Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/0HyUTJhZiSJwNNaIcFxmMVagsmQ.roa
File: 0HyUTJhZiSJwNNaIcFxmMVagsmQ.roa (raw, json)
Hash identifier: Q3woPD6pUhB1djETI1jUQiFuRHhgv+SCDYTOXwV7gfg=
Subject key identifier: D0:7C:94:4C:98:59:89:22:70:34:D6:88:70:5C:66:31:56:A0:B2:64
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1F3A
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0HyUTJhZiSJwNNaIcFxmMVagsmQ.roa
Signing time: Sun 01 Jun 2025 05:38:33 +0000
ROA not before: Sun 01 Jun 2025 05:38:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7994 (0x1f3a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 1 05:38:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D07C944C985989227034D688705C663156A0B264
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:fe:36:21:fd:a7:69:69:fc:06:dd:e4:ed:e6:
cd:c8:04:a6:a4:ef:ed:40:08:5a:e1:5d:2f:b8:f1:
60:07:51:b2:b2:0a:3c:b0:70:61:28:bb:17:f7:62:
cf:10:04:0c:b0:aa:12:60:86:36:32:7f:75:f4:e6:
73:51:7f:a5:bd:16:e7:5a:26:d3:48:0e:f0:fb:87:
90:08:d5:72:63:e8:e7:95:3d:c6:df:95:4d:ea:74:
8b:4f:63:40:43:e3:e2:4e:1b:86:74:1b:82:0f:33:
26:63:b6:49:19:44:0e:e2:e6:f6:aa:d1:92:f0:3f:
40:4f:3e:58:79:30:4b:28:a5:10:8d:5f:65:97:45:
e6:ce:f9:24:06:68:fa:b1:e1:ec:95:d6:9d:6b:f5:
22:00:b8:e7:1a:89:dd:6d:0f:be:0b:98:ee:ff:b3:
78:e1:52:3d:d4:f7:56:85:e1:c9:fc:e3:d5:c3:71:
21:db:a7:1a:74:8e:29:a7:6d:0a:f1:a9:66:19:0f:
4f:ee:30:0a:ec:13:7a:59:41:4f:d3:34:a9:6c:ac:
01:58:36:97:63:af:b6:30:64:a4:e2:56:99:eb:cb:
92:56:26:e5:e5:77:c4:e5:4c:74:72:4a:64:3a:ab:
4d:71:d5:95:14:92:1d:12:1b:5d:bc:e8:40:f6:b5:
9e:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:7C:94:4C:98:59:89:22:70:34:D6:88:70:5C:66:31:56:A0:B2:64
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0HyUTJhZiSJwNNaIcFxmMVagsmQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
28:4f:3d:25:e3:f5:7f:0e:4a:26:2e:09:fc:75:c0:6e:81:c5:
47:77:ad:c1:40:78:c7:b9:8f:98:01:a3:d0:30:08:b4:63:26:
90:ac:d7:cb:ee:08:b4:8b:31:76:62:f6:84:19:b6:b7:1f:79:
be:45:d5:3f:d2:88:bf:78:04:f2:d3:e9:b5:0b:87:87:8c:66:
9d:83:49:fd:d5:49:08:b8:63:15:98:fc:be:c2:7c:5d:f2:d2:
7d:bd:f9:11:15:e4:69:4a:c4:02:eb:52:c7:c5:78:22:de:aa:
46:55:c0:48:91:b0:90:a3:ea:cd:85:a5:d9:da:88:27:f0:3e:
ad:d3:aa:c8:88:25:25:39:f2:00:d1:31:bd:6c:dc:94:82:88:
0a:a8:3b:dc:36:f8:51:d7:b2:cc:5c:41:ae:77:d6:67:aa:25:
61:86:92:b4:6a:c9:a3:77:f1:9e:bf:8a:e1:49:7f:bf:9a:c3:
26:7e:62:59:85:82:29:fb:30:ba:62:1d:d6:3f:b5:90:d1:6c:
4c:81:bc:8d:63:fc:76:93:5d:48:7e:c4:6f:25:ed:63:4a:08:
d8:73:88:8f:11:45:ee:54:18:16:41:90:51:15:1f:39:38:f7:
78:b0:29:c1:1e:ef:73:48:87:de:b6:12:ab:76:62:12:37:a7:
00:96:3d:b0
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHzowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDEw
NTM4MzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQwN0M5NDRDOTg1OTg5
MjI3MDM0RDY4ODcwNUM2NjMxNTZBMEIyNjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQ/jYh/adpafwG3eTt5s3IBKak7+1ACFrhXS+48WAHUbKyCjyw
cGEouxf3Ys8QBAywqhJghjYyf3X05nNRf6W9FudaJtNIDvD7h5AI1XJj6OeVPcbf
lU3qdItPY0BD4+JOG4Z0G4IPMyZjtkkZRA7i5vaq0ZLwP0BPPlh5MEsopRCNX2WX
RebO+SQGaPqx4eyV1p1r9SIAuOcaid1tD74LmO7/s3jhUj3U91aF4cn849XDcSHb
pxp0jimnbQrxqWYZD0/uMArsE3pZQU/TNKlsrAFYNpdjr7YwZKTiVpnry5JWJuXl
d8TlTHRySmQ6q01x1ZUUkh0SG1286ED2tZ7XAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU0HyUTJhZiSJwNNaIcFxmMVagsmQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvMEh5VVRKaFppU0p3
Tk5hSWNGeG1NVmFnc21RLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAChPPSXj9X8OSiYuCfx1wG6BxUd3
rcFAeMe5j5gBo9AwCLRjJpCs18vuCLSLMXZi9oQZtrcfeb5F1T/SiL94BPLT6bUL
h4eMZp2DSf3VSQi4YxWY/L7CfF3y0n29+REV5GlKxALrUsfFeCLeqkZVwEiRsJCj
6s2FpdnaiCfwPq3TqsiIJSU58gDRMb1s3JSCiAqoO9w2+FHXssxcQa531meqJWGG
krRqyaN38Z6/iuFJf7+awyZ+YlmFgin7MLpiHdY/tZDRbEyBvI1j/HaTXUh+xG8l
7WNKCNhziI8RRe5UGBZBkFEVHzk493iwKcEe73NIh962Eqt2YhI3pwCWPbA=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:35:11 2025 by rpki-client