Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/DvDwTzwT73UG0gowyYskHxTWjeU.roa
File: DvDwTzwT73UG0gowyYskHxTWjeU.roa (raw, json)
Hash identifier: z9ECIQswCknYgEgfbSJ80/HoXEB4fzyDEKVIKGk+pxA=
Subject key identifier: 0E:F0:F0:4F:3C:13:EF:75:06:D2:0A:30:C9:8B:24:1F:14:D6:8D:E5
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C85
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/DvDwTzwT73UG0gowyYskHxTWjeU.roa
Signing time: Tue 27 May 2025 10:08:08 +0000
ROA not before: Tue 27 May 2025 10:08:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7301 (0x1c85)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 27 10:08:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=0EF0F04F3C13EF7506D20A30C98B241F14D68DE5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:01:7a:0e:a9:18:d6:10:59:a8:01:a5:4e:6c:
1f:c8:49:a7:65:b6:58:4a:ae:79:66:c1:a4:b5:63:
37:ae:dc:9b:f9:5d:0f:51:15:88:ba:17:d8:d5:dd:
d5:59:70:20:2a:b4:2e:f8:78:32:34:6b:72:5c:71:
ff:97:ef:c7:87:b1:f5:1c:5e:8e:73:a5:f4:a2:d3:
c7:b9:7e:e8:b4:58:f4:6e:b8:10:62:e7:a8:ce:98:
7d:c1:28:03:be:4b:1c:75:a6:0a:45:59:51:2d:d8:
00:cf:02:55:8b:c5:d6:67:5a:c8:6c:9f:f6:80:c5:
1d:a7:3f:d4:44:e4:8b:48:4c:09:76:89:6e:22:5b:
10:4f:5b:86:ae:26:c2:07:da:cc:82:f5:91:19:2a:
96:82:f9:3f:ad:63:ca:1d:50:cc:78:85:55:a1:2a:
b9:96:95:59:10:5d:e9:be:03:4f:97:b6:7b:ee:d0:
ba:88:68:f2:b9:e1:11:e4:78:c8:b6:a6:9e:a1:ba:
14:c5:7e:19:2b:c8:4d:8a:4d:fb:2e:a4:a0:e8:84:
76:cc:0a:93:2f:14:ea:83:eb:a1:c8:62:5f:b2:e6:
8c:45:10:3f:02:1b:14:29:87:b9:31:99:89:93:ce:
a7:df:f8:30:1e:9c:3f:d5:83:b2:6d:73:1f:6a:30:
3d:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:F0:F0:4F:3C:13:EF:75:06:D2:0A:30:C9:8B:24:1F:14:D6:8D:E5
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/DvDwTzwT73UG0gowyYskHxTWjeU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
6e:22:01:f3:9b:4e:12:73:00:30:f5:5f:bd:14:c4:02:53:b6:
03:18:30:30:39:e7:fe:c3:a2:d5:55:e0:cb:04:e6:a0:66:50:
4d:a5:02:e0:86:2e:8e:5d:47:3f:cd:90:b4:97:e9:20:76:4a:
67:62:5f:3e:16:99:22:28:e2:92:51:c5:0c:b0:ab:ba:e1:56:
69:fe:43:4b:02:b6:03:3d:73:b5:0b:f9:37:54:01:a8:cf:b1:
21:d6:b8:4e:6f:b1:fe:7e:0e:fe:3c:4f:b2:b9:f6:cb:d5:7a:
24:28:91:d9:df:25:97:5a:84:62:33:3c:f1:13:b6:b6:c3:d6:
f8:78:c3:7f:19:91:ed:6d:65:79:2b:33:fc:7e:60:8e:50:7f:
1e:16:eb:6c:aa:0f:ee:ce:f8:32:99:cf:58:4d:69:a3:9e:9e:
83:35:a7:99:04:4e:9f:f1:29:0d:bd:c8:b2:bf:5d:9e:bc:9d:
e3:88:89:10:a5:f0:fa:e5:3e:42:93:07:a8:41:08:c7:05:1f:
8f:ff:50:d1:4f:a4:31:ca:8e:96:0b:15:08:72:8f:b2:82:ce:
64:44:88:a9:73:fb:89:e4:45:98:af:38:77:c1:6c:77:81:a8:
09:37:0f:fc:93:5b:ea:b5:cc:ff:25:97:dc:a3:d3:0c:3d:1e:
7f:ec:a4:78
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHIUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1Mjcx
MDA4MDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDBFRjBGMDRGM0MxM0VG
NzUwNkQyMEEzMEM5OEIyNDFGMTRENjhERTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDtAXoOqRjWEFmoAaVObB/ISadltlhKrnlmwaS1Yzeu3Jv5XQ9R
FYi6F9jV3dVZcCAqtC74eDI0a3Jccf+X78eHsfUcXo5zpfSi08e5fui0WPRuuBBi
56jOmH3BKAO+Sxx1pgpFWVEt2ADPAlWLxdZnWshsn/aAxR2nP9RE5ItITAl2iW4i
WxBPW4auJsIH2syC9ZEZKpaC+T+tY8odUMx4hVWhKrmWlVkQXem+A0+Xtnvu0LqI
aPK54RHkeMi2pp6huhTFfhkryE2KTfsupKDohHbMCpMvFOqD66HIYl+y5oxFED8C
GxQph7kxmYmTzqff+DAenD/Vg7Jtcx9qMD09AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUDvDwTzwT73UG0gowyYskHxTWjeUwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvRHZEd1R6d1Q3M1VH
MGdvd3lZc2tIeFRXamVVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAG4iAfObThJzADD1X70UxAJTtgMY
MDA55/7DotVV4MsE5qBmUE2lAuCGLo5dRz/NkLSX6SB2SmdiXz4WmSIo4pJRxQyw
q7rhVmn+Q0sCtgM9c7UL+TdUAajPsSHWuE5vsf5+Dv48T7K59svVeiQokdnfJZda
hGIzPPETtrbD1vh4w38Zke1tZXkrM/x+YI5Qfx4W62yqD+7O+DKZz1hNaaOenoM1
p5kETp/xKQ29yLK/XZ68neOIiRCl8PrlPkKTB6hBCMcFH4//UNFPpDHKjpYLFQhy
j7KCzmREiKlz+4nkRZivOHfBbHeBqAk3D/yTW+q1zP8ll9yj0ww9Hn/spHg=
-----END CERTIFICATE-----
Generated at Sun Jun 22 05:35:35 2025 by rpki-client