Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/42Dxdi1Tx2E2w821IPmUBeGW6S8.roa
File: 42Dxdi1Tx2E2w821IPmUBeGW6S8.roa (raw, json)
Hash identifier: 7VpkdHfdsO5gfds/QbNQdrbS7WAjeyzjKZa0e7MGpZM=
Subject key identifier: E3:60:F1:76:2D:53:C7:61:36:C3:CD:B5:20:F9:94:05:E1:96:E9:2F
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2030
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/42Dxdi1Tx2E2w821IPmUBeGW6S8.roa
Signing time: Mon 02 Jun 2025 22:38:37 +0000
ROA not before: Mon 02 Jun 2025 22:38:37 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8240 (0x2030)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 2 22:38:37 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E360F1762D53C76136C3CDB520F99405E196E92F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:56:9b:68:cb:57:14:d9:1c:a5:97:d2:07:33:
88:79:9c:34:67:1a:56:5e:5d:e1:e5:9d:a2:7a:47:
23:1e:d7:eb:d3:33:4d:33:a5:98:5d:56:fc:ca:20:
08:19:1c:9d:16:3a:b0:01:73:78:a5:20:2a:c1:0c:
fe:9d:21:e1:ae:5d:2e:15:93:bc:d4:20:bc:b4:fa:
d6:83:8c:01:b2:5f:71:17:e4:9e:d8:a2:23:89:24:
7b:26:9e:ce:8b:d5:5e:55:60:7d:fa:60:5a:89:ee:
9c:11:41:78:eb:1e:2e:92:35:f9:0a:f2:e8:49:c7:
51:c0:19:97:a1:6d:17:23:a5:37:aa:82:5d:be:30:
38:16:0b:fa:d6:d9:c1:24:15:20:dd:26:86:ad:bc:
bc:7c:e2:52:e9:a7:c8:b0:b2:8e:86:7d:06:5b:ec:
c3:19:eb:8f:bf:7a:c8:88:ba:e4:53:51:9b:e8:32:
a1:60:9e:3f:b8:38:9f:b4:73:02:26:0d:1c:1f:4a:
a9:75:59:e1:69:da:5e:ad:70:24:26:f8:49:0b:15:
a2:77:6b:92:0c:b6:bf:9a:62:07:54:03:dd:07:08:
8f:9f:b7:96:bf:dc:53:8e:dd:28:59:07:ef:53:58:
7e:fb:21:35:0f:50:52:00:da:de:f6:39:e1:ae:1a:
0c:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:60:F1:76:2D:53:C7:61:36:C3:CD:B5:20:F9:94:05:E1:96:E9:2F
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/42Dxdi1Tx2E2w821IPmUBeGW6S8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
58:51:ef:39:3e:a7:c0:07:fd:f1:49:8b:3f:f6:c5:ea:22:ca:
03:3d:5a:e4:aa:97:88:3d:a5:30:ac:5a:8b:c7:4a:0b:7d:6a:
73:03:f3:df:69:7a:5e:48:e4:98:15:80:6a:68:66:14:9a:a8:
be:79:7b:7d:7f:65:8b:95:9e:27:b9:8d:43:3c:2c:58:05:9c:
fb:85:f6:70:e5:d6:bd:65:e2:53:e4:70:80:d4:69:8a:14:27:
14:91:f7:e8:a1:81:8f:64:f9:69:92:77:d4:36:d6:ea:43:d4:
59:91:79:58:a5:5e:57:5d:bd:59:66:16:f0:50:6e:2b:76:aa:
bf:5b:7a:a0:14:a4:22:a6:22:b0:2a:fa:45:78:24:50:80:3d:
be:dd:28:3d:0e:9d:0d:c4:9d:fb:99:f4:d5:d9:62:9f:78:54:
46:ce:62:96:3e:d4:8a:9c:2a:2e:9f:b8:de:b3:aa:79:a9:a1:
cf:5a:27:98:dc:df:ef:d7:61:84:2e:38:70:79:c3:46:4b:a6:
f2:b0:ac:f0:c1:02:9f:d0:b6:f6:79:f2:ad:1e:e9:50:62:7b:
7e:73:a3:e5:ba:ac:c0:5b:dc:2d:d2:33:93:aa:d6:d4:2a:15:
38:4a:55:5a:cd:77:44:aa:28:78:19:18:0e:1e:eb:dc:25:46:
8c:c2:24:e4
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIDAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDIy
MjM4MzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEUzNjBGMTc2MkQ1M0M3
NjEzNkMzQ0RCNTIwRjk5NDA1RTE5NkU5MkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwVptoy1cU2Ryll9IHM4h5nDRnGlZeXeHlnaJ6RyMe1+vTM00z
pZhdVvzKIAgZHJ0WOrABc3ilICrBDP6dIeGuXS4Vk7zUILy0+taDjAGyX3EX5J7Y
oiOJJHsmns6L1V5VYH36YFqJ7pwRQXjrHi6SNfkK8uhJx1HAGZehbRcjpTeqgl2+
MDgWC/rW2cEkFSDdJoatvLx84lLpp8iwso6GfQZb7MMZ64+/esiIuuRTUZvoMqFg
nj+4OJ+0cwImDRwfSql1WeFp2l6tcCQm+EkLFaJ3a5IMtr+aYgdUA90HCI+ft5a/
3FOO3ShZB+9TWH77ITUPUFIA2t72OeGuGgyHAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU42Dxdi1Tx2E2w821IPmUBeGW6S8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvNDJEeGRpMVR4MkUy
dzgyMUlQbVVCZUdXNlM4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAFhR7zk+p8AH/fFJiz/2xeoiygM9
WuSql4g9pTCsWovHSgt9anMD899pel5I5JgVgGpoZhSaqL55e31/ZYuVnie5jUM8
LFgFnPuF9nDl1r1l4lPkcIDUaYoUJxSR9+ihgY9k+WmSd9Q21upD1FmReVilXldd
vVlmFvBQbit2qr9beqAUpCKmIrAq+kV4JFCAPb7dKD0OnQ3EnfuZ9NXZYp94VEbO
YpY+1IqcKi6fuN6zqnmpoc9aJ5jc3+/XYYQuOHB5w0ZLpvKwrPDBAp/QtvZ58q0e
6VBie35zo+W6rMBb3C3SM5Oq1tQqFThKVVrNd0SqKHgZGA4e69wlRozCJOQ=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:29:52 2025 by rpki-client