Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/0MdSsIiMmn5W1vaRdZSIK7eExcA.roa
File: 0MdSsIiMmn5W1vaRdZSIK7eExcA.roa (raw, json)
Hash identifier: Yhb8mvmENVBfhAXqvSYhpPnDNPhGUJFHwoQtt4gK1zs=
Subject key identifier: D0:C7:52:B0:88:8C:9A:7E:56:D6:F6:91:75:94:88:2B:B7:84:C5:C0
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 24F9
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0MdSsIiMmn5W1vaRdZSIK7eExcA.roa
Signing time: Wed 11 Jun 2025 10:39:11 +0000
ROA not before: Wed 11 Jun 2025 10:39:11 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9465 (0x24f9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 11 10:39:11 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D0C752B0888C9A7E56D6F6917594882BB784C5C0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:1e:9f:50:d1:a8:a9:cc:41:54:07:b5:46:4f:
c9:71:3d:e8:64:81:e7:18:cd:63:4f:a2:4b:9b:e5:
59:b9:61:50:1d:0b:c3:bd:e4:a4:13:6e:50:2a:3e:
f9:9b:34:b8:bb:96:f1:aa:98:97:78:30:59:80:64:
22:32:86:b2:cb:d9:26:7d:1e:c6:74:58:70:72:bb:
58:b1:ae:3e:35:d8:95:28:12:c8:5d:9a:51:62:ed:
0d:1e:e4:e1:9f:b1:31:b6:c5:4c:08:3e:23:24:5a:
c9:df:68:b5:84:89:63:bd:39:99:66:19:3f:7c:5e:
70:db:2f:03:72:92:54:cb:54:17:f5:21:2c:29:5f:
c2:a0:ef:02:cb:85:aa:a7:51:9f:c2:0d:40:62:c7:
22:b4:5b:8a:e5:5b:42:45:82:c4:e1:28:f2:28:61:
1a:78:9c:4f:37:f6:17:1e:82:6c:9c:e0:0a:de:0a:
8c:3a:47:10:9d:9d:a0:6f:2f:14:2b:5e:3c:53:70:
d3:44:2a:ef:1a:86:95:f8:45:9f:a4:d7:91:79:5b:
4a:64:0f:a8:56:68:aa:07:e1:33:32:c0:87:f8:20:
ec:12:0d:2b:f6:91:c3:40:87:a8:ea:e0:68:ca:43:
a1:fa:62:29:ed:34:3d:6b:01:6c:f5:b7:11:dd:e9:
27:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:C7:52:B0:88:8C:9A:7E:56:D6:F6:91:75:94:88:2B:B7:84:C5:C0
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0MdSsIiMmn5W1vaRdZSIK7eExcA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
65:fa:7c:6d:cc:51:a7:09:6a:15:54:36:ff:79:65:22:3e:28:
88:b9:0d:a3:84:57:10:89:5e:0e:e4:c8:35:f6:ea:64:e6:d8:
0b:00:8b:fe:74:b1:bd:27:b9:3a:a1:5e:57:86:37:c4:7c:47:
f5:3e:ef:13:7b:59:0b:d3:8e:63:6b:4f:c1:79:f2:e7:11:19:
bb:80:8f:4e:6e:c9:2b:3a:76:82:1b:4e:41:80:45:9c:25:fd:
62:fa:fc:f3:5d:bd:0c:4b:78:25:b4:0a:ae:5b:16:98:6f:b8:
c7:4b:34:43:54:38:4e:6f:d6:41:09:6d:b9:a6:b1:03:ca:ec:
ab:17:09:ab:e0:13:59:55:98:05:0d:4f:fc:aa:20:9c:ab:31:
09:31:95:76:41:f9:0c:1c:bd:75:c7:67:87:8a:fd:ba:7a:6d:
86:98:81:91:f4:8d:a8:7a:f9:04:c3:d0:5c:b6:f4:3a:e0:27:
92:b0:ed:b1:36:66:31:71:17:d7:6b:37:42:c7:f9:5c:04:e2:
49:94:8c:99:b4:73:b6:a2:62:f1:c7:55:70:7b:05:e5:98:5a:
55:d2:75:b4:78:86:bf:ad:73:2c:8d:0c:d0:fb:82:18:d1:63:
31:cd:31:6c:c4:20:13:0a:50:8c:06:0e:b6:b2:22:15:f1:89:
6e:6f:9b:91
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJPkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTEx
MDM5MTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQwQzc1MkIwODg4QzlB
N0U1NkQ2RjY5MTc1OTQ4ODJCQjc4NEM1QzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDaHp9Q0aipzEFUB7VGT8lxPehkgecYzWNPokub5Vm5YVAdC8O9
5KQTblAqPvmbNLi7lvGqmJd4MFmAZCIyhrLL2SZ9HsZ0WHByu1ixrj412JUoEshd
mlFi7Q0e5OGfsTG2xUwIPiMkWsnfaLWEiWO9OZlmGT98XnDbLwNyklTLVBf1ISwp
X8Kg7wLLhaqnUZ/CDUBixyK0W4rlW0JFgsThKPIoYRp4nE839hcegmyc4AreCow6
RxCdnaBvLxQrXjxTcNNEKu8ahpX4RZ+k15F5W0pkD6hWaKoH4TMywIf4IOwSDSv2
kcNAh6jq4GjKQ6H6YintND1rAWz1txHd6SfTAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU0MdSsIiMmn5W1vaRdZSIK7eExcAwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvME1kU3NJaU1tbjVX
MXZhUmRaU0lLN2VFeGNBLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGX6fG3MUacJahVUNv95ZSI+KIi5
DaOEVxCJXg7kyDX26mTm2AsAi/50sb0nuTqhXleGN8R8R/U+7xN7WQvTjmNrT8F5
8ucRGbuAj05uySs6doIbTkGARZwl/WL6/PNdvQxLeCW0Cq5bFphvuMdLNENUOE5v
1kEJbbmmsQPK7KsXCavgE1lVmAUNT/yqIJyrMQkxlXZB+QwcvXXHZ4eK/bp6bYaY
gZH0jah6+QTD0Fy29DrgJ5Kw7bE2ZjFxF9drN0LH+VwE4kmUjJm0c7aiYvHHVXB7
BeWYWlXSdbR4hr+tcyyNDND7ghjRYzHNMWzEIBMKUIwGDrayIhXxiW5vm5E=
-----END CERTIFICATE-----
Generated at Sun Jun 22 06:31:49 2025 by rpki-client