9b:e2:89:48:2e:ff:77:d5:3f:
fb:d0:88:1f:eb:73:bd:85:8a:11:a5:7f:89:da:22:
0b:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:CB:76:29:EA:BB:6F:CA:0C:36:1F:1D:DB:FF:73:13:C8:59:35:5F
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/bct2Keq7b8oMNh8d2_9zE8hZNV8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
65:a0:11:12:46:d5:b8:7f:1e:e5:2b:15:29:4b:cc:2f:94:08:
54:e1:a1:1a:99:63:6c:61:9b:55:d2:00:57:65:b2:09:82:71:
0b:c4:ac:4f:71:6d:10:77:e2:8a:fc:39:35:4c:69:3d:46:7d:
d1:ad:a0:07:5a:b2:75:4e:51:c0:53:f8:ea:2b:86:f9:5d:02:
f2:f2:93:d0:1f:38:f5:bd:0b:1a:51:ee:71:ae:ba:17:a0:d6:
f9:14:e1:9d:77:b5:02:f2:e3:fc:f3:7f:8e:63:09:e5:9a:f8:
39:b7:0a:f3:d3:bc:e8:1f:ef:9b:03:81:d3:e3:fa:a4:23:e6:
d2:f8:87:ac:9e:34:39:22:fc:64:7c:87:8c:e4:5a:7e:61:e9:
38:af:be:db:da:cd:c8:1a:e5:83:f9:9c:d8:83:b5:d8:21:61:
5b:70:7d:a1:3f:f0:69:b4:42:dc:fc:73:4f:49:eb:ec:ec:97:
ee:fc:95:77:72:fd:c5:cb:b2:d5:6b:a7:f7:79:8e:b6:19:fd:
72:3a:a1:31:e0:d4:bd:06:f2:a0:03:c7:ec:75:43:de:23:2f:
df:9a:08:84:30:ef:59:fc:71:29:fe:3e:72:61:da:d6:cd:e6:
41:0d:78:96:a7:fe:97:7e:3e:9b:a3:35:b2:e0:92:b3:23:4c:
bb:c3:67:1c
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICbk4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTEwMjAw
NzA1MjZaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDZEQ0I3NjI5RUFCQjZG
Q0EwQzM2MUYxRERCRkY3MzEzQzg1OTM1NUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCc4Oj5Z68XsvUoiauEWYazFEWDPiqSyNDoAQYpVYSrLdoojcTd
sXYSSj1YoOkNPVR/WRiQkJiO4dK/rbvTS+W4fuo5Na9hmFOEOSUUWvBBKF/Drato
4Gk+KzF5AUC5T8FbSsgeX88i7a7boVfKDWezvEue2Tj+aVyjX7U8cI/pr1MeekTx
LqhXKRUihqQFw40Lm+7o8F85VWjVdapLqNySYEt5CdOzTdQLiEXAgFHrJCaQ+K2Y
+mimK5Yo16ENwHtbIQD/h9qRmi/zmxePLLv1UkvfB8AMg9ixtsMlr8h4XDJm1vf7
2JviiUgu/3fVP/vQiB/rc72FihGlf4naIgubAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUbct2Keq7b8oMNh8d2/9zE8hZNV8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvYmN0MktlcTdiOG9N
Tmg4ZDJfOXpFOGhaTlY4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGWgERJG1bh/HuUrFSlLzC+UCFTh
oRqZY2xhm1XSAFdlsgmCcQvErE9xbRB34or8OTVMaT1GfdGtoAdasnVOUcBT+Oor
hvldAvLyk9AfOPW9CxpR7nGuuheg1vkU4Z13tQLy4/zzf45jCeWa+Dm3CvPTvOgf
75sDgdPj+qQj5tL4h6yeNDki/GR8h4zkWn5h6Tivvtvazcga5YP5nNiDtdghYVtw
faE/8Gm0Qtz8c09J6+zsl+78lXdy/cXLstVrp/d5jrYZ/XI6oTHg1L0G8qADx+x1
Q94jL9+aCIQw71n8cSn+PnJh2tbN5kENeJan/pd+PpujNbLgkrMjTLvDZxw=
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:52:22 2025 by rpki-client