Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/37lk-K0AFzngSJD5NoRJtmPidq4.roa
File: 37lk-K0AFzngSJD5NoRJtmPidq4.roa (raw, json)
Hash identifier: JQCxpl78MpQo4NH7Ut3yHiVblb9cGdgRl99brqxskcg=
Subject key identifier: DF:B9:64:F8:AD:00:17:39:E0:48:90:F9:36:84:49:B6:63:E2:76:AE
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 21D1
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/37lk-K0AFzngSJD5NoRJtmPidq4.roa
Signing time: Thu 05 Jun 2025 20:08:48 +0000
ROA not before: Thu 05 Jun 2025 20:08:48 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8657 (0x21d1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 20:08:48 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DFB964F8AD001739E04890F9368449B663E276AE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:2b:42:2f:87:d7:4d:51:cd:10:36:dd:12:f2:
ad:4d:27:66:42:79:c9:14:21:04:6c:06:f4:9f:50:
a1:12:d9:a3:89:12:ee:ef:7f:03:8d:2a:3a:76:51:
8a:ab:f4:2a:8d:d2:82:89:86:60:75:e6:ad:b3:c4:
b9:6c:b3:1b:b1:5d:15:27:96:d1:4c:b1:f3:a4:f4:
c5:25:2e:96:87:1c:67:e7:b8:6a:20:35:9b:de:c4:
5a:61:12:92:98:d5:e2:36:42:ac:b0:c7:59:31:09:
c1:6c:0f:52:61:56:13:57:6a:1b:96:96:62:c6:08:
75:ec:3f:77:76:a1:25:5f:0d:6d:3a:25:b8:ae:ba:
9b:f3:33:87:34:1d:79:32:93:a5:67:5d:2d:19:73:
fb:a6:b9:af:ff:96:bd:4e:6d:9f:70:ef:8f:8d:ce:
41:31:4e:13:c9:c4:e7:ce:37:5e:c9:db:d1:5c:be:
c7:ad:18:b5:7f:48:0a:5d:a5:bc:e6:03:5f:a8:9f:
c4:fa:2d:1d:e6:08:ce:d3:18:97:79:cd:87:d5:15:
87:45:45:4d:26:40:d7:e9:27:89:b3:b9:30:ec:ad:
2d:16:c1:c4:63:d5:33:85:ad:9f:b5:e3:ff:08:a2:
97:13:a7:07:9d:ed:99:ea:73:c4:a4:d1:13:90:4e:
cf:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:B9:64:F8:AD:00:17:39:E0:48:90:F9:36:84:49:B6:63:E2:76:AE
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/37lk-K0AFzngSJD5NoRJtmPidq4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
20:8b:62:c0:d8:e5:57:d3:3c:8b:b6:c4:f5:01:4d:92:c5:c4:
04:64:43:61:a6:8f:3f:0d:ae:af:42:4a:a0:52:f5:f2:27:a5:
d3:e5:ae:10:b1:99:64:f6:b4:49:42:54:dc:2e:f1:e7:4a:dc:
20:46:a9:13:a6:9a:21:01:26:c4:e4:cf:67:15:b8:71:0e:e0:
ed:70:d6:d6:f4:49:14:d5:f0:7e:d7:79:76:0c:22:66:ea:4e:
4a:6c:61:ed:0f:42:76:06:92:b6:19:0e:3e:48:1f:b5:65:50:
0d:01:69:58:e1:1a:e8:57:b4:12:62:d5:b8:20:47:be:48:93:
cd:77:07:40:92:74:f1:7f:0a:3c:26:89:a9:5b:8c:b3:05:9c:
c0:a9:89:2a:bc:34:b0:24:c8:af:53:f3:dc:17:1b:c7:51:49:
a7:a6:4f:76:c7:d9:7c:50:fe:56:a0:b8:b5:3f:a3:57:c1:34:
6d:0d:f6:fc:ec:a8:fc:88:6a:0d:3c:77:08:4b:34:b4:bb:73:
0f:85:84:cb:29:3f:97:14:1c:7a:ff:b7:15:ea:f2:98:9d:2c:
b2:71:07:8f:f6:14:4e:48:e5:a4:1f:ab:ef:33:68:cf:ff:2b:
0b:fe:91:b3:ec:57:c5:6f:cf:03:c5:38:4f:04:fd:0d:e5:22:
ff:fb:a7:73
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIdEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUy
MDA4NDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERGQjk2NEY4QUQwMDE3
MzlFMDQ4OTBGOTM2ODQ0OUI2NjNFMjc2QUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqK0Ivh9dNUc0QNt0S8q1NJ2ZCeckUIQRsBvSfUKES2aOJEu7v
fwONKjp2UYqr9CqN0oKJhmB15q2zxLlssxuxXRUnltFMsfOk9MUlLpaHHGfnuGog
NZvexFphEpKY1eI2Qqywx1kxCcFsD1JhVhNXahuWlmLGCHXsP3d2oSVfDW06Jbiu
upvzM4c0HXkyk6VnXS0Zc/umua//lr1ObZ9w74+NzkExThPJxOfON17J29Fcvset
GLV/SApdpbzmA1+on8T6LR3mCM7TGJd5zYfVFYdFRU0mQNfpJ4mzuTDsrS0WwcRj
1TOFrZ+14/8IopcTpwed7Znqc8Sk0ROQTs8tAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU37lk+K0AFzngSJD5NoRJtmPidq4wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvMzdsay1LMEFGem5n
U0pENU5vUkp0bVBpZHE0LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBACCLYsDY5VfTPIu2xPUBTZLFxARk
Q2Gmjz8Nrq9CSqBS9fInpdPlrhCxmWT2tElCVNwu8edK3CBGqROmmiEBJsTkz2cV
uHEO4O1w1tb0SRTV8H7XeXYMImbqTkpsYe0PQnYGkrYZDj5IH7VlUA0BaVjhGuhX
tBJi1bggR75Ik813B0CSdPF/CjwmialbjLMFnMCpiSq8NLAkyK9T89wXG8dRSaem
T3bH2XxQ/laguLU/o1fBNG0N9vzsqPyIag08dwhLNLS7cw+FhMspP5cUHHr/txXq
8pidLLJxB4/2FE5I5aQfq+8zaM//Kwv+kbPsV8VvzwPFOE8E/Q3lIv/7p3M=
-----END CERTIFICATE-----
Generated at Sun Jun 22 00:47:34 2025 by rpki-client