Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/tXHHYHKut68MhFgwkP5sZhejZR8.roa
File: tXHHYHKut68MhFgwkP5sZhejZR8.roa (raw, json)
Hash identifier: hZ9Rg4YRrRgprf1q81tgnzQYp+EB5VOs+imxrbKKw5o=
Subject key identifier: B5:71:C7:60:72:AE:B7:AF:0C:84:58:30:90:FE:6C:66:17:A3:65:1F
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 4E27
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/tXHHYHKut68MhFgwkP5sZhejZR8.roa
Signing time: Sun 24 Aug 2025 03:31:43 +0000
ROA not before: Sun 24 Aug 2025 03:31:43 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 20007 (0x4e27)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Aug 24 03:31:43 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=B571C76072AEB7AF0C84583090FE6C6617A3651F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:66:50:0a:89:4f:f4:41:7e:b0:77:bf:3d:5f:
f0:8d:84:d2:66:48:9e:be:c2:b7:70:47:a6:39:81:
54:71:15:6d:d0:30:32:1c:f1:7a:aa:50:36:08:31:
51:1a:74:29:47:09:c5:ea:1a:9e:54:6e:07:7f:7e:
d8:00:9f:8e:87:05:44:45:e6:c0:9a:7a:7d:bd:fe:
c1:f1:59:80:a1:29:2c:d4:b9:87:b6:4c:12:8f:bc:
35:e1:7b:ef:3b:82:b5:75:8a:d5:02:91:b3:9a:8e:
ca:6b:13:6a:85:c5:59:9b:87:66:4b:36:77:e3:e8:
48:17:b2:0d:46:7a:e2:ca:00:c5:db:f7:69:f0:6d:
99:7c:ec:2d:92:e1:8f:88:4e:77:7a:f9:e8:de:fa:
25:03:17:13:3b:f5:2f:58:c6:7a:19:93:22:21:23:
97:35:41:96:54:eb:b3:0d:d1:ad:74:4e:fc:a8:cd:
ae:08:a4:22:6b:76:3b:25:17:a1:59:af:73:0f:fa:
fb:10:7d:bf:b2:d7:64:05:ef:49:97:3d:26:47:ac:
98:33:04:1e:dc:3a:21:54:db:50:20:5c:84:b5:74:
ef:a0:ae:50:db:96:5e:b2:b7:fb:cd:9f:af:a3:61:
2c:64:73:a0:49:c7:0f:3a:17:34:18:67:2b:4c:88:
97:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:71:C7:60:72:AE:B7:AF:0C:84:58:30:90:FE:6C:66:17:A3:65:1F
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/tXHHYHKut68MhFgwkP5sZhejZR8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
56:5f:f2:6d:30:2b:da:3d:96:7f:4b:68:57:be:ee:bb:52:5e:
5b:c1:75:02:84:b5:8e:8b:0d:54:2d:06:4f:a2:5a:c5:ba:a6:
1f:76:bd:ff:29:a3:b8:c3:6e:1e:8d:ce:e5:3c:67:91:af:3a:
e3:48:0e:b2:f7:44:8d:18:6a:db:f7:1f:82:cc:6f:97:fa:17:
32:c8:6b:1f:13:f0:23:4e:d0:11:cb:49:7e:f2:f2:21:0d:13:
f9:b8:be:14:de:14:2e:03:ab:f1:d8:52:93:7b:27:df:85:53:
d9:8e:9a:7e:80:51:1b:62:cd:96:2c:a9:b5:7b:42:18:de:34:
88:50:53:dd:d8:ee:46:16:95:b4:c0:dd:af:36:e7:70:2c:b0:
3b:2a:c9:c0:0d:e5:3a:6a:43:85:e1:f1:d1:4c:19:b7:11:a1:
a1:9d:7a:15:67:ad:11:d5:43:03:73:b5:cb:bb:b5:46:06:7f:
07:15:02:b6:48:38:5c:d5:9c:f5:16:41:3d:3e:6f:24:fd:f3:
8c:73:1c:ec:ad:8e:f0:98:00:00:88:b5:3f:f2:d3:55:e5:ed:
f2:87:4d:78:ed:fc:f9:41:78:05:91:7f:1d:52:48:20:8e:6e:
a0:bb:e2:c8:7b:e8:b4:51:f7:bb:bd:85:95:d0:90:bb:45:5c:
b1:55:37:fa
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICTicwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA4MjQw
MzMxNDNaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEI1NzFDNzYwNzJBRUI3
QUYwQzg0NTgzMDkwRkU2QzY2MTdBMzY1MUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCbZlAKiU/0QX6wd789X/CNhNJmSJ6+wrdwR6Y5gVRxFW3QMDIc
8XqqUDYIMVEadClHCcXqGp5Ubgd/ftgAn46HBURF5sCaen29/sHxWYChKSzUuYe2
TBKPvDXhe+87grV1itUCkbOajsprE2qFxVmbh2ZLNnfj6EgXsg1GeuLKAMXb92nw
bZl87C2S4Y+ITnd6+eje+iUDFxM79S9YxnoZkyIhI5c1QZZU67MN0a10Tvyoza4I
pCJrdjslF6FZr3MP+vsQfb+y12QF70mXPSZHrJgzBB7cOiFU21AgXIS1dO+grlDb
ll6yt/vNn6+jYSxkc6BJxw86FzQYZytMiJfxAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUtXHHYHKut68MhFgwkP5sZhejZR8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvdFhISFlIS3V0NjhN
aEZnd2tQNXNaaGVqWlI4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAFZf8m0wK9o9ln9LaFe+7rtSXlvB
dQKEtY6LDVQtBk+iWsW6ph92vf8po7jDbh6NzuU8Z5GvOuNIDrL3RI0Yatv3H4LM
b5f6FzLIax8T8CNO0BHLSX7y8iENE/m4vhTeFC4Dq/HYUpN7J9+FU9mOmn6AURti
zZYsqbV7QhjeNIhQU93Y7kYWlbTA3a8253AssDsqycAN5TpqQ4Xh8dFMGbcRoaGd
ehVnrRHVQwNztcu7tUYGfwcVArZIOFzVnPUWQT0+byT984xzHOytjvCYAACItT/y
01Xl7fKHTXjt/PlBeAWRfx1SSCCObqC74sh76LRR97u9hZXQkLtFXLFVN/o=
-----END CERTIFICATE-----
Generated at Sun Aug 24 09:06:20 2025 by rpki-client