Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/39lbnQT3UIMsjK93ZQRIt9aTLsE.roa
File: 39lbnQT3UIMsjK93ZQRIt9aTLsE.roa (raw, json)
Hash identifier: wdC0GWl3qmmE9+t99055te+Ro8i7iQ9FcmDIhM1ZHXg=
Subject key identifier: DF:D9:5B:9D:04:F7:50:83:2C:8C:AF:77:65:04:48:B7:D6:93:2E:C1
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2207
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/39lbnQT3UIMsjK93ZQRIt9aTLsE.roa
Signing time: Fri 06 Jun 2025 05:08:46 +0000
ROA not before: Fri 06 Jun 2025 05:08:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8711 (0x2207)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 6 05:08:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DFD95B9D04F750832C8CAF77650448B7D6932EC1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:99:81:45:23:a5:72:01:0a:c2:da:45:5b:3c:
77:66:fe:e5:84:4c:d3:fe:0f:11:01:21:5c:89:b2:
b9:aa:fd:9c:9d:cd:5a:3b:2c:94:82:ca:8e:52:e1:
b9:4f:06:35:6e:42:f6:4b:97:b0:8c:60:d6:77:42:
93:61:fa:9c:e9:4d:5c:20:11:56:17:a3:2d:f8:9b:
57:63:de:13:17:1c:e2:2a:98:57:c5:26:69:40:37:
17:f4:ce:f5:a4:73:d3:71:47:f2:07:fc:b7:18:1f:
3f:56:b7:47:b3:46:ea:1f:7b:31:8f:2d:12:d6:0c:
1b:1b:4b:d3:59:a8:ed:71:44:d6:67:bd:d8:e2:fd:
28:47:49:b5:a1:96:29:a2:6c:1d:ef:6d:55:54:8a:
43:b2:bc:aa:aa:cb:44:4e:22:1c:6d:36:67:3c:69:
b6:fd:97:f5:3a:85:9a:21:ec:95:7b:8c:e2:bf:cb:
38:6c:ed:8c:3f:b3:2f:45:66:c9:b0:53:a4:d2:0e:
93:b4:34:e0:b6:5e:9d:b1:3b:d8:34:d6:d8:ca:fb:
d5:45:78:55:4d:fe:c3:bd:03:d4:f6:96:f7:69:57:
c9:62:25:4d:bd:fb:a6:da:12:91:0d:4a:53:f2:8b:
5b:fe:9b:c7:99:4f:8a:68:0d:cc:33:56:15:c9:81:
13:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:D9:5B:9D:04:F7:50:83:2C:8C:AF:77:65:04:48:B7:D6:93:2E:C1
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/39lbnQT3UIMsjK93ZQRIt9aTLsE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
bb:27:b3:5e:15:aa:fc:ae:89:fe:60:37:96:26:82:9a:6c:6a:
95:b5:3b:32:82:ef:44:a4:4e:c1:c4:a7:8d:9b:b9:c0:31:4a:
48:32:b0:d9:31:8f:cd:a6:62:ad:c3:6c:40:0e:16:ed:0f:5b:
eb:dc:81:a8:35:2f:00:04:f2:76:04:ee:45:5e:c3:27:06:24:
3c:8d:a8:48:42:3a:07:2d:a9:1d:01:8d:b7:d5:6e:5e:1c:89:
f8:b2:1a:da:c8:04:24:54:3c:c9:60:44:f3:6d:cd:1f:49:19:
57:c2:82:af:9f:e2:e3:4e:3f:00:80:90:b8:c9:7e:fc:29:6b:
cc:1f:95:74:5a:05:66:3f:93:b8:f2:41:ed:a9:43:64:ce:e9:
00:e2:c3:6a:ba:8f:10:48:03:21:50:2e:9c:c6:07:50:b0:9c:
48:24:87:69:31:7a:aa:00:e0:30:c7:56:38:57:85:dc:59:f9:
e8:da:d2:a0:b0:99:4d:b5:ae:f7:1b:84:fa:0e:cd:e3:3e:9d:
ac:af:6f:cd:c2:c7:ed:f8:6f:29:65:32:85:fc:aa:70:d9:29:
6e:20:36:d9:2b:77:be:c0:23:41:c2:bb:ce:11:42:6b:f8:61:
ab:19:52:20:f7:4c:47:2f:77:3f:7d:51:2c:d8:a9:9c:91:91:
11:1c:2a:8d
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIgcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDYw
NTA4NDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERGRDk1QjlEMDRGNzUw
ODMyQzhDQUY3NzY1MDQ0OEI3RDY5MzJFQzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCgmYFFI6VyAQrC2kVbPHdm/uWETNP+DxEBIVyJsrmq/ZydzVo7
LJSCyo5S4blPBjVuQvZLl7CMYNZ3QpNh+pzpTVwgEVYXoy34m1dj3hMXHOIqmFfF
JmlANxf0zvWkc9NxR/IH/LcYHz9Wt0ezRuofezGPLRLWDBsbS9NZqO1xRNZnvdji
/ShHSbWhlimibB3vbVVUikOyvKqqy0ROIhxtNmc8abb9l/U6hZoh7JV7jOK/yzhs
7Yw/sy9FZsmwU6TSDpO0NOC2Xp2xO9g01tjK+9VFeFVN/sO9A9T2lvdpV8liJU29
+6baEpENSlPyi1v+m8eZT4poDcwzVhXJgRMNAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU39lbnQT3UIMsjK93ZQRIt9aTLsEwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvMzlsYm5RVDNVSU1z
aks5M1pRUkl0OWFUTHNFLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALsns14Vqvyuif5gN5YmgppsapW1
OzKC70SkTsHEp42bucAxSkgysNkxj82mYq3DbEAOFu0PW+vcgag1LwAE8nYE7kVe
wycGJDyNqEhCOgctqR0BjbfVbl4cifiyGtrIBCRUPMlgRPNtzR9JGVfCgq+f4uNO
PwCAkLjJfvwpa8wflXRaBWY/k7jyQe2pQ2TO6QDiw2q6jxBIAyFQLpzGB1CwnEgk
h2kxeqoA4DDHVjhXhdxZ+eja0qCwmU21rvcbhPoOzeM+nayvb83Cx+34byllMoX8
qnDZKW4gNtkrd77AI0HCu84RQmv4YasZUiD3TEcvdz99USzYqZyRkREcKo0=
-----END CERTIFICATE-----
Generated at Fri Jun 20 23:04:51 2025 by rpki-client