Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/DVs25y4X0n21JgKhn8JItcGOWmU.roa
File: DVs25y4X0n21JgKhn8JItcGOWmU.roa (raw, json)
Hash identifier: qxpETsTOGwxrVMlwtAMPEAryh/pOCD4Q5EIYnNuJ9/E=
Subject key identifier: 0D:5B:36:E7:2E:17:D2:7D:B5:26:02:A1:9F:C2:48:B5:C1:8E:5A:65
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2073
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/DVs25y4X0n21JgKhn8JItcGOWmU.roa
Signing time: Tue 03 Jun 2025 09:38:39 +0000
ROA not before: Tue 03 Jun 2025 09:38:39 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8307 (0x2073)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 3 09:38:39 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0D5B36E72E17D27DB52602A19FC248B5C18E5A65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:31:15:83:3e:1a:9f:20:93:6e:0d:8c:43:90:
17:a6:79:13:b4:44:29:05:05:45:a7:fb:f9:16:dd:
3d:54:97:2a:f3:0d:ca:94:29:98:0f:be:8a:11:89:
1b:33:49:92:c0:f2:56:e1:13:5f:5f:df:d9:da:2a:
04:f7:e3:d9:57:79:5e:0e:49:a1:7f:58:d9:78:e7:
c5:92:fb:f1:b2:cc:e9:af:e8:b0:a9:fc:4a:93:99:
1e:da:f4:b3:6c:fc:38:1a:b1:b9:23:43:84:d3:fd:
2e:cc:ae:5c:ce:4f:a4:2e:4e:bc:07:e3:a3:92:b7:
8c:1f:32:d1:ef:f6:3b:71:2b:62:70:99:ff:bf:fe:
09:cd:bd:c0:dc:72:7a:6e:10:5d:c1:7c:66:f4:81:
09:38:67:2f:ee:02:38:1e:eb:ee:a9:69:05:5d:d9:
15:35:48:6b:2c:09:5e:68:3b:0b:79:71:ba:d0:14:
45:f7:dd:83:be:6c:5b:85:b8:39:94:ce:82:09:ac:
9b:b0:9f:cc:6d:38:0e:f8:39:c5:50:e6:2f:ee:ca:
56:71:90:51:ea:fd:f8:b2:db:d0:56:c5:ac:aa:01:
b1:03:8b:a7:57:db:fb:de:30:6b:fe:d2:22:f7:10:
10:76:02:44:7e:0a:ab:21:36:87:a6:46:f6:f8:28:
57:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:5B:36:E7:2E:17:D2:7D:B5:26:02:A1:9F:C2:48:B5:C1:8E:5A:65
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/DVs25y4X0n21JgKhn8JItcGOWmU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
19:7b:b6:95:a9:75:d9:1d:43:59:18:5a:3d:86:c3:00:1f:80:
23:4b:35:b5:ae:43:7f:55:dc:99:bf:1a:5f:4e:2a:3a:4a:34:
9e:ad:26:3f:5f:33:00:0b:2b:b4:76:b1:e5:d6:62:5d:6c:d4:
12:ce:44:26:33:63:85:83:61:96:2a:97:42:d9:26:7c:31:df:
e8:38:2c:28:b1:2c:48:1c:93:83:85:4e:e1:59:c1:9f:07:26:
ec:46:cb:cf:c1:d4:27:5a:ce:b6:88:46:27:a9:c7:d1:0d:e0:
9d:8d:8c:c7:73:e4:7a:4d:c7:fa:ad:0b:b4:78:5d:e2:d6:fd:
2e:8d:5c:1f:ca:72:00:a8:14:41:2e:8b:10:92:2b:00:1f:9f:
d9:0b:2f:ad:62:c7:11:ec:5b:88:e1:98:7e:de:e8:e2:20:f7:
24:fc:0f:8a:f9:c1:71:4f:8a:22:cb:a7:da:a6:2e:55:56:8d:
f5:23:31:c4:22:33:fb:10:6a:89:60:8e:d7:10:b9:04:2b:0a:
9e:5d:79:d9:a8:ff:85:96:d9:c8:bc:a1:d5:73:77:92:bd:fe:
6e:b3:c7:eb:9c:09:da:da:fa:6e:cd:7e:e7:00:f3:a7:9d:46:
fe:b5:22:1a:30:ea:4e:2a:00:94:aa:e1:ca:a3:68:50:22:3b:
da:1c:64:99
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIHMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDMw
OTM4MzlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBENUIzNkU3MkUxN0Qy
N0RCNTI2MDJBMTlGQzI0OEI1QzE4RTVBNjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3MRWDPhqfIJNuDYxDkBemeRO0RCkFBUWn+/kW3T1UlyrzDcqU
KZgPvooRiRszSZLA8lbhE19f39naKgT349lXeV4OSaF/WNl458WS+/GyzOmv6LCp
/EqTmR7a9LNs/DgasbkjQ4TT/S7MrlzOT6QuTrwH46OSt4wfMtHv9jtxK2Jwmf+/
/gnNvcDccnpuEF3BfGb0gQk4Zy/uAjge6+6paQVd2RU1SGssCV5oOwt5cbrQFEX3
3YO+bFuFuDmUzoIJrJuwn8xtOA74OcVQ5i/uylZxkFHq/fiy29BWxayqAbEDi6dX
2/veMGv+0iL3EBB2AkR+CqshNoemRvb4KFcLAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUDVs25y4X0n21JgKhn8JItcGOWmUwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvRFZzMjV5NFgwbjIx
SmdLaG44Skl0Y0dPV21VLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABl7tpWpddkdQ1kYWj2GwwAfgCNL
NbWuQ39V3Jm/Gl9OKjpKNJ6tJj9fMwALK7R2seXWYl1s1BLORCYzY4WDYZYql0LZ
Jnwx3+g4LCixLEgck4OFTuFZwZ8HJuxGy8/B1CdazraIRiepx9EN4J2NjMdz5HpN
x/qtC7R4XeLW/S6NXB/KcgCoFEEuixCSKwAfn9kLL61ixxHsW4jhmH7e6OIg9yT8
D4r5wXFPiiLLp9qmLlVWjfUjMcQiM/sQaolgjtcQuQQrCp5dedmo/4WW2ci8odVz
d5K9/m6zx+ucCdra+m7NfucA86edRv61Ihow6k4qAJSq4cqjaFAiO9ocZJk=
-----END CERTIFICATE-----
Generated at Sun Jun 22 08:22:12 2025 by rpki-client