Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/2UDpilzvu8YXaG4u8mR7MD9RRB4.roa
File: 2UDpilzvu8YXaG4u8mR7MD9RRB4.roa (raw, json)
Hash identifier: /PWKJAFePPoXR7f3ASGH1TBe2E8dhOEKvJEMqrDIp3Q=
Subject key identifier: D9:40:E9:8A:5C:EF:BB:C6:17:68:6E:2E:F2:64:7B:30:3F:51:44:1E
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 21A4
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/2UDpilzvu8YXaG4u8mR7MD9RRB4.roa
Signing time: Thu 05 Jun 2025 12:38:47 +0000
ROA not before: Thu 05 Jun 2025 12:38:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8612 (0x21a4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 12:38:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D940E98A5CEFBBC617686E2EF2647B303F51441E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:68:ed:12:9f:02:f6:86:fb:f1:fa:eb:5a:34:
26:8e:39:18:c3:d6:8d:de:c6:e8:1e:28:1e:38:29:
e4:24:46:92:89:78:3b:2f:8e:77:c9:3e:2d:ad:74:
83:60:9c:53:dd:cc:37:18:a2:89:6d:15:3d:7e:f5:
d0:4d:aa:69:cb:35:97:2c:06:dc:2d:76:6d:96:da:
f3:99:05:5c:0b:76:0f:6e:fe:be:b9:ed:33:d6:cd:
33:3b:d9:26:6d:aa:6a:86:37:ef:6e:a2:a3:bb:08:
37:10:02:a5:d5:d1:fb:70:e9:26:57:e1:83:f2:0c:
f6:a7:80:3c:b7:32:cb:07:57:88:b7:b1:f7:df:f0:
07:fb:a1:5c:a2:29:d3:d5:cf:4f:61:00:8e:3c:12:
bc:c2:79:14:3a:1e:43:74:01:0c:2c:b7:db:84:7a:
fc:31:8d:15:05:7e:29:e0:9e:b4:53:50:75:1c:98:
7f:b2:38:7c:f7:0f:4d:31:6e:4d:98:95:3b:d3:f2:
85:dc:2c:76:94:e8:4a:3d:79:bc:58:b9:8d:72:66:
5a:4e:65:cb:b7:b1:35:32:24:9f:9a:05:7c:a0:17:
86:f2:24:03:e4:84:48:a2:56:6c:39:60:44:cb:3f:
08:00:02:3d:e5:bd:65:fa:9e:e3:fd:fb:f9:f9:05:
32:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:40:E9:8A:5C:EF:BB:C6:17:68:6E:2E:F2:64:7B:30:3F:51:44:1E
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/2UDpilzvu8YXaG4u8mR7MD9RRB4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
3f:4a:ad:87:99:52:8e:3a:a4:36:5d:a9:85:c2:ff:45:23:fb:
2b:bd:5f:94:91:93:5d:a2:9d:f0:72:9b:ed:a6:1b:6a:bb:c9:
a9:6d:ae:f0:b2:19:db:f5:fe:45:1a:9b:70:d2:11:45:3c:1c:
f7:a8:d7:68:0b:81:cc:d8:fa:49:f9:a9:82:63:24:9a:38:fb:
3a:47:38:0b:6b:a9:51:91:62:85:e7:29:2f:21:a1:75:e5:bc:
69:77:f8:3e:ec:dd:f7:1d:08:f7:29:4d:ad:88:e1:4e:22:a8:
3a:35:dd:19:63:aa:ea:b1:8c:56:d7:43:42:98:fd:2a:75:21:
71:8e:fb:b6:69:d7:69:c1:68:dd:3b:55:ed:68:45:d4:6f:b9:
68:b3:01:54:22:f6:4c:8a:49:f4:3d:08:d4:75:62:d8:3e:c0:
e5:e1:94:12:b9:63:00:21:26:10:39:d4:36:62:57:23:d2:65:
b4:ff:63:c0:a2:b7:50:23:a9:07:fb:a2:cb:96:7e:94:47:c8:
b1:f2:12:24:cf:ab:53:bf:34:59:67:55:5a:46:13:c9:51:15:
5b:2b:12:77:aa:8c:be:e1:bb:b3:6e:a1:e5:44:9c:85:72:67:
b4:47:3c:95:cd:a7:13:ba:74:79:21:59:f1:24:c4:b7:7f:0a:
01:05:92:dc
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIaQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUx
MjM4NDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQ5NDBFOThBNUNFRkJC
QzYxNzY4NkUyRUYyNjQ3QjMwM0Y1MTQ0MUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8aO0SnwL2hvvx+utaNCaOORjD1o3exugeKB44KeQkRpKJeDsv
jnfJPi2tdINgnFPdzDcYooltFT1+9dBNqmnLNZcsBtwtdm2W2vOZBVwLdg9u/r65
7TPWzTM72SZtqmqGN+9uoqO7CDcQAqXV0ftw6SZX4YPyDPangDy3MssHV4i3sfff
8Af7oVyiKdPVz09hAI48ErzCeRQ6HkN0AQwst9uEevwxjRUFfingnrRTUHUcmH+y
OHz3D00xbk2YlTvT8oXcLHaU6Eo9ebxYuY1yZlpOZcu3sTUyJJ+aBXygF4byJAPk
hEiiVmw5YETLPwgAAj3lvWX6nuP9+/n5BTKrAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU2UDpilzvu8YXaG4u8mR7MD9RRB4wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvMlVEcGlsenZ1OFlY
YUc0dThtUjdNRDlSUkI0LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAD9KrYeZUo46pDZdqYXC/0Uj+yu9
X5SRk12infBym+2mG2q7yaltrvCyGdv1/kUam3DSEUU8HPeo12gLgczY+kn5qYJj
JJo4+zpHOAtrqVGRYoXnKS8hoXXlvGl3+D7s3fcdCPcpTa2I4U4iqDo13Rljquqx
jFbXQ0KY/Sp1IXGO+7Zp12nBaN07Ve1oRdRvuWizAVQi9kyKSfQ9CNR1Ytg+wOXh
lBK5YwAhJhA51DZiVyPSZbT/Y8Cit1AjqQf7osuWfpRHyLHyEiTPq1O/NFlnVVpG
E8lRFVsrEneqjL7hu7NuoeVEnIVyZ7RHPJXNpxO6dHkhWfEkxLd/CgEFktw=
-----END CERTIFICATE-----
Generated at Sun Jun 22 18:01:06 2025 by rpki-client