Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/-3KnhUSOVIcSNqy6t0SkcZ-92bM.roa
File: -3KnhUSOVIcSNqy6t0SkcZ-92bM.roa (raw, json)
Hash identifier: 5WmBpwDQLDIzKQD/gI+pMOTMwfvDx1RPMC+nrp/X4Zg=
Subject key identifier: FB:72:A7:85:44:8E:54:87:12:36:AC:BA:B7:44:A4:71:9F:BD:D9:B3
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 22E6
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/-3KnhUSOVIcSNqy6t0SkcZ-92bM.roa
Signing time: Sat 07 Jun 2025 18:08:53 +0000
ROA not before: Sat 07 Jun 2025 18:08:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8934 (0x22e6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 7 18:08:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=FB72A785448E54871236ACBAB744A4719FBDD9B3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:69:ef:b3:61:fa:32:52:43:03:82:29:04:66:
5b:0a:60:16:65:75:01:17:ed:78:89:e4:02:88:67:
18:29:89:6a:1a:a3:15:9f:d9:71:8b:22:ee:f1:11:
11:2f:e9:a7:1b:e5:34:e5:d8:df:7e:62:72:f7:47:
ed:a0:69:88:b0:c1:62:05:1a:aa:c2:cf:fc:44:be:
58:56:5a:87:a5:61:a4:5b:25:13:96:f9:36:57:00:
59:62:00:2e:92:c8:2a:b7:4d:19:d2:cb:c9:44:38:
9b:14:4b:bb:4a:07:d8:ae:1c:d9:77:42:a6:ac:9a:
2c:a8:e9:5c:58:30:29:f4:38:a7:8e:e0:4b:f7:a4:
53:2a:68:8e:00:1b:b1:01:11:6b:a4:f1:bd:65:be:
c8:84:9c:b3:bf:76:97:50:6b:62:57:be:e2:48:8a:
5c:8e:74:ff:02:57:42:b9:e9:88:45:67:a6:b3:65:
f4:28:16:e7:f7:fc:f2:64:12:3f:ea:61:bf:78:3f:
ca:49:05:6d:5c:93:9c:d3:09:3a:18:06:2d:28:27:
da:13:99:56:9c:06:59:71:e1:30:fe:02:44:6b:e1:
3e:e3:ea:a2:a0:73:8d:ea:13:4a:40:e3:e0:fa:b2:
90:b1:c8:28:c6:0e:8f:98:99:2e:c7:dc:b4:be:5c:
7a:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:72:A7:85:44:8E:54:87:12:36:AC:BA:B7:44:A4:71:9F:BD:D9:B3
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/-3KnhUSOVIcSNqy6t0SkcZ-92bM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
bf:f7:71:bf:9b:2f:13:eb:55:18:e1:27:82:5f:59:f8:a8:03:
a6:b3:0e:2c:a8:2b:8b:19:c3:50:08:2b:17:27:46:ab:5f:d9:
42:0a:7e:88:25:13:ac:d1:af:63:26:63:e3:26:52:08:dd:1b:
90:79:e7:1e:7a:af:55:2c:92:42:66:7f:f6:55:cd:63:eb:99:
3d:ab:a8:3b:42:a6:b0:96:7b:a1:4a:6f:08:02:96:e5:f5:2a:
55:04:16:e0:44:1a:2c:ae:cc:85:a0:b4:34:ad:72:80:5c:d2:
3a:3c:78:7f:74:d8:75:5b:ce:98:64:6e:7b:9d:ba:69:f5:c2:
7a:ee:39:94:b6:62:1e:26:04:8c:2b:06:83:af:37:cf:27:52:
0b:5b:80:2d:34:c5:e5:48:19:2f:74:64:57:c4:59:60:0d:27:
ed:d0:fc:bc:2c:28:49:55:a5:57:dd:14:50:2f:3e:ee:28:e9:
50:fd:e3:ed:60:95:0a:8d:cf:00:8b:44:e4:99:ef:1a:7c:2a:
63:a6:5c:27:84:bb:39:49:7e:2b:b8:bf:f2:bd:23:74:77:6b:
24:a3:82:c2:31:a4:3a:3c:26:4f:60:f5:0a:fb:f5:d1:7b:88:
3b:93:da:89:dc:db:36:d2:1f:b2:c8:79:9c:bb:a7:00:be:7d:
cf:52:a4:8a
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIuYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDcx
ODA4NTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZCNzJBNzg1NDQ4RTU0
ODcxMjM2QUNCQUI3NDRBNDcxOUZCREQ5QjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqae+zYfoyUkMDgikEZlsKYBZldQEX7XiJ5AKIZxgpiWoaoxWf
2XGLIu7xEREv6acb5TTl2N9+YnL3R+2gaYiwwWIFGqrCz/xEvlhWWoelYaRbJROW
+TZXAFliAC6SyCq3TRnSy8lEOJsUS7tKB9iuHNl3Qqasmiyo6VxYMCn0OKeO4Ev3
pFMqaI4AG7EBEWuk8b1lvsiEnLO/dpdQa2JXvuJIilyOdP8CV0K56YhFZ6azZfQo
Fuf3/PJkEj/qYb94P8pJBW1ck5zTCToYBi0oJ9oTmVacBllx4TD+AkRr4T7j6qKg
c43qE0pA4+D6spCxyCjGDo+YmS7H3LS+XHpPAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU+3KnhUSOVIcSNqy6t0SkcZ+92bMwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvLTNLbmhVU09WSWNT
TnF5NnQwU2tjWi05MmJNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAL/3cb+bLxPrVRjhJ4JfWfioA6az
DiyoK4sZw1AIKxcnRqtf2UIKfoglE6zRr2MmY+MmUgjdG5B55x56r1UskkJmf/ZV
zWPrmT2rqDtCprCWe6FKbwgCluX1KlUEFuBEGiyuzIWgtDStcoBc0jo8eH902HVb
zphkbnudumn1wnruOZS2Yh4mBIwrBoOvN88nUgtbgC00xeVIGS90ZFfEWWANJ+3Q
/LwsKElVpVfdFFAvPu4o6VD94+1glQqNzwCLROSZ7xp8KmOmXCeEuzlJfiu4v/K9
I3R3aySjgsIxpDo8Jk9g9Qr79dF7iDuT2onc2zbSH7LIeZy7pwC+fc9SpIo=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:59:51 2025 by rpki-client