Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/332/7tcBAFlI2gFLhdl4XamBbZp7IL0.roa
File: 7tcBAFlI2gFLhdl4XamBbZp7IL0.roa (raw, json)
Hash identifier: IDL5V7muaGa8pR5tS9ocSmrliDpyWRWSYAAxjxX/RzY=
Subject key identifier: EE:D7:01:00:59:48:DA:01:4B:85:D9:78:5D:A9:81:6D:9A:7B:20:BD
Certificate issuer: /CN=8646EA74356E704AEDD163ECA94E5A442308DF78
Certificate serial: 1FAE
Authority key identifier: 86:46:EA:74:35:6E:70:4A:ED:D1:63:EC:A9:4E:5A:44:23:08:DF:78
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/hkbqdDVucErt0WPsqU5aRCMI33g.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/332/7tcBAFlI2gFLhdl4XamBbZp7IL0.roa
Signing time: Fri 17 Jan 2025 01:30:13 +0000
ROA not before: Fri 17 Jan 2025 01:30:13 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 24424
IP address blocks: 2401:3800::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8110 (0x1fae)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8646EA74356E704AEDD163ECA94E5A442308DF78
Validity
Not Before: Jan 17 01:30:13 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=EED701005948DA014B85D9785DA9816D9A7B20BD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:72:0c:22:ab:29:92:4b:75:69:c6:07:e2:5d:
d5:da:3a:5f:96:91:ea:91:2c:7e:eb:1d:9b:28:be:
2f:28:78:da:7e:76:cd:58:33:ac:87:75:55:be:c4:
9b:9c:e8:b2:70:a1:0e:eb:8a:c9:7a:1b:da:a8:1d:
36:1b:04:3f:b0:ca:4f:bd:e4:43:fd:86:db:92:5a:
96:8c:48:86:d1:65:8e:de:fa:20:e1:30:01:11:e4:
59:f2:89:ac:26:4f:d1:ed:ee:dc:44:bf:63:44:fd:
2b:55:30:14:8c:a3:29:95:bf:51:d3:2b:67:24:bb:
e6:34:00:cf:a1:a1:26:fe:44:e1:8d:e6:3a:55:be:
ae:69:12:2a:e6:32:65:fb:78:1e:1e:e7:b8:ec:7d:
06:03:ca:01:8d:3b:20:f3:81:7b:f9:75:9e:85:fd:
48:4f:d9:ac:b7:8e:aa:05:c2:c8:15:56:4e:55:44:
bd:a7:9f:6d:ad:d2:09:af:b6:79:a0:12:8d:42:0e:
a2:7c:e0:6f:da:a8:95:0e:05:72:68:93:cc:be:bd:
c7:f0:ff:ab:1b:c2:7f:fe:52:f4:f1:d0:fa:72:0d:
84:40:3c:3f:64:0c:2f:3c:41:b9:21:7c:fe:e8:ff:
20:ce:f9:55:9b:02:6b:ab:26:83:8a:92:95:3e:51:
dd:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:D7:01:00:59:48:DA:01:4B:85:D9:78:5D:A9:81:6D:9A:7B:20:BD
X509v3 Authority Key Identifier:
keyid:86:46:EA:74:35:6E:70:4A:ED:D1:63:EC:A9:4E:5A:44:23:08:DF:78
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/332/hkbqdDVucErt0WPsqU5aRCMI33g.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/hkbqdDVucErt0WPsqU5aRCMI33g.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/332/7tcBAFlI2gFLhdl4XamBbZp7IL0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2401:3800::/32
Signature Algorithm: sha256WithRSAEncryption
bd:87:ae:82:41:24:51:26:d9:bf:3d:38:a6:22:58:49:27:af:
d0:da:38:12:bb:c8:d5:b0:c7:66:2b:fc:49:18:03:53:7c:75:
66:82:0d:6d:6b:10:3d:49:a0:f0:cd:73:5b:bb:52:14:35:fc:
b1:20:5b:a0:c9:13:df:5e:10:e4:5d:94:ed:cf:6b:a2:15:ae:
d1:f4:42:55:f2:a3:f8:f9:4d:f8:3f:d4:6b:f2:c1:a0:a9:ff:
a6:20:01:fe:b4:2b:f0:6c:4d:f2:64:d6:eb:a5:aa:6c:cd:83:
f5:45:1d:d4:68:60:34:b6:41:57:ef:e1:a1:66:9b:76:4c:a6:
12:1b:0b:39:c6:a8:52:10:d7:e1:ae:db:44:24:40:d2:54:d8:
41:e1:b0:6a:13:1d:c8:d7:b1:04:fa:cc:cc:4a:37:cc:f7:cd:
a6:26:01:9f:ea:28:10:df:09:4a:a9:4b:65:1a:20:db:a6:f2:
16:13:ef:7a:11:9b:fe:50:80:39:02:3c:3e:37:66:21:62:9b:
15:8a:eb:17:08:63:e1:78:3a:2c:54:17:2e:66:f4:cb:6f:8d:
79:41:53:24:82:fc:8f:9b:24:d4:d7:55:5a:f0:ef:df:36:9f:
8e:d7:9a:3c:a2:18:95:c3:e6:ff:17:34:12:7a:3f:e7:1f:ce:
d6:37:57:d5
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgICH64wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoODY0
NkVBNzQzNTZFNzA0QUVERDE2M0VDQTk0RTVBNDQyMzA4REY3ODAeFw0yNTAxMTcw
MTMwMTNaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKEVFRDcwMTAwNTk0OERB
MDE0Qjg1RDk3ODVEQTk4MTZEOUE3QjIwQkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDocgwiqymSS3VpxgfiXdXaOl+WkeqRLH7rHZsovi8oeNp+ds1Y
M6yHdVW+xJuc6LJwoQ7risl6G9qoHTYbBD+wyk+95EP9htuSWpaMSIbRZY7e+iDh
MAER5FnyiawmT9Ht7txEv2NE/StVMBSMoymVv1HTK2cku+Y0AM+hoSb+ROGN5jpV
vq5pEirmMmX7eB4e57jsfQYDygGNOyDzgXv5dZ6F/UhP2ay3jqoFwsgVVk5VRL2n
n22t0gmvtnmgEo1CDqJ84G/aqJUOBXJok8y+vcfw/6sbwn/+UvTx0PpyDYRAPD9k
DC88QbkhfP7o/yDO+VWbAmurJoOKkpU+Ud35AgMBAAGjggHyMIIB7jAdBgNVHQ4E
FgQU7tcBAFlI2gFLhdl4XamBbZp7IL0wHwYDVR0jBBgwFoAUhkbqdDVucErt0WPs
qU5aRCMI33gwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzMy
L2hrYnFkRFZ1Y0VydDBXUHNxVTVhUkNNSTMzZy5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvaGticWREVnVjRXJ0MFdQc3FVNWFSQ01JMzNnLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzMyLzd0Y0JBRmxJMmdGTGhk
bDRYYW1CYlpwN0lMMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcD
BQAkATgAMA0GCSqGSIb3DQEBCwUAA4IBAQC9h66CQSRRJtm/PTimIlhJJ6/Q2jgS
u8jVsMdmK/xJGANTfHVmgg1taxA9SaDwzXNbu1IUNfyxIFugyRPfXhDkXZTtz2ui
Fa7R9EJV8qP4+U34P9Rr8sGgqf+mIAH+tCvwbE3yZNbrpapszYP1RR3UaGA0tkFX
7+GhZpt2TKYSGws5xqhSENfhrttEJEDSVNhB4bBqEx3I17EE+szMSjfM982mJgGf
6igQ3wlKqUtlGiDbpvIWE+96EZv+UIA5Ajw+N2YhYpsViusXCGPheDosVBcuZvTL
b415QVMkgvyPmyTU11Va8O/fNp+O15o8ohiVw+b/FzQSej/nH87WN1fV
-----END CERTIFICATE-----
Generated at Fri Apr 4 21:51:27 2025 by rpki-client