Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/34uSzvl154f9JVrprvDli3sbOvU.roa
File: 34uSzvl154f9JVrprvDli3sbOvU.roa (raw, json)
Hash identifier: EGeAlxNJJW5ysTT/sOhyGXrOYHi1f0shLIcbFi43A6I=
Subject key identifier: DF:8B:92:CE:F9:75:E7:87:FD:25:5A:E9:AE:F0:E5:8B:7B:1B:3A:F5
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 25E8
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/34uSzvl154f9JVrprvDli3sbOvU.roa
Signing time: Fri 13 Jun 2025 02:45:47 +0000
ROA not before: Fri 13 Jun 2025 02:45:47 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9704 (0x25e8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 02:45:47 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DF8B92CEF975E787FD255AE9AEF0E58B7B1B3AF5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:14:d4:66:ed:58:0c:62:1e:2e:ef:39:00:89:
f2:1b:89:34:73:4a:36:a9:8f:f0:65:85:17:d1:ab:
b7:73:eb:b6:89:17:7e:3c:b7:31:0c:28:7b:3c:f4:
90:87:5e:f1:6a:ab:e3:7f:aa:45:86:b4:4e:88:fa:
89:e5:3a:b1:1e:6d:63:dc:a5:d3:9f:58:17:8b:fb:
ac:54:0d:a3:de:9d:6f:45:59:7c:87:32:79:52:3e:
cb:3f:aa:2e:93:ec:e2:b2:9f:fd:e1:5d:f2:c5:e3:
6c:2a:13:50:b3:70:77:34:ca:0b:a1:8d:d2:5b:62:
b1:39:7b:df:54:b2:10:7c:3c:a5:9a:d4:2f:40:a1:
93:53:83:57:d0:bb:7e:35:ec:ac:65:b7:6a:55:f1:
3b:3e:29:30:02:df:c4:59:40:38:9d:de:fb:86:bb:
95:df:88:82:1d:03:9e:7e:36:68:5d:ed:9e:1c:30:
da:67:05:13:9f:9f:c6:59:1f:bc:2c:c7:db:ff:68:
7c:35:7e:2f:82:7c:90:17:59:8b:38:b4:dc:c4:ae:
1a:90:b1:20:57:89:41:8b:e1:cf:c0:3a:50:c0:9e:
a1:17:30:8e:91:18:4a:9f:8b:87:b4:07:72:ac:a2:
cc:8a:d9:9a:aa:7a:c4:60:cc:b8:42:84:93:98:da:
5b:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:8B:92:CE:F9:75:E7:87:FD:25:5A:E9:AE:F0:E5:8B:7B:1B:3A:F5
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/34uSzvl154f9JVrprvDli3sbOvU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
a5:ba:1d:5e:1d:93:e9:ba:2c:99:a1:74:7d:ed:50:86:97:0a:
d8:db:aa:c3:b7:52:2e:f5:e1:67:16:de:9f:37:c2:69:c6:a9:
ea:5d:d1:62:25:00:7a:aa:13:a1:a6:f9:ad:6c:c2:13:5d:92:
e3:84:12:2c:6e:f7:1d:47:3b:87:f2:2d:2f:17:5b:aa:5c:72:
cb:c4:e9:a6:d5:37:0a:d9:4d:7e:cf:47:58:e7:1f:67:6b:87:
c8:b5:15:10:72:71:83:d2:4e:e6:15:14:ba:4f:0e:84:89:d0:
64:45:0d:03:14:cf:ef:3d:ac:19:53:d5:4e:97:ca:7e:18:91:
85:c4:47:e2:28:dd:18:e0:90:0f:8b:30:6a:ec:9b:5c:7b:a5:
47:54:ef:9e:f0:27:99:b8:2a:72:42:47:4f:dc:e9:c1:04:e6:
5e:51:fc:19:d8:bc:cb:1e:ca:78:d6:08:94:0b:47:20:cf:f6:
60:ee:d3:59:54:f9:01:5b:9d:8e:0a:d5:98:32:3e:43:42:cf:
61:37:82:c1:af:0e:30:d2:ea:2e:2a:22:fc:3c:3e:d9:b7:f4:
f5:f2:15:a9:5e:3a:f7:ec:f5:79:54:42:69:68:f8:37:a8:9f:
86:df:e9:62:a5:3b:49:36:25:60:f4:aa:c5:a2:e5:71:ee:2b:
72:30:cc:20
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJegwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMw
MjQ1NDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERGOEI5MkNFRjk3NUU3
ODdGRDI1NUFFOUFFRjBFNThCN0IxQjNBRjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQFNRm7VgMYh4u7zkAifIbiTRzSjapj/BlhRfRq7dz67aJF348
tzEMKHs89JCHXvFqq+N/qkWGtE6I+onlOrEebWPcpdOfWBeL+6xUDaPenW9FWXyH
MnlSPss/qi6T7OKyn/3hXfLF42wqE1CzcHc0yguhjdJbYrE5e99UshB8PKWa1C9A
oZNTg1fQu3417Kxlt2pV8Ts+KTAC38RZQDid3vuGu5XfiIIdA55+Nmhd7Z4cMNpn
BROfn8ZZH7wsx9v/aHw1fi+CfJAXWYs4tNzErhqQsSBXiUGL4c/AOlDAnqEXMI6R
GEqfi4e0B3KsosyK2ZqqesRgzLhChJOY2lt5AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU34uSzvl154f9JVrprvDli3sbOvUwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvMzR1U3p2bDE1NGY5
SlZycHJ2RGxpM3NiT3ZVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAKW6HV4dk+m6LJmhdH3tUIaXCtjb
qsO3Ui714WcW3p83wmnGqepd0WIlAHqqE6Gm+a1swhNdkuOEEixu9x1HO4fyLS8X
W6pccsvE6abVNwrZTX7PR1jnH2drh8i1FRBycYPSTuYVFLpPDoSJ0GRFDQMUz+89
rBlT1U6Xyn4YkYXER+Io3RjgkA+LMGrsm1x7pUdU757wJ5m4KnJCR0/c6cEE5l5R
/BnYvMseynjWCJQLRyDP9mDu01lU+QFbnY4K1ZgyPkNCz2E3gsGvDjDS6i4qIvw8
Ptm39PXyFaleOvfs9XlUQmlo+Deon4bf6WKlO0k2JWD0qsWi5XHuK3IwzCA=
-----END CERTIFICATE-----
Generated at Sat Jun 21 20:07:38 2025 by rpki-client