Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/eGebJ8jBdMVdohLsVyY_RC2tC0k.roa
File: eGebJ8jBdMVdohLsVyY_RC2tC0k.roa (raw, json)
Hash identifier: I7kQhkept0x/A9j80zErPYGehlh7/cez2mn593yxggQ=
Subject key identifier: 78:67:9B:27:C8:C1:74:C5:5D:A2:12:EC:57:26:3F:44:2D:AD:0B:49
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 5720
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/eGebJ8jBdMVdohLsVyY_RC2tC0k.roa
Signing time: Tue 09 Sep 2025 02:32:35 +0000
ROA not before: Tue 09 Sep 2025 02:32:35 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22304 (0x5720)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Sep 9 02:32:35 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=78679B27C8C174C55DA212EC57263F442DAD0B49
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:a9:ec:26:c0:4b:e7:25:36:55:f5:b4:57:a1:
5a:39:2b:c0:e3:b2:2e:9b:3d:14:c3:ba:7f:31:2e:
43:24:b5:67:cf:59:60:60:48:54:1e:55:68:0e:6e:
af:39:fd:31:c6:4b:0c:9d:75:cd:c6:30:7c:a2:91:
22:b8:86:bf:51:28:28:b4:d6:3c:1f:60:ad:61:e4:
ed:87:a7:bf:fb:75:3a:47:a4:9a:00:ce:c9:17:91:
63:ec:19:e3:5d:56:73:7b:9a:5f:e6:e5:dc:52:09:
13:b9:ac:bd:6d:73:1b:e2:1e:de:e2:ba:c4:58:d7:
8e:0b:fb:26:bf:59:ed:20:c0:8e:4d:84:93:8c:c8:
24:b6:52:c9:1b:37:6c:13:5e:bf:25:2f:9f:74:8d:
a0:03:b6:95:11:5e:5a:4c:f7:d3:bc:bf:e0:4e:d9:
06:cc:9d:eb:3c:bd:8f:b8:13:07:4a:1f:d0:51:ba:
04:54:65:05:bb:37:fd:1f:ce:e9:5d:71:e0:4d:e2:
33:36:8b:b0:82:67:b5:9a:6d:e5:41:0e:ca:fa:13:
40:02:6e:b4:2f:77:4b:90:fa:d2:64:af:0c:5a:11:
e5:fd:6d:0e:58:e7:4f:fb:62:89:87:7a:fb:1e:a6:
83:15:9c:b5:60:a3:ce:d0:4e:7e:eb:cf:46:c4:af:
a8:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:67:9B:27:C8:C1:74:C5:5D:A2:12:EC:57:26:3F:44:2D:AD:0B:49
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/eGebJ8jBdMVdohLsVyY_RC2tC0k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
6c:60:b4:d9:69:65:85:1f:0f:23:08:34:4f:9d:64:26:7e:2e:
17:f6:5b:ec:4c:12:78:0e:c0:1f:37:82:05:d5:aa:4d:cd:a0:
21:d7:b6:e3:db:f0:d4:f6:5a:95:69:59:f3:ee:51:e4:cf:3f:
a8:ea:97:32:cf:15:b6:8d:cf:d9:7c:1f:86:7c:95:8e:68:f1:
50:36:2f:0e:18:68:5e:0f:cc:f3:4f:ad:dd:6d:44:59:8c:df:
e2:11:1e:47:04:53:46:46:cc:60:f0:80:42:7c:5d:ef:37:60:
4c:b9:57:c3:8a:ea:23:1d:ab:39:7c:35:95:40:d9:bc:4d:07:
a8:fe:ad:42:37:f7:28:57:09:05:fe:d8:fd:c1:89:3e:ef:ca:
c8:a6:d5:e2:4d:4e:59:3d:cd:bc:ae:c0:9c:ab:e6:b1:b1:f7:
6a:6d:ff:84:19:40:d3:dd:df:5c:0c:0b:09:d8:b4:6e:19:13:
b4:73:a7:74:7e:7e:4a:1e:6a:9f:b8:eb:9a:39:2c:ee:05:ea:
b5:67:ab:51:c4:c8:06:bc:90:28:a8:b1:df:3c:78:f4:88:2a:
09:67:7e:26:e9:f7:3d:ab:24:6c:8e:77:34:33:18:b7:f4:c0:
ee:e6:58:12:ba:b9:e4:07:82:51:13:1c:08:9b:23:27:e8:1e:
51:e3:93:8f
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICVyAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA5MDkw
MjMyMzVaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDc4Njc5QjI3QzhDMTc0
QzU1REEyMTJFQzU3MjYzRjQ0MkRBRDBCNDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDZqewmwEvnJTZV9bRXoVo5K8Djsi6bPRTDun8xLkMktWfPWWBg
SFQeVWgObq85/THGSwyddc3GMHyikSK4hr9RKCi01jwfYK1h5O2Hp7/7dTpHpJoA
zskXkWPsGeNdVnN7ml/m5dxSCRO5rL1tcxviHt7iusRY144L+ya/We0gwI5NhJOM
yCS2UskbN2wTXr8lL590jaADtpURXlpM99O8v+BO2QbMnes8vY+4EwdKH9BRugRU
ZQW7N/0fzuldceBN4jM2i7CCZ7WabeVBDsr6E0ACbrQvd0uQ+tJkrwxaEeX9bQ5Y
50/7YomHevsepoMVnLVgo87QTn7rz0bEr6hJAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUeGebJ8jBdMVdohLsVyY/RC2tC0kwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvZUdlYko4akJkTVZk
b2hMc1Z5WV9SQzJ0QzBrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGxgtNlpZYUfDyMINE+dZCZ+Lhf2
W+xMEngOwB83ggXVqk3NoCHXtuPb8NT2WpVpWfPuUeTPP6jqlzLPFbaNz9l8H4Z8
lY5o8VA2Lw4YaF4PzPNPrd1tRFmM3+IRHkcEU0ZGzGDwgEJ8Xe83YEy5V8OK6iMd
qzl8NZVA2bxNB6j+rUI39yhXCQX+2P3BiT7vysim1eJNTlk9zbyuwJyr5rGx92pt
/4QZQNPd31wMCwnYtG4ZE7Rzp3R+fkoeap+465o5LO4F6rVnq1HEyAa8kCiosd88
ePSIKglnfibp9z2rJGyOdzQzGLf0wO7mWBK6ueQHglETHAibIyfoHlHjk48=
-----END CERTIFICATE-----
Generated at Tue Sep 9 10:14:48 2025 by rpki-client