Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/H16YMVhSWJtG9lxodt-OhqFk5k8.roa
File: H16YMVhSWJtG9lxodt-OhqFk5k8.roa (raw, json)
Hash identifier: L2J9Jjt1xPreclt7cYkwf4IBWnV4JhGrM3DfIuRVfeY=
Subject key identifier: 1F:5E:98:31:58:52:58:9B:46:F6:5C:68:76:DF:8E:86:A1:64:E6:4F
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 569C
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/H16YMVhSWJtG9lxodt-OhqFk5k8.roa
Signing time: Mon 08 Sep 2025 04:32:37 +0000
ROA not before: Mon 08 Sep 2025 04:32:37 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22172 (0x569c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Sep 8 04:32:37 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=1F5E98315852589B46F65C6876DF8E86A164E64F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:c1:cd:e2:93:11:f4:ab:59:b6:68:fe:5d:b3:
79:11:de:d1:d8:d6:d5:f2:2e:54:69:45:b9:b3:1f:
29:ce:91:3e:d3:64:af:44:b7:f9:f6:41:61:69:4f:
99:d8:b3:de:d2:b5:67:bd:b2:f6:cc:8d:bc:08:eb:
10:2b:0d:f4:e4:41:05:71:b8:09:42:9d:99:e9:91:
48:bf:e2:42:de:64:54:88:c6:02:9a:dc:fd:5f:9b:
7d:80:f2:be:b5:93:5b:11:2f:51:ac:60:63:16:5b:
c7:94:a8:37:8a:8a:54:98:8e:14:52:a9:7e:5b:4c:
cf:dd:b0:66:3e:5b:63:ea:f5:28:b0:c2:c9:fc:d2:
24:ec:16:31:03:43:c8:f7:7d:c1:25:79:fb:73:b2:
32:fd:24:ee:de:f1:b5:f0:81:a3:09:d7:53:0e:b2:
ae:9b:70:c2:f5:2d:11:16:ed:8c:23:d8:24:b5:93:
0a:64:1a:d3:62:ab:26:cf:eb:93:d6:08:4f:5f:88:
80:52:ec:5a:c2:0f:d6:65:b0:b6:0b:b1:ab:26:78:
6b:0d:96:4e:76:12:a6:bb:38:bf:34:76:a3:8a:e8:
30:d0:85:12:8e:0b:99:36:71:6c:95:c0:5b:8b:37:
89:de:20:cc:49:32:b0:7e:14:05:c1:bf:6c:0a:92:
73:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:5E:98:31:58:52:58:9B:46:F6:5C:68:76:DF:8E:86:A1:64:E6:4F
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/H16YMVhSWJtG9lxodt-OhqFk5k8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
1b:32:59:d5:91:84:d5:48:f9:e3:4b:93:1c:18:ce:93:63:d0:
1d:48:7e:ab:d6:40:02:be:09:fa:32:f2:b8:08:63:5f:c0:f4:
91:bf:53:ea:c1:2d:b4:6f:06:ac:0d:4d:5a:95:15:89:fd:43:
39:63:56:17:ca:38:b8:bb:28:d2:9a:4e:03:03:14:69:6d:e2:
ac:27:d6:7e:15:87:1a:82:fe:ee:91:25:36:73:7d:71:50:e1:
c8:bc:3d:75:13:22:45:a1:14:19:65:b5:a1:af:cf:a2:95:1a:
f7:1a:70:21:8f:26:d0:42:f7:c6:a8:61:cd:a2:70:31:44:e0:
d1:6e:cc:30:02:ba:86:15:58:4f:99:54:70:74:af:9d:bb:48:
87:b1:66:71:9c:ee:46:b4:70:9e:4a:48:bb:1b:44:90:8f:83:
14:80:f0:c5:0c:fd:40:62:b6:49:3a:da:80:51:7f:81:b6:fc:
3e:00:d2:b1:7f:bf:dd:9e:76:ec:35:77:09:62:f0:c5:ea:9f:
3a:8d:94:37:90:16:8f:05:b0:60:69:99:56:b9:62:4d:38:ea:
47:27:a1:f3:b1:1c:87:02:33:5d:92:f0:e3:07:26:f7:fb:df:
32:02:2e:d1:04:94:92:ab:a4:a4:06:6c:64:f1:e7:da:6b:0b:
8d:8f:3d:ef
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICVpwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA5MDgw
NDMyMzdaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDFGNUU5ODMxNTg1MjU4
OUI0NkY2NUM2ODc2REY4RTg2QTE2NEU2NEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDjwc3ikxH0q1m2aP5ds3kR3tHY1tXyLlRpRbmzHynOkT7TZK9E
t/n2QWFpT5nYs97StWe9svbMjbwI6xArDfTkQQVxuAlCnZnpkUi/4kLeZFSIxgKa
3P1fm32A8r61k1sRL1GsYGMWW8eUqDeKilSYjhRSqX5bTM/dsGY+W2Pq9Siwwsn8
0iTsFjEDQ8j3fcEleftzsjL9JO7e8bXwgaMJ11MOsq6bcML1LREW7Ywj2CS1kwpk
GtNiqybP65PWCE9fiIBS7FrCD9ZlsLYLsasmeGsNlk52Eqa7OL80dqOK6DDQhRKO
C5k2cWyVwFuLN4neIMxJMrB+FAXBv2wKknOHAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUH16YMVhSWJtG9lxodt+OhqFk5k8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvSDE2WU1WaFNXSnRH
OWx4b2R0LU9ocUZrNWs4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABsyWdWRhNVI+eNLkxwYzpNj0B1I
fqvWQAK+Cfoy8rgIY1/A9JG/U+rBLbRvBqwNTVqVFYn9QzljVhfKOLi7KNKaTgMD
FGlt4qwn1n4VhxqC/u6RJTZzfXFQ4ci8PXUTIkWhFBlltaGvz6KVGvcacCGPJtBC
98aoYc2icDFE4NFuzDACuoYVWE+ZVHB0r527SIexZnGc7ka0cJ5KSLsbRJCPgxSA
8MUM/UBitkk62oBRf4G2/D4A0rF/v92eduw1dwli8MXqnzqNlDeQFo8FsGBpmVa5
Yk046kcnofOxHIcCM12S8OMHJvf73zICLtEElJKrpKQGbGTx59prC42PPe8=
-----END CERTIFICATE-----
Generated at Mon Sep 8 22:16:55 2025 by rpki-client