Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/0oNErba8T6SJ7RuMaAYGNWoQ7oE.roa
File: 0oNErba8T6SJ7RuMaAYGNWoQ7oE.roa (raw, json)
Hash identifier: cfHY4iD969z0WqKPz/qhfAIX9pppgGBk1NTZpUJcp/w=
Subject key identifier: D2:83:44:AD:B6:BC:4F:A4:89:ED:1B:8C:68:06:06:35:6A:10:EE:81
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1EE6
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0oNErba8T6SJ7RuMaAYGNWoQ7oE.roa
Signing time: Sat 31 May 2025 15:38:29 +0000
ROA not before: Sat 31 May 2025 15:38:29 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7910 (0x1ee6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 31 15:38:29 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D28344ADB6BC4FA489ED1B8C680606356A10EE81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:86:ce:4c:8a:9a:24:94:d5:eb:03:9f:42:b4:
49:af:27:26:ee:5d:6e:16:ff:a0:14:21:d9:a1:53:
4b:72:c2:73:11:bc:3b:f5:ed:ea:ad:a1:91:97:47:
36:68:c6:22:fc:f6:3b:88:6d:49:dc:96:40:9c:6b:
45:e1:9f:f0:19:57:58:7a:2c:6e:47:41:ee:2c:4b:
e0:3c:43:78:39:68:f4:6b:06:0e:f9:6b:b8:40:88:
40:3f:92:dd:a0:c3:24:f2:54:91:65:59:f8:ad:0c:
62:29:fd:7d:a9:f0:41:f6:ab:6f:b2:76:e4:d3:0d:
46:42:a6:b7:aa:46:f3:21:f0:39:bf:73:7d:df:5e:
c7:99:61:43:bd:3e:bd:1f:08:f5:e5:3c:e6:1a:ce:
18:eb:fc:b0:8c:e0:2c:0b:31:15:15:b8:d6:21:79:
e3:7f:f4:e6:a5:29:f2:7d:d9:c9:e6:e7:8f:06:f9:
52:21:1c:1f:93:d7:f9:8f:84:a4:00:e6:90:1f:99:
52:0e:6c:d6:cb:73:8f:2a:e8:cf:f5:80:a9:90:c3:
28:14:1f:8d:46:3b:d2:72:15:e7:b7:07:c4:bb:e8:
73:06:c7:32:d4:07:ca:ca:87:8f:5f:5f:77:36:f9:
30:dd:4b:d1:1a:74:0f:bb:7a:f0:7b:0b:02:07:29:
4e:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:83:44:AD:B6:BC:4F:A4:89:ED:1B:8C:68:06:06:35:6A:10:EE:81
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0oNErba8T6SJ7RuMaAYGNWoQ7oE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
a4:86:ff:d8:f9:f2:46:72:e1:f9:95:47:a4:18:5d:9b:e5:e1:
12:54:6a:4a:60:e3:b3:67:8f:0c:b2:70:30:85:81:78:4e:be:
95:25:39:28:08:56:de:aa:ae:a6:27:48:5c:15:44:ce:63:ea:
d3:e1:c3:bb:f5:73:fa:2e:30:32:52:6a:46:06:52:c7:50:03:
0a:eb:0b:5d:aa:c2:d4:06:8f:9e:88:38:0f:7f:1f:f4:2f:f9:
0b:0a:8d:24:38:d6:97:8a:7e:ea:10:6c:2e:b1:5b:7a:b6:1f:
67:3b:42:4d:fb:b0:8a:83:b0:b3:d9:27:3b:59:64:e3:7d:fb:
94:da:5a:2f:e8:a6:42:5d:e1:02:e4:af:f8:bc:10:64:00:e6:
fe:8e:f1:1d:30:a4:82:1a:0c:4a:67:4f:f6:1e:d5:e4:9b:f8:
05:bc:ff:74:32:ca:89:c8:9e:6c:fe:8a:41:ed:b9:7b:af:31:
88:44:fb:99:63:43:7d:28:b4:cf:5a:19:bf:49:2e:43:71:61:
17:1c:15:7f:40:0a:43:29:d1:82:74:da:3a:01:f0:7b:0e:c6:
40:84:15:7c:c0:d6:cd:22:dd:44:bd:9a:e7:05:c6:bb:dc:eb:
a6:af:be:2f:f5:fc:24:63:56:b0:cb:83:97:22:d5:5d:3e:ac:
77:85:82:27
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHuYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MzEx
NTM4MjlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQyODM0NEFEQjZCQzRG
QTQ4OUVEMUI4QzY4MDYwNjM1NkExMEVFODEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCjhs5MipoklNXrA59CtEmvJybuXW4W/6AUIdmhU0tywnMRvDv1
7eqtoZGXRzZoxiL89juIbUnclkCca0Xhn/AZV1h6LG5HQe4sS+A8Q3g5aPRrBg75
a7hAiEA/kt2gwyTyVJFlWfitDGIp/X2p8EH2q2+yduTTDUZCpreqRvMh8Dm/c33f
XseZYUO9Pr0fCPXlPOYazhjr/LCM4CwLMRUVuNYheeN/9OalKfJ92cnm548G+VIh
HB+T1/mPhKQA5pAfmVIObNbLc48q6M/1gKmQwygUH41GO9JyFee3B8S76HMGxzLU
B8rKh49fX3c2+TDdS9EadA+7evB7CwIHKU7XAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU0oNErba8T6SJ7RuMaAYGNWoQ7oEwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvMG9ORXJiYThUNlNK
N1J1TWFBWUdOV29RN29FLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAKSG/9j58kZy4fmVR6QYXZvl4RJU
akpg47NnjwyycDCFgXhOvpUlOSgIVt6qrqYnSFwVRM5j6tPhw7v1c/ouMDJSakYG
UsdQAwrrC12qwtQGj56IOA9/H/Qv+QsKjSQ41peKfuoQbC6xW3q2H2c7Qk37sIqD
sLPZJztZZON9+5TaWi/opkJd4QLkr/i8EGQA5v6O8R0wpIIaDEpnT/Ye1eSb+AW8
/3QyyonInmz+ikHtuXuvMYhE+5ljQ30otM9aGb9JLkNxYRccFX9ACkMp0YJ02joB
8HsOxkCEFXzA1s0i3US9mucFxrvc66avvi/1/CRjVrDLg5ci1V0+rHeFgic=
-----END CERTIFICATE-----
Generated at Sun Jun 22 22:36:39 2025 by rpki-client