Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/0A19iC7o-gqnp4-L4Sy0lCqgV0w.roa
File: 0A19iC7o-gqnp4-L4Sy0lCqgV0w.roa (raw, json)
Hash identifier: J6L3uYZ+GfJXXQ7VQUh+IG785Q8ZuxGpsZelCxgwaEg=
Subject key identifier: D0:0D:7D:88:2E:E8:FA:0A:A7:A7:8F:8B:E1:2C:B4:94:2A:A0:57:4C
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2690
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0A19iC7o-gqnp4-L4Sy0lCqgV0w.roa
Signing time: Sat 14 Jun 2025 06:39:18 +0000
ROA not before: Sat 14 Jun 2025 06:39:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9872 (0x2690)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 14 06:39:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D00D7D882EE8FA0AA7A78F8BE12CB4942AA0574C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:42:50:9b:34:f9:86:03:51:ff:20:b8:3c:3e:
eb:b8:a3:5a:02:84:cc:69:65:ec:67:7f:8f:e4:fc:
ab:92:9d:52:61:4d:83:7b:00:c3:0e:46:4e:03:06:
d1:fa:84:8d:3c:93:c6:3d:ca:f2:96:5c:c5:ff:69:
77:9c:20:6b:01:36:81:c1:d6:8b:ac:34:3e:94:d4:
7f:c1:59:4e:cd:83:35:76:37:e0:25:06:01:06:fc:
a3:fa:18:d0:f3:3b:d9:da:da:db:cf:ab:e2:a2:4c:
0d:25:52:fe:fe:d5:17:ce:06:6b:42:25:c9:6d:df:
8d:2f:b2:df:cf:e1:d7:cb:7d:3b:f6:57:55:61:ba:
c3:09:20:4c:08:19:4d:8e:48:42:07:9a:df:b2:fb:
d8:fa:1d:c6:3e:fe:3a:1f:d8:9f:36:2e:58:87:6f:
9d:a3:2a:85:0b:12:f2:4f:97:27:45:8f:62:a8:7f:
61:55:e4:79:a9:18:71:ac:e4:ee:a9:2e:1e:01:98:
77:0e:b4:f7:f5:a8:b8:37:c5:95:ab:a8:7b:be:af:
2e:9b:97:cd:bf:d2:fe:00:be:92:89:82:63:3c:bd:
96:b3:7b:1c:82:62:cf:00:04:fd:4a:cf:05:e9:e8:
05:df:ba:00:ef:8a:70:97:5f:79:16:af:24:38:98:
bf:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:0D:7D:88:2E:E8:FA:0A:A7:A7:8F:8B:E1:2C:B4:94:2A:A0:57:4C
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0A19iC7o-gqnp4-L4Sy0lCqgV0w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
0d:f0:11:b5:53:fc:db:27:c9:c3:7b:6c:49:5f:b8:37:70:5b:
5c:c1:8b:0b:21:ac:2b:ff:56:a7:d8:02:2d:8c:5c:da:a6:4b:
7e:b2:01:dc:90:8f:1f:df:37:f7:d1:46:2e:01:c8:aa:5b:ec:
24:ff:83:35:41:b6:2f:53:0d:2f:89:64:bd:59:c0:c0:55:cf:
26:51:4f:5b:60:52:65:20:3a:57:d0:d5:09:d6:08:52:e6:eb:
63:d3:3b:1d:95:26:11:5b:81:f1:92:d8:f6:6a:ea:18:eb:b7:
24:b3:c2:3d:f0:00:b9:b2:ca:76:5a:88:f7:0e:64:00:97:06:
d5:71:5e:c3:96:3e:92:96:35:28:d6:59:c7:d5:88:3d:eb:2a:
62:12:38:84:e4:11:5f:46:7e:0d:9b:ba:01:2d:1d:dc:a4:17:
da:05:71:07:ec:19:c1:b4:60:2c:fe:e3:1b:52:b3:2f:9a:4d:
12:f4:2c:00:e6:9a:6e:23:9b:13:a7:f4:8c:cb:07:6a:ec:44:
78:a5:31:75:d7:ab:3c:13:f4:bc:22:6a:36:0f:e1:1a:4a:53:
ae:82:66:63:bd:88:46:ad:ef:6e:a2:59:ab:a6:d5:2b:d6:cf:
94:78:10:55:d6:61:ce:00:d6:41:f6:d1:a8:9e:0b:65:66:32:
1f:f7:4d:06
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJpAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTQw
NjM5MThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQwMEQ3RDg4MkVFOEZB
MEFBN0E3OEY4QkUxMkNCNDk0MkFBMDU3NEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVQlCbNPmGA1H/ILg8Puu4o1oChMxpZexnf4/k/KuSnVJhTYN7
AMMORk4DBtH6hI08k8Y9yvKWXMX/aXecIGsBNoHB1ousND6U1H/BWU7NgzV2N+Al
BgEG/KP6GNDzO9na2tvPq+KiTA0lUv7+1RfOBmtCJclt340vst/P4dfLfTv2V1Vh
usMJIEwIGU2OSEIHmt+y+9j6HcY+/jof2J82LliHb52jKoULEvJPlydFj2Kof2FV
5HmpGHGs5O6pLh4BmHcOtPf1qLg3xZWrqHu+ry6bl82/0v4AvpKJgmM8vZazexyC
Ys8ABP1KzwXp6AXfugDvinCXX3kWryQ4mL+lAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU0A19iC7o+gqnp4+L4Sy0lCqgV0wwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvMEExOWlDN28tZ3Fu
cDQtTDRTeTBsQ3FnVjB3LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAA3wEbVT/NsnycN7bElfuDdwW1zB
iwshrCv/VqfYAi2MXNqmS36yAdyQjx/fN/fRRi4ByKpb7CT/gzVBti9TDS+JZL1Z
wMBVzyZRT1tgUmUgOlfQ1QnWCFLm62PTOx2VJhFbgfGS2PZq6hjrtySzwj3wALmy
ynZaiPcOZACXBtVxXsOWPpKWNSjWWcfViD3rKmISOITkEV9Gfg2bugEtHdykF9oF
cQfsGcG0YCz+4xtSsy+aTRL0LADmmm4jmxOn9IzLB2rsRHilMXXXqzwT9LwiajYP
4RpKU66CZmO9iEat726iWaum1SvWz5R4EFXWYc4A1kH20aieC2VmMh/3TQY=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:58:34 2025 by rpki-client