Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/2x3Yi2BJa475iLD1NisPFRtuE4M.roa
File: 2x3Yi2BJa475iLD1NisPFRtuE4M.roa (raw, json)
Hash identifier: kLZYXLdTNHupr2dTM2LNqcqvpzMNjNkC+MMMYNyxDg4=
Subject key identifier: DB:1D:D8:8B:60:49:6B:8E:F9:88:B0:F5:36:2B:0F:15:1B:6E:13:83
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 234F
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/2x3Yi2BJa475iLD1NisPFRtuE4M.roa
Signing time: Sun 08 Jun 2025 11:38:55 +0000
ROA not before: Sun 08 Jun 2025 11:38:55 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9039 (0x234f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 8 11:38:55 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DB1DD88B60496B8EF988B0F5362B0F151B6E1383
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:8a:ed:7b:df:83:be:67:85:13:ce:b3:74:80:
ec:00:e2:eb:4f:10:c9:e2:49:94:a3:1f:92:8b:80:
a6:77:d8:1b:c5:7b:fb:01:90:63:44:7a:ed:d8:83:
2b:2b:ba:17:e6:cb:b9:fa:38:18:67:fd:5d:66:26:
8f:e8:5c:9b:f8:b6:ec:63:1e:93:14:c9:20:86:8a:
a5:95:14:f2:eb:b7:43:96:55:c1:b8:b0:4c:92:fb:
6f:9c:82:47:3f:f7:6b:98:23:ae:e1:f1:55:e8:ad:
ab:78:7a:5a:4b:b5:95:bc:e9:15:be:b1:9c:6c:99:
ab:b2:d8:e6:ea:e3:1e:9f:cc:f3:69:24:cb:8c:c4:
99:67:5c:f9:d3:f5:97:97:07:7e:6e:93:2a:ee:72:
ac:19:39:d3:7e:2b:6e:f3:0f:f5:23:5b:06:c6:f8:
70:a7:5d:61:c5:75:31:04:ec:b9:8b:92:f6:03:e2:
95:04:cf:25:75:72:7f:df:c6:fb:33:41:0e:b7:b5:
42:e4:58:ac:4d:91:bd:95:5e:e5:68:c3:60:7d:20:
3b:a2:90:c9:33:49:eb:d0:e4:af:e7:6c:5a:63:99:
4b:e8:ec:c9:8d:bf:a2:7d:86:f0:d2:60:c2:81:81:
7b:f0:64:70:94:7f:22:29:e4:28:9d:6c:56:2c:c9:
8e:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:1D:D8:8B:60:49:6B:8E:F9:88:B0:F5:36:2B:0F:15:1B:6E:13:83
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/2x3Yi2BJa475iLD1NisPFRtuE4M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
b0:24:b7:56:84:20:41:8b:f5:74:db:2d:9d:98:34:7e:b5:18:
16:d2:89:51:c5:ca:35:cf:3d:5b:ce:95:3d:ff:aa:f9:f4:cf:
b8:44:cf:53:72:5c:d1:ca:03:c6:59:a2:b3:81:d2:c0:59:82:
f6:df:a7:a8:6d:59:ec:cb:c7:f5:5f:7b:0b:3f:a1:0e:21:aa:
c0:14:bf:ea:a8:64:de:70:73:91:22:ec:ce:b7:aa:67:53:de:
ab:88:2b:7f:67:87:47:38:68:da:d1:1c:c7:5e:80:6f:0c:4b:
51:6a:a7:98:bc:66:38:b0:15:2d:51:ec:b7:a0:b9:30:d3:1d:
ed:bb:9b:af:2e:f6:84:50:ee:c1:6b:e7:bb:6e:4c:f9:d8:8d:
54:10:4a:0b:27:68:1b:c9:3d:3b:e1:a4:75:89:27:bf:fd:e4:
3e:df:1a:f3:37:17:7b:bc:60:dd:8a:18:9d:34:bd:ff:35:86:
e7:5e:96:b7:ea:4a:f1:0d:7a:5e:9c:6c:45:d5:20:c8:73:e6:
67:35:1b:11:dc:27:40:ca:56:da:96:76:a8:5a:ae:e1:66:80:
b6:6f:ab:72:5b:1b:88:a5:49:88:a3:8d:8e:91:7c:97:71:dd:
30:05:77:d4:18:10:e9:6a:d5:8b:3b:af:a2:1c:d7:fc:e5:ef:
2e:c3:b4:a2
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICI08wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDgx
MTM4NTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERCMUREODhCNjA0OTZC
OEVGOTg4QjBGNTM2MkIwRjE1MUI2RTEzODMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDiu1734O+Z4UTzrN0gOwA4utPEMniSZSjH5KLgKZ32BvFe/sB
kGNEeu3Ygysruhfmy7n6OBhn/V1mJo/oXJv4tuxjHpMUySCGiqWVFPLrt0OWVcG4
sEyS+2+cgkc/92uYI67h8VXorat4elpLtZW86RW+sZxsmauy2Obq4x6fzPNpJMuM
xJlnXPnT9ZeXB35ukyrucqwZOdN+K27zD/UjWwbG+HCnXWHFdTEE7LmLkvYD4pUE
zyV1cn/fxvszQQ63tULkWKxNkb2VXuVow2B9IDuikMkzSevQ5K/nbFpjmUvo7MmN
v6J9hvDSYMKBgXvwZHCUfyIp5CidbFYsyY5bAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU2x3Yi2BJa475iLD1NisPFRtuE4MwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvMngzWWkyQkphNDc1
aUxEMU5pc1BGUnR1RTRNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALAkt1aEIEGL9XTbLZ2YNH61GBbS
iVHFyjXPPVvOlT3/qvn0z7hEz1NyXNHKA8ZZorOB0sBZgvbfp6htWezLx/Vfews/
oQ4hqsAUv+qoZN5wc5Ei7M63qmdT3quIK39nh0c4aNrRHMdegG8MS1Fqp5i8Zjiw
FS1R7LeguTDTHe27m68u9oRQ7sFr57tuTPnYjVQQSgsnaBvJPTvhpHWJJ7/95D7f
GvM3F3u8YN2KGJ00vf81hudelrfqSvENel6cbEXVIMhz5mc1GxHcJ0DKVtqWdqha
ruFmgLZvq3JbG4ilSYijjY6RfJdx3TAFd9QYEOlq1Ys7r6Ic1/zl7y7DtKI=
-----END CERTIFICATE-----
Generated at Sat Jun 21 08:56:42 2025 by rpki-client