Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/3owvKKLqsQb0inHjgu-L46_sC1A.roa
File: 3owvKKLqsQb0inHjgu-L46_sC1A.roa (raw, json)
Hash identifier: qr3eU5r6DFp7wJTrl/lr7jehZc1mkfFLhWMzbMGcHZY=
Subject key identifier: DE:8C:2F:28:A2:EA:B1:06:F4:8A:71:E3:82:EF:8B:E3:AF:EC:0B:50
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2A9B
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/3owvKKLqsQb0inHjgu-L46_sC1A.roa
Signing time: Sat 21 Jun 2025 22:41:10 +0000
ROA not before: Sat 21 Jun 2025 22:41:10 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10907 (0x2a9b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 21 22:41:10 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DE8C2F28A2EAB106F48A71E382EF8BE3AFEC0B50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:8c:d0:b1:1f:3e:87:e2:6d:a6:7f:36:ba:e6:
eb:95:9f:e9:ce:e7:cb:e7:f2:6e:74:1e:f4:33:e5:
34:ea:22:e1:fa:21:e7:5e:ff:a6:72:e8:fc:ac:81:
97:d1:6e:0d:67:e8:30:ad:f6:74:02:94:c8:1f:00:
9f:f8:97:95:21:bf:db:0d:36:44:56:80:b3:10:7b:
57:86:86:72:2b:75:53:1b:cf:4a:42:76:dd:c0:cc:
ce:db:b4:fb:45:e8:35:f3:a6:08:ff:42:21:d6:43:
1a:13:73:9e:bc:3c:04:5f:cc:fe:3f:f3:cc:c0:3f:
cb:67:2d:4b:60:db:3a:94:0c:60:bd:8f:b9:ad:9b:
53:56:a3:86:59:51:e6:3b:70:02:5c:b1:d2:89:2b:
ad:53:49:93:fb:29:a1:a0:d7:ec:4e:24:61:23:96:
9f:c6:c4:2d:fb:ff:af:32:d3:3f:39:e3:e8:48:69:
b4:14:b9:4d:8f:c3:0d:62:3e:e7:eb:ff:be:70:35:
0f:d4:f5:b5:5f:89:a5:45:77:e9:97:d8:85:1d:91:
9c:8f:ce:b4:4c:63:de:61:7c:44:2f:e2:d1:40:48:
d5:18:81:5d:e6:e8:1f:47:04:b0:8f:76:2b:d0:37:
86:94:df:4f:85:73:d3:39:da:ff:e4:2a:05:9b:32:
52:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:8C:2F:28:A2:EA:B1:06:F4:8A:71:E3:82:EF:8B:E3:AF:EC:0B:50
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/3owvKKLqsQb0inHjgu-L46_sC1A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
98:2c:db:52:a0:14:d3:24:84:b6:65:08:a9:6d:f1:14:90:01:
bd:27:ec:f5:11:49:8e:4e:c8:18:ce:d1:51:2a:3a:b2:da:d0:
f0:2d:f5:26:9f:e3:a2:5e:b5:0e:df:6d:da:41:41:5c:db:82:
e6:a2:cc:95:e8:3d:cc:45:bf:ad:92:a0:5d:c0:b5:91:87:cd:
3e:7f:fb:dd:98:81:5a:a2:09:e1:5e:46:9b:0e:92:c3:ea:b7:
92:8a:24:7e:cb:28:08:57:e2:77:34:37:fa:d4:fb:cf:ee:03:
3d:ce:5d:3a:0c:1c:f2:a6:36:81:a9:ce:c8:89:52:2c:28:e5:
2e:80:4c:91:8a:8d:28:9f:6c:91:de:6c:48:c9:b5:42:44:2c:
af:0d:23:fb:bb:86:b2:34:65:44:a0:45:1c:09:b0:50:54:bd:
e3:bc:9a:9d:09:28:3f:e8:3b:fc:a4:15:d6:e2:bd:e7:ee:a2:
e7:a0:f3:02:7d:32:4c:d4:2d:36:75:47:8d:05:21:9d:fb:2f:
d1:64:4d:89:11:41:a3:63:d8:47:ec:8d:6f:d3:8f:c9:0f:3b:
44:6f:17:fb:32:20:05:58:63:97:1d:86:05:47:3b:79:fe:17:
cd:c9:cc:dd:93:7e:bb:1f:88:ed:b9:fa:84:2c:bd:1f:4d:b3:
19:e5:8b:4d
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICKpswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MjEy
MjQxMTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERFOEMyRjI4QTJFQUIx
MDZGNDhBNzFFMzgyRUY4QkUzQUZFQzBCNTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQChjNCxHz6H4m2mfza65uuVn+nO58vn8m50HvQz5TTqIuH6Iede
/6Zy6PysgZfRbg1n6DCt9nQClMgfAJ/4l5Uhv9sNNkRWgLMQe1eGhnIrdVMbz0pC
dt3AzM7btPtF6DXzpgj/QiHWQxoTc568PARfzP4/88zAP8tnLUtg2zqUDGC9j7mt
m1NWo4ZZUeY7cAJcsdKJK61TSZP7KaGg1+xOJGEjlp/GxC37/68y0z854+hIabQU
uU2Pww1iPufr/75wNQ/U9bVfiaVFd+mX2IUdkZyPzrRMY95hfEQv4tFASNUYgV3m
6B9HBLCPdivQN4aU30+Fc9M52v/kKgWbMlKHAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU3owvKKLqsQb0inHjgu+L46/sC1AwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvM293dktLTHFzUWIw
aW5Iamd1LUw0Nl9zQzFBLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAJgs21KgFNMkhLZlCKlt8RSQAb0n
7PURSY5OyBjO0VEqOrLa0PAt9Saf46JetQ7fbdpBQVzbguaizJXoPcxFv62SoF3A
tZGHzT5/+92YgVqiCeFeRpsOksPqt5KKJH7LKAhX4nc0N/rU+8/uAz3OXToMHPKm
NoGpzsiJUiwo5S6ATJGKjSifbJHebEjJtUJELK8NI/u7hrI0ZUSgRRwJsFBUveO8
mp0JKD/oO/ykFdbivefuoueg8wJ9MkzULTZ1R40FIZ37L9FkTYkRQaNj2EfsjW/T
j8kPO0RvF/syIAVYY5cdhgVHO3n+F83JzN2TfrsfiO25+oQsvR9Nsxnli00=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:55:53 2025 by rpki-client