Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/351LKGsydgTBKp_3tljZiNpFNCE.roa
File: 351LKGsydgTBKp_3tljZiNpFNCE.roa (raw, json)
Hash identifier: 7heAnm5sLBi+ZhyQFOO6OdV1n0z3opRPTgbVk3z7Vf4=
Subject key identifier: DF:9D:4B:28:6B:32:76:04:C1:2A:9F:F7:B6:58:D9:88:DA:45:34:21
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 26A8
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/351LKGsydgTBKp_3tljZiNpFNCE.roa
Signing time: Sat 14 Jun 2025 10:39:17 +0000
ROA not before: Sat 14 Jun 2025 10:39:17 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9896 (0x26a8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 14 10:39:17 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DF9D4B286B327604C12A9FF7B658D988DA453421
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:95:7e:ef:89:a1:07:2c:54:5c:6a:44:90:2d:
02:3b:53:f3:02:ae:16:58:42:19:7c:ab:ea:62:1e:
0a:fe:a1:8a:32:c0:92:fe:f6:42:c9:bc:c3:d5:9c:
fb:f3:ec:f4:93:a8:2f:bb:15:65:65:49:bb:5e:e2:
c5:3d:b0:9e:00:b0:e6:81:69:30:de:b9:d0:76:19:
97:54:44:05:3b:8f:b1:62:60:40:9c:15:d6:36:d4:
9b:1c:17:d1:19:30:78:c1:74:7a:98:64:4f:d7:a3:
6f:51:c0:e0:b2:47:14:d6:59:04:38:ff:70:08:a8:
cd:7a:27:d2:74:da:bf:8d:73:d4:86:b8:e6:d9:cf:
3a:2f:21:c8:ce:bf:5a:d6:ff:ea:9f:56:31:c5:0e:
4b:c1:07:fb:d3:7c:51:c8:6e:62:c9:6d:08:70:9a:
8a:5b:2c:07:fd:fa:4f:52:17:05:57:ba:ed:e5:d4:
a2:10:81:3a:22:99:49:13:c4:fa:7d:e8:0a:d5:6b:
6e:42:94:a2:1b:10:a3:7f:fd:d0:b6:43:9c:b0:50:
7b:fa:0f:35:51:46:d7:2d:06:32:70:cd:c1:da:e7:
c8:cf:01:c2:a4:7a:c3:c0:b2:d3:f5:08:c1:e8:b7:
0e:2c:62:9a:42:4f:d7:1d:0e:51:ff:3c:48:93:d5:
b7:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:9D:4B:28:6B:32:76:04:C1:2A:9F:F7:B6:58:D9:88:DA:45:34:21
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/351LKGsydgTBKp_3tljZiNpFNCE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
b2:5e:ff:c3:98:42:b4:70:46:04:0e:79:4e:81:2b:2d:7c:26:
75:ba:c0:54:c5:30:ac:8f:fc:ce:7e:80:02:89:f2:ea:35:df:
03:1e:7e:67:c5:1d:aa:32:b3:9e:80:c1:ee:1d:3f:bf:ce:1a:
0b:f0:bb:01:53:17:bb:64:b2:aa:c6:77:e5:fc:84:71:ca:7e:
12:15:05:2d:31:6d:f7:6d:10:ef:36:e0:67:54:c2:91:6b:90:
4a:70:b4:02:ef:38:84:2f:26:80:1e:51:4a:b6:e9:40:8f:5d:
88:49:e5:0a:30:ac:53:aa:bb:06:c7:1d:d7:5f:70:19:d2:4a:
a5:81:2f:95:47:34:b2:33:14:03:fc:d4:75:0f:af:9e:b1:e2:
ec:85:a9:19:76:f7:47:06:b3:f9:8d:74:11:e2:cf:65:18:72:
b2:0c:ea:a1:cc:59:8a:48:43:aa:9b:fc:0e:bb:77:38:f5:25:
fe:d1:5e:25:41:8c:21:bf:c3:94:59:e6:4e:14:9c:3b:d1:51:
95:ab:e4:54:e6:fe:42:e4:8e:0e:ca:fd:85:a7:65:7f:37:5b:
0c:38:8f:02:c4:3d:ea:de:e6:9d:d2:80:15:54:58:c0:53:81:
f1:b5:60:6a:38:1a:18:b1:1b:55:43:f6:54:83:4a:d0:79:4e:
c3:ca:78:b3
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJqgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTQx
MDM5MTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERGOUQ0QjI4NkIzMjc2
MDRDMTJBOUZGN0I2NThEOTg4REE0NTM0MjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAlX7viaEHLFRcakSQLQI7U/MCrhZYQhl8q+piHgr+oYoywJL+
9kLJvMPVnPvz7PSTqC+7FWVlSbte4sU9sJ4AsOaBaTDeudB2GZdURAU7j7FiYECc
FdY21JscF9EZMHjBdHqYZE/Xo29RwOCyRxTWWQQ4/3AIqM16J9J02r+Nc9SGuObZ
zzovIcjOv1rW/+qfVjHFDkvBB/vTfFHIbmLJbQhwmopbLAf9+k9SFwVXuu3l1KIQ
gToimUkTxPp96ArVa25ClKIbEKN//dC2Q5ywUHv6DzVRRtctBjJwzcHa58jPAcKk
esPAstP1CMHotw4sYppCT9cdDlH/PEiT1bcbAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU351LKGsydgTBKp/3tljZiNpFNCEwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvMzUxTEtHc3lkZ1RC
S3BfM3RsalppTnBGTkNFLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALJe/8OYQrRwRgQOeU6BKy18JnW6
wFTFMKyP/M5+gAKJ8uo13wMefmfFHaoys56Awe4dP7/OGgvwuwFTF7tksqrGd+X8
hHHKfhIVBS0xbfdtEO824GdUwpFrkEpwtALvOIQvJoAeUUq26UCPXYhJ5QowrFOq
uwbHHddfcBnSSqWBL5VHNLIzFAP81HUPr56x4uyFqRl290cGs/mNdBHiz2UYcrIM
6qHMWYpIQ6qb/A67dzj1Jf7RXiVBjCG/w5RZ5k4UnDvRUZWr5FTm/kLkjg7K/YWn
ZX83Www4jwLEPere5p3SgBVUWMBTgfG1YGo4GhixG1VD9lSDStB5TsPKeLM=
-----END CERTIFICATE-----
Generated at Sat Jun 21 22:02:16 2025 by rpki-client