Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/23TW73Mous_EeWGm0ORTj8pYF7g.roa
File: 23TW73Mous_EeWGm0ORTj8pYF7g.roa (raw, json)
Hash identifier: kdZ37jmhkKS81eq4xdbgB9lAeHXzgb6hIKRe1Egu7p0=
Subject key identifier: DB:74:D6:EF:73:28:BA:CF:C4:79:61:A6:D0:E4:53:8F:CA:58:17:B8
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 22B9
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/23TW73Mous_EeWGm0ORTj8pYF7g.roa
Signing time: Sat 07 Jun 2025 10:38:58 +0000
ROA not before: Sat 07 Jun 2025 10:38:58 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8889 (0x22b9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 7 10:38:58 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DB74D6EF7328BACFC47961A6D0E4538FCA5817B8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:b6:3b:82:ad:ee:da:e7:fe:fb:6f:3c:16:91:
7a:32:e3:0f:8f:d1:76:be:fb:b4:dc:f6:6a:59:ae:
c4:63:8a:aa:ba:4f:92:2f:9e:4d:95:71:d1:5b:b5:
94:8f:92:23:7a:92:c6:73:6c:bf:ee:97:72:68:20:
69:7a:96:f6:56:3c:48:17:06:a5:56:7d:d2:7f:85:
98:14:81:21:c5:da:7b:16:00:d0:f5:5a:17:db:eb:
89:6d:66:a0:91:fa:8e:9a:6e:18:01:d0:2a:c3:e7:
8e:28:cb:85:17:a7:69:41:6c:65:fd:06:14:62:90:
6c:97:7b:71:e7:1f:5e:fa:f5:f0:c7:f4:44:20:63:
cc:e8:c9:eb:2b:87:e6:69:ff:98:2e:f0:e9:9c:24:
ed:e6:3d:10:84:99:f2:29:97:e3:22:c3:2a:68:a7:
43:84:46:58:d1:db:c4:fa:b6:1c:1b:83:e6:2a:b1:
cc:68:cb:84:57:23:69:2f:d3:25:3b:8f:b9:11:12:
38:b0:71:1c:f3:a5:f3:dc:4d:8d:fa:43:fa:76:59:
8c:95:e3:b4:88:91:5b:0b:1c:36:07:41:6c:af:be:
93:e7:c0:ea:51:d7:a6:44:b6:e7:b7:b9:1b:11:2e:
cb:f3:21:68:f2:53:7a:a9:41:29:5b:9e:79:37:f0:
ee:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:74:D6:EF:73:28:BA:CF:C4:79:61:A6:D0:E4:53:8F:CA:58:17:B8
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/23TW73Mous_EeWGm0ORTj8pYF7g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
68:ce:0d:57:ab:bd:f9:d6:1b:10:8a:b0:3b:c9:5f:a1:bc:bd:
9f:cc:cb:94:cd:ed:b6:c6:bf:3e:b7:04:44:3d:5b:85:1b:c5:
40:7e:19:eb:d5:78:8d:91:74:fd:f8:4a:0b:26:ed:15:e5:8d:
0e:29:f2:52:ec:be:42:6b:b3:e0:4d:07:5b:19:31:d9:ce:27:
d4:98:e9:34:f6:70:ae:b7:7e:6d:88:01:11:35:6e:f2:ec:8e:
f4:c2:b8:d3:f4:34:e9:b1:b5:3f:57:f5:2f:a0:65:44:bd:f3:
4c:88:62:b8:11:8b:47:c6:14:37:b1:58:62:33:c2:4e:a0:60:
79:cc:86:ec:72:75:9b:67:1f:ef:e9:af:13:4e:cf:85:53:d0:
ed:f5:24:61:f7:67:50:5d:fe:3d:63:3f:9d:71:67:a0:4e:e2:
9f:b5:42:db:32:6e:b0:23:81:a2:8c:4f:2f:95:44:b9:81:34:
f7:35:19:30:7b:10:33:54:42:6b:9f:3f:a3:5d:27:55:c3:d9:
16:52:cf:5f:4e:62:dd:5d:c2:10:a0:49:98:0e:f6:7a:5e:ac:
3d:77:3b:0f:91:dd:cd:67:e9:28:c6:5c:3e:1c:13:9e:b5:87:
f1:1c:1f:22:90:03:54:1f:2d:f9:24:82:46:4d:bc:52:01:11:
2e:21:4b:f3
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIrkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDcx
MDM4NThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERCNzRENkVGNzMyOEJB
Q0ZDNDc5NjFBNkQwRTQ1MzhGQ0E1ODE3QjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUtjuCre7a5/77bzwWkXoy4w+P0Xa++7Tc9mpZrsRjiqq6T5Iv
nk2VcdFbtZSPkiN6ksZzbL/ul3JoIGl6lvZWPEgXBqVWfdJ/hZgUgSHF2nsWAND1
Whfb64ltZqCR+o6abhgB0CrD544oy4UXp2lBbGX9BhRikGyXe3HnH1769fDH9EQg
Y8zoyesrh+Zp/5gu8OmcJO3mPRCEmfIpl+Miwypop0OERljR28T6thwbg+Yqscxo
y4RXI2kv0yU7j7kREjiwcRzzpfPcTY36Q/p2WYyV47SIkVsLHDYHQWyvvpPnwOpR
16ZEtue3uRsRLsvzIWjyU3qpQSlbnnk38O69AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU23TW73Mous/EeWGm0ORTj8pYF7gwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvMjNUVzczTW91c19F
ZVdHbTBPUlRqOHBZRjdnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGjODVervfnWGxCKsDvJX6G8vZ/M
y5TN7bbGvz63BEQ9W4UbxUB+GevVeI2RdP34Sgsm7RXljQ4p8lLsvkJrs+BNB1sZ
MdnOJ9SY6TT2cK63fm2IARE1bvLsjvTCuNP0NOmxtT9X9S+gZUS980yIYrgRi0fG
FDexWGIzwk6gYHnMhuxydZtnH+/prxNOz4VT0O31JGH3Z1Bd/j1jP51xZ6BO4p+1
QtsybrAjgaKMTy+VRLmBNPc1GTB7EDNUQmufP6NdJ1XD2RZSz19OYt1dwhCgSZgO
9nperD13Ow+R3c1n6SjGXD4cE561h/EcHyKQA1QfLfkkgkZNvFIBES4hS/M=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:37:10 2025 by rpki-client