Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/fPe-QZAtrl8yG9H3OGu2grwJFoI.roa
File: fPe-QZAtrl8yG9H3OGu2grwJFoI.roa (raw, json)
Hash identifier: TbEB7ojwJ3zrER7aBJ6rw6FUJlMA3DwovA8KNmEv2xc=
Subject key identifier: 7C:F7:BE:41:90:2D:AE:5F:32:1B:D1:F7:38:6B:B6:82:BC:09:16:82
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 3164
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/fPe-QZAtrl8yG9H3OGu2grwJFoI.roa
Signing time: Fri 04 Jul 2025 00:11:56 +0000
ROA not before: Fri 04 Jul 2025 00:11:56 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12644 (0x3164)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jul 4 00:11:56 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=7CF7BE41902DAE5F321BD1F7386BB682BC091682
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:e9:bb:81:9d:c3:83:61:39:aa:a5:62:fb:7f:
57:ad:33:3e:e6:e2:78:73:d6:0a:b4:9d:52:ef:fc:
2b:d4:2f:4c:62:5b:90:9b:f7:42:77:8f:d3:15:29:
ec:b0:65:f4:15:73:5b:54:d1:6c:12:c8:3e:c4:e8:
51:5e:5f:21:54:ed:e0:c7:12:a2:c6:fb:32:b8:f5:
1c:ab:92:c7:bf:5f:a2:15:3d:65:8e:15:a9:74:b7:
6b:ce:e5:0e:57:61:a5:f5:c2:4b:d6:9f:f7:3b:36:
51:0c:bd:5b:b7:54:26:cb:92:d9:6a:ca:20:c0:4d:
70:cf:7a:4b:eb:b3:34:e3:f9:f4:a7:c7:0c:ae:a8:
2a:32:de:21:44:e2:bc:47:c8:7d:a2:ec:5f:bf:be:
c5:2d:58:c9:fe:c0:1a:0b:32:68:2f:3a:ac:59:87:
b7:e7:02:09:90:f5:57:9b:fa:08:2a:09:0e:35:fc:
02:56:a5:8c:8b:c8:38:e4:ba:34:05:79:b7:42:9c:
a9:fc:77:d5:8e:e4:01:7f:8d:61:59:8c:a6:e9:ea:
52:0b:08:0f:65:39:18:e9:2c:55:27:57:53:f2:04:
85:89:f5:b7:f3:74:89:fe:16:d2:93:5a:62:98:a6:
5a:5a:bc:03:77:da:a0:d2:42:71:fc:28:8c:24:c9:
4c:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:F7:BE:41:90:2D:AE:5F:32:1B:D1:F7:38:6B:B6:82:BC:09:16:82
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/fPe-QZAtrl8yG9H3OGu2grwJFoI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
2c:0a:b2:f5:45:51:3c:d8:b1:f6:bf:70:0d:1e:07:c6:bd:00:
01:b0:0e:2b:aa:9f:be:24:4b:90:76:76:5e:27:95:a6:3c:e9:
de:33:65:51:fc:cf:7d:14:23:00:4d:7c:98:78:88:27:bb:7b:
6e:ce:34:78:14:57:e7:2e:7e:f5:0a:c8:fb:8c:8c:ca:c6:92:
b8:51:d2:64:d8:fa:e5:4d:6a:18:d4:c2:9c:bf:62:84:09:35:
0f:f2:53:50:a5:2f:10:5d:54:51:dc:26:69:13:f2:a0:25:4c:
50:70:1c:58:a4:0b:09:63:80:ca:14:7e:0a:dc:2e:40:47:cb:
18:11:15:2a:e4:7d:38:8a:ad:99:f8:5c:33:50:b1:ff:a3:7c:
42:2f:9f:b2:c9:00:84:06:0d:a7:8d:45:00:37:07:11:8d:d7:
cd:30:25:89:c2:41:51:bf:8f:e2:4e:76:7f:64:e9:38:ba:03:
fb:69:13:81:ee:1d:0b:d1:8b:00:26:d7:f2:73:49:fc:fa:9b:
32:9f:fd:19:d8:5c:79:5b:25:fa:02:b1:00:9e:a0:29:75:d7:
42:38:48:97:57:5e:23:96:d7:a8:40:03:18:c5:79:df:0d:4b:
a6:8c:e8:77:24:68:4b:f8:78:e4:9f:ba:e0:04:d2:a3:93:ad:
88:81:5f:e2
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICMWQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA3MDQw
MDExNTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDdDRjdCRTQxOTAyREFF
NUYzMjFCRDFGNzM4NkJCNjgyQkMwOTE2ODIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDB6buBncODYTmqpWL7f1etMz7m4nhz1gq0nVLv/CvUL0xiW5Cb
90J3j9MVKeywZfQVc1tU0WwSyD7E6FFeXyFU7eDHEqLG+zK49Ryrkse/X6IVPWWO
Fal0t2vO5Q5XYaX1wkvWn/c7NlEMvVu3VCbLktlqyiDATXDPekvrszTj+fSnxwyu
qCoy3iFE4rxHyH2i7F+/vsUtWMn+wBoLMmgvOqxZh7fnAgmQ9Veb+ggqCQ41/AJW
pYyLyDjkujQFebdCnKn8d9WO5AF/jWFZjKbp6lILCA9lORjpLFUnV1PyBIWJ9bfz
dIn+FtKTWmKYplpavAN32qDSQnH8KIwkyUwrAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUfPe+QZAtrl8yG9H3OGu2grwJFoIwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvZlBlLVFaQXRybDh5
RzlIM09HdTJncndKRm9JLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBACwKsvVFUTzYsfa/cA0eB8a9AAGw
Diuqn74kS5B2dl4nlaY86d4zZVH8z30UIwBNfJh4iCe7e27ONHgUV+cufvUKyPuM
jMrGkrhR0mTY+uVNahjUwpy/YoQJNQ/yU1ClLxBdVFHcJmkT8qAlTFBwHFikCwlj
gMoUfgrcLkBHyxgRFSrkfTiKrZn4XDNQsf+jfEIvn7LJAIQGDaeNRQA3BxGN180w
JYnCQVG/j+JOdn9k6Ti6A/tpE4HuHQvRiwAm1/JzSfz6mzKf/RnYXHlbJfoCsQCe
oCl110I4SJdXXiOW16hAAxjFed8NS6aM6HckaEv4eOSfuuAE0qOTrYiBX+I=
-----END CERTIFICATE-----
Generated at Fri Jul 4 08:46:16 2025 by rpki-client