Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/DWcOpv9Rcohm7VNrhz-bCHUtaME.roa
File: DWcOpv9Rcohm7VNrhz-bCHUtaME.roa (raw, json)
Hash identifier: OZ5pdouOcY2/px4lf+j6LflrpbOiXnuWyy3J0aaLyco=
Subject key identifier: 0D:67:0E:A6:FF:51:72:88:66:ED:53:6B:87:3F:9B:08:75:2D:68:C1
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2493
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/DWcOpv9Rcohm7VNrhz-bCHUtaME.roa
Signing time: Tue 10 Jun 2025 17:39:07 +0000
ROA not before: Tue 10 Jun 2025 17:39:07 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9363 (0x2493)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 10 17:39:07 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0D670EA6FF51728866ED536B873F9B08752D68C1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:63:a9:52:b1:27:1f:0b:b0:71:b9:2f:73:9d:
02:76:40:f0:1f:28:ab:73:46:16:0f:64:70:93:4b:
d8:4a:e8:d3:77:b5:1b:64:45:f3:c9:08:f6:85:f9:
9a:ad:4f:1d:54:e2:f0:6b:96:0d:10:4d:25:e3:cb:
1e:c9:b9:9b:fd:ad:32:d0:c2:46:54:45:ee:18:58:
59:95:7b:ef:dc:60:27:e3:f8:6b:d7:f7:d2:ac:f2:
28:af:e6:cf:40:be:26:b0:dc:68:82:a0:1b:8e:57:
4b:f3:79:83:69:f2:46:f0:ee:95:95:b9:cd:b8:9a:
de:34:a0:c7:73:09:dd:bb:22:69:2e:9a:5a:88:0c:
5d:48:e1:a2:aa:81:57:cc:71:43:c5:90:ea:fa:01:
ed:d5:a5:1a:d2:66:57:ab:a8:4e:1e:78:7f:1a:ed:
e9:9c:97:77:6a:f8:30:22:10:b9:b3:c9:37:ea:1e:
7f:39:83:e3:48:cd:84:35:6d:88:69:91:45:89:47:
44:6b:0e:e6:97:7d:a0:40:98:60:54:24:14:db:ce:
c2:fc:ce:e6:d9:87:f9:65:c4:0f:41:50:c6:3d:46:
85:1f:2c:50:6a:a6:42:81:7f:1e:0e:24:95:27:cb:
44:d2:2c:a4:be:a9:a9:fe:8b:24:c1:bc:c3:f4:99:
93:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:67:0E:A6:FF:51:72:88:66:ED:53:6B:87:3F:9B:08:75:2D:68:C1
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/DWcOpv9Rcohm7VNrhz-bCHUtaME.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
7d:ad:b0:8b:95:08:63:03:9a:6d:41:d0:42:90:81:d7:66:eb:
a6:78:ee:98:02:09:77:4f:35:c9:bf:ab:0f:63:58:76:0e:7a:
f4:2b:ea:73:ad:60:30:05:64:86:25:74:1b:93:05:f1:e3:bb:
5f:45:11:1d:bb:a7:45:6e:f7:2a:14:10:75:76:4a:1b:77:4f:
e9:ca:96:00:e7:99:fd:34:99:50:79:6b:df:a5:e7:16:24:c4:
50:5c:33:28:f7:1a:a7:de:a8:e5:5a:53:c2:e4:c4:fe:97:dc:
47:60:ab:66:ca:dc:94:55:f6:68:98:25:39:1a:1f:f9:f9:b5:
16:31:ac:5e:18:a2:c3:97:ed:4d:73:a6:76:cf:92:77:e6:c7:
f1:24:7c:71:25:36:ff:95:c3:72:33:1e:f5:a4:ed:9f:40:ec:
75:9d:b4:2c:69:d9:67:97:68:ca:db:70:02:42:3b:7d:1a:51:
b2:45:e9:36:cb:62:e1:fa:95:c2:0e:99:22:cd:07:cf:40:36:
f8:c2:7c:17:88:d2:d2:1b:97:0f:d6:b2:30:da:44:b4:0a:d1:
2d:7b:65:b1:0f:a9:77:2f:1d:e7:dd:c9:09:46:a4:cd:cf:9d:
0f:69:fb:b4:07:f2:52:17:39:fd:50:56:db:d7:4b:87:b9:59:
a4:d7:e5:b8
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJJMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTAx
NzM5MDdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBENjcwRUE2RkY1MTcy
ODg2NkVENTM2Qjg3M0Y5QjA4NzUyRDY4QzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtY6lSsScfC7BxuS9znQJ2QPAfKKtzRhYPZHCTS9hK6NN3tRtk
RfPJCPaF+ZqtTx1U4vBrlg0QTSXjyx7JuZv9rTLQwkZURe4YWFmVe+/cYCfj+GvX
99Ks8iiv5s9Aviaw3GiCoBuOV0vzeYNp8kbw7pWVuc24mt40oMdzCd27ImkumlqI
DF1I4aKqgVfMcUPFkOr6Ae3VpRrSZlerqE4eeH8a7emcl3dq+DAiELmzyTfqHn85
g+NIzYQ1bYhpkUWJR0RrDuaXfaBAmGBUJBTbzsL8zubZh/llxA9BUMY9RoUfLFBq
pkKBfx4OJJUny0TSLKS+qan+iyTBvMP0mZM5AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUDWcOpv9Rcohm7VNrhz+bCHUtaMEwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvRFdjT3B2OVJjb2ht
N1ZOcmh6LWJDSFV0YU1FLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAH2tsIuVCGMDmm1B0EKQgddm66Z4
7pgCCXdPNcm/qw9jWHYOevQr6nOtYDAFZIYldBuTBfHju19FER27p0Vu9yoUEHV2
Sht3T+nKlgDnmf00mVB5a9+l5xYkxFBcMyj3GqfeqOVaU8LkxP6X3Edgq2bK3JRV
9miYJTkaH/n5tRYxrF4YosOX7U1zpnbPknfmx/EkfHElNv+Vw3IzHvWk7Z9A7HWd
tCxp2WeXaMrbcAJCO30aUbJF6TbLYuH6lcIOmSLNB89ANvjCfBeI0tIblw/WsjDa
RLQK0S17ZbEPqXcvHefdyQlGpM3PnQ9p+7QH8lIXOf1QVtvXS4e5WaTX5bg=
-----END CERTIFICATE-----
Generated at Fri Jun 20 17:30:20 2025 by rpki-client