Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/7AqlueT9P0t1Mzvp3wdBg-gwtns.roa
File: 7AqlueT9P0t1Mzvp3wdBg-gwtns.roa (raw, json)
Hash identifier: /zkKTDrZS0mQBr4QvAx6JhKjzZ7yzxJYmJF0jnNBpSc=
Subject key identifier: EC:0A:A5:B9:E4:FD:3F:4B:75:33:3B:E9:DF:07:41:83:E8:30:B6:7B
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2357
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/7AqlueT9P0t1Mzvp3wdBg-gwtns.roa
Signing time: Sun 08 Jun 2025 13:08:57 +0000
ROA not before: Sun 08 Jun 2025 13:08:57 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9047 (0x2357)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 8 13:08:57 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=EC0AA5B9E4FD3F4B75333BE9DF074183E830B67B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:17:9c:f8:92:59:a2:79:a4:0c:91:55:2d:0a:
ef:38:3e:04:8a:7b:dd:8b:ef:42:a0:2a:a0:5b:2d:
6f:d1:68:e0:28:13:b2:8f:a6:b8:28:1f:12:79:55:
98:69:59:cb:c0:18:1c:9c:be:48:bc:eb:ac:19:7e:
16:d8:35:ee:fe:d9:c1:43:d3:11:99:ad:45:ca:a8:
30:df:e9:28:2b:fd:64:f5:b9:b3:8f:9d:98:c1:9e:
dd:1e:9a:b9:21:34:89:c8:96:9a:19:53:18:56:34:
01:95:58:56:82:73:65:be:63:38:50:98:1e:d2:13:
89:39:e6:0d:c1:bb:ac:fc:ba:18:41:37:f9:8a:ff:
c6:0b:4c:43:08:89:90:ee:fc:1a:87:eb:4c:97:03:
73:8b:cb:da:f6:84:c0:21:7c:6a:e0:35:e1:7a:41:
4f:c0:ec:19:45:c1:ed:1d:b5:57:48:4a:9f:31:f3:
15:a1:92:49:cc:cd:1e:a6:8f:5a:74:8d:4a:75:8b:
59:f8:5a:dc:63:17:37:a3:79:ae:fa:49:87:5c:60:
ad:f6:26:df:5e:fa:38:2c:ae:50:2a:5b:a2:de:fe:
ac:34:9f:da:9a:ac:fb:67:4d:db:a3:4a:bd:95:7f:
7c:8c:73:38:ee:0a:c6:7b:bc:82:ab:04:52:d3:1f:
ec:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:0A:A5:B9:E4:FD:3F:4B:75:33:3B:E9:DF:07:41:83:E8:30:B6:7B
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/7AqlueT9P0t1Mzvp3wdBg-gwtns.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
98:51:6e:bb:a4:df:e3:42:49:bb:8a:13:86:fe:a4:c8:af:b0:
81:24:58:a5:44:fa:91:00:71:7c:0e:f6:ad:3f:16:60:63:b1:
46:73:c2:36:9f:6d:e0:ae:f9:4d:e6:88:e2:c2:97:48:d1:d2:
18:c1:09:d6:e8:2c:64:43:2a:e7:39:82:b3:06:2e:dd:36:b9:
32:47:f9:24:c8:db:d2:fe:4f:6d:98:72:ef:eb:a2:a7:b1:d9:
93:df:35:98:7c:ce:43:62:d7:70:cb:29:11:3c:79:50:05:97:
a2:df:e8:cb:c1:dc:67:03:20:fd:23:03:65:34:8e:87:b4:3c:
c5:91:e0:66:da:50:3b:76:19:d7:ba:98:bf:d8:bf:06:07:4a:
86:5f:3a:af:4e:2e:a1:b9:39:27:b0:4f:3d:71:18:0f:0b:61:
a0:1a:fc:cc:f9:bb:f5:c5:bf:3c:66:50:84:6e:a9:39:64:b6:
f3:8a:97:3e:e3:60:77:06:a7:4e:e7:dd:50:53:fe:c8:98:5f:
58:4e:4c:fa:0e:d7:57:35:f5:36:b5:3b:f7:18:6f:e0:b9:dd:
6a:dc:14:72:3d:52:ce:cc:ea:06:a0:94:5a:9a:f4:41:73:fd:
8a:4d:5a:d0:98:6d:7c:0e:87:93:78:4c:58:71:5d:96:c3:56:
b8:d1:5e:e8
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICI1cwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDgx
MzA4NTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEVDMEFBNUI5RTRGRDNG
NEI3NTMzM0JFOURGMDc0MTgzRTgzMEI2N0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFF5z4klmieaQMkVUtCu84PgSKe92L70KgKqBbLW/RaOAoE7KP
prgoHxJ5VZhpWcvAGBycvki866wZfhbYNe7+2cFD0xGZrUXKqDDf6Sgr/WT1ubOP
nZjBnt0emrkhNInIlpoZUxhWNAGVWFaCc2W+YzhQmB7SE4k55g3Bu6z8uhhBN/mK
/8YLTEMIiZDu/BqH60yXA3OLy9r2hMAhfGrgNeF6QU/A7BlFwe0dtVdISp8x8xWh
kknMzR6mj1p0jUp1i1n4WtxjFzejea76SYdcYK32Jt9e+jgsrlAqW6Le/qw0n9qa
rPtnTdujSr2Vf3yMczjuCsZ7vIKrBFLTH+y3AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU7AqlueT9P0t1Mzvp3wdBg+gwtnswHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvN0FxbHVlVDlQMHQx
TXp2cDN3ZEJnLWd3dG5zLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAJhRbruk3+NCSbuKE4b+pMivsIEk
WKVE+pEAcXwO9q0/FmBjsUZzwjafbeCu+U3miOLCl0jR0hjBCdboLGRDKuc5grMG
Lt02uTJH+STI29L+T22Ycu/roqex2ZPfNZh8zkNi13DLKRE8eVAFl6Lf6MvB3GcD
IP0jA2U0joe0PMWR4GbaUDt2Gde6mL/YvwYHSoZfOq9OLqG5OSewTz1xGA8LYaAa
/Mz5u/XFvzxmUIRuqTlktvOKlz7jYHcGp07n3VBT/siYX1hOTPoO11c19Ta1O/cY
b+C53WrcFHI9Us7M6gaglFqa9EFz/YpNWtCYbXwOh5N4TFhxXZbDVrjRXug=
-----END CERTIFICATE-----
Generated at Fri Jun 20 16:38:05 2025 by rpki-client