Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Aw_t9ZJOZcqpeglPFc-8DeqWSck.roa
File: Aw_t9ZJOZcqpeglPFc-8DeqWSck.roa (raw, json)
Hash identifier: 1u4kzM08H+NB4KZ5izm/uxF+dTeo9nEuQ9dcMnoQx4c=
Subject key identifier: 03:0F:ED:F5:92:4E:65:CA:A9:7A:09:4F:15:CF:BC:0D:EA:96:49:C9
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 231E
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Aw_t9ZJOZcqpeglPFc-8DeqWSck.roa
Signing time: Sun 08 Jun 2025 03:38:55 +0000
ROA not before: Sun 08 Jun 2025 03:38:55 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8990 (0x231e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 8 03:38:55 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=030FEDF5924E65CAA97A094F15CFBC0DEA9649C9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:d4:10:b6:32:0f:e5:9c:a3:0d:ef:af:87:f4:
9a:d6:a8:57:62:55:7d:d1:06:27:b0:5b:64:0d:13:
00:74:6c:99:6a:f7:53:a0:b3:92:2d:54:39:92:f0:
1e:b3:1a:86:14:c0:31:e9:41:ae:98:8f:34:d9:14:
c0:f7:ad:1b:24:08:16:9a:42:a7:94:e2:45:92:47:
35:19:85:b1:95:51:50:d0:d3:91:a2:74:05:ec:62:
23:61:ab:82:f6:e0:be:4d:ce:99:09:4d:6e:b9:5a:
f0:c0:0f:72:fe:05:67:5d:c8:7c:a4:10:00:88:3f:
e7:41:89:42:5a:a4:6f:2f:17:36:be:eb:38:b1:9f:
46:e4:94:88:72:c2:39:19:0a:53:01:f8:f0:95:8b:
75:11:1f:a0:da:c6:5c:22:28:b0:09:ec:02:c4:56:
8f:9f:e6:98:7d:e6:68:51:cb:54:d7:51:85:ec:37:
1e:97:2f:19:8f:17:f7:45:0d:be:1d:ec:06:8a:a6:
69:65:87:e4:77:f8:a0:ed:db:ef:4d:71:95:a1:40:
3b:2a:0d:c0:87:c8:a7:ae:80:42:e6:98:0e:54:3b:
36:73:d8:11:6c:cc:f2:ff:d5:4c:75:df:4f:5a:74:
74:c5:1f:43:76:00:2f:b5:e1:d5:0d:64:16:6b:92:
a1:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:0F:ED:F5:92:4E:65:CA:A9:7A:09:4F:15:CF:BC:0D:EA:96:49:C9
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Aw_t9ZJOZcqpeglPFc-8DeqWSck.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
2e:62:3a:1e:c1:63:32:1c:99:0b:ab:9c:85:ef:d2:48:2d:4f:
1d:61:5f:9c:0a:e1:40:ec:30:bf:c4:08:66:2b:84:8c:57:4a:
43:59:f5:43:40:87:7f:2f:fb:35:b6:c6:9c:d8:c1:7c:69:63:
ce:e6:19:6f:3f:16:e5:8b:f4:2e:01:87:9d:3e:a7:5a:98:e4:
e6:42:2c:7b:0e:b2:23:af:b3:fd:cc:1b:5e:98:94:e6:41:e9:
77:2d:57:91:f7:22:19:2c:77:67:00:c2:5d:ca:97:e1:0f:5c:
37:76:40:18:69:20:48:b3:4d:cf:41:0b:6f:4e:e0:d1:11:0b:
0c:c9:a1:41:7f:b7:aa:84:04:ee:42:0e:fd:c1:2b:22:89:a1:
a4:83:70:26:eb:12:e3:b1:ff:66:f8:c3:a7:06:34:59:74:b4:
f2:b5:47:67:71:d7:fc:da:db:f4:0c:09:d3:dd:d4:3b:86:e0:
3f:42:17:39:7b:f3:78:44:7f:5f:30:df:6f:6c:bf:20:90:d0:
42:6f:4a:55:09:18:ec:86:64:be:5f:30:41:16:9b:59:98:c1:
81:95:1e:05:07:e0:5a:af:72:43:39:6a:f5:6e:ef:bb:ec:ad:
ab:67:4a:b3:99:1c:c4:13:5a:e8:de:80:ca:a3:ec:c3:08:b6:
ec:4c:e0:4f
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIx4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDgw
MzM4NTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDAzMEZFREY1OTI0RTY1
Q0FBOTdBMDk0RjE1Q0ZCQzBERUE5NjQ5QzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCu1BC2Mg/lnKMN76+H9JrWqFdiVX3RBiewW2QNEwB0bJlq91Og
s5ItVDmS8B6zGoYUwDHpQa6YjzTZFMD3rRskCBaaQqeU4kWSRzUZhbGVUVDQ05Gi
dAXsYiNhq4L24L5NzpkJTW65WvDAD3L+BWddyHykEACIP+dBiUJapG8vFza+6zix
n0bklIhywjkZClMB+PCVi3URH6DaxlwiKLAJ7ALEVo+f5ph95mhRy1TXUYXsNx6X
LxmPF/dFDb4d7AaKpmllh+R3+KDt2+9NcZWhQDsqDcCHyKeugELmmA5UOzZz2BFs
zPL/1Ux1309adHTFH0N2AC+14dUNZBZrkqGNAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUAw/t9ZJOZcqpeglPFc+8DeqWSckwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvQXdfdDlaSk9aY3Fw
ZWdsUEZjLThEZXFXU2NrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAC5iOh7BYzIcmQurnIXv0kgtTx1h
X5wK4UDsML/ECGYrhIxXSkNZ9UNAh38v+zW2xpzYwXxpY87mGW8/FuWL9C4Bh50+
p1qY5OZCLHsOsiOvs/3MG16YlOZB6XctV5H3Ihksd2cAwl3Kl+EPXDd2QBhpIEiz
Tc9BC29O4NERCwzJoUF/t6qEBO5CDv3BKyKJoaSDcCbrEuOx/2b4w6cGNFl0tPK1
R2dx1/za2/QMCdPd1DuG4D9CFzl783hEf18w329svyCQ0EJvSlUJGOyGZL5fMEEW
m1mYwYGVHgUH4FqvckM5avVu77vsratnSrOZHMQTWujegMqj7MMItuxM4E8=
-----END CERTIFICATE-----
Generated at Fri Jun 20 16:35:16 2025 by rpki-client