Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/GGOk32d5i6Y7OF_xT_z246ardi4.roa
File: GGOk32d5i6Y7OF_xT_z246ardi4.roa (raw, json)
Hash identifier: cDsXaGLoqxLSfdGKO0Ywct1SUKrCbLTNywnTv2sWGhs=
Subject key identifier: 18:63:A4:DF:67:79:8B:A6:3B:38:5F:F1:4F:FC:F6:E3:A6:AB:76:2E
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2753
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/GGOk32d5i6Y7OF_xT_z246ardi4.roa
Signing time: Sun 15 Jun 2025 15:09:20 +0000
ROA not before: Sun 15 Jun 2025 15:09:20 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10067 (0x2753)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 15 15:09:20 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=1863A4DF67798BA63B385FF14FFCF6E3A6AB762E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:73:20:a7:ab:f6:e1:bc:c7:86:3b:cf:73:24:
e0:71:0b:57:8a:74:a8:08:9f:28:9c:d2:e7:ff:65:
9d:04:5e:bb:54:92:93:5f:f5:f3:50:35:de:86:94:
2a:07:62:3b:9d:d0:03:da:1e:c4:81:aa:c9:52:91:
1f:d5:c7:ed:6f:42:37:21:95:e1:fa:ec:9e:05:c6:
60:35:c4:89:d5:47:7f:6a:1e:8d:44:f1:52:f9:a2:
16:c9:19:87:85:16:2e:19:38:2f:e6:5f:3e:7d:05:
6c:c1:b4:bf:83:d3:ef:53:23:9c:b0:af:9e:37:9b:
c2:ec:c5:9b:46:f5:32:8b:e1:25:25:99:81:2a:13:
bf:11:8b:88:e9:8c:2f:29:6c:fb:1b:ab:9e:6d:9a:
e8:be:23:50:ca:37:85:43:a9:99:71:f5:62:93:27:
39:3d:67:f9:41:83:79:b3:45:80:53:cc:86:a5:7c:
1d:80:b0:7a:99:17:fe:e0:80:34:6f:47:00:2e:69:
63:75:94:14:4e:14:5f:3a:36:89:f8:3c:df:b5:ef:
50:ed:fd:8b:ec:bf:f8:d8:fd:18:11:b7:b6:ba:cd:
92:f5:27:f8:18:b8:be:16:18:91:8a:cb:e2:49:d4:
60:fb:7f:ba:f3:cc:4a:7e:88:5a:46:21:90:00:52:
f9:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:63:A4:DF:67:79:8B:A6:3B:38:5F:F1:4F:FC:F6:E3:A6:AB:76:2E
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/GGOk32d5i6Y7OF_xT_z246ardi4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
1b:a3:71:b1:5a:16:1e:3f:16:11:0f:53:c1:aa:dc:1b:ab:37:
7f:99:75:16:c4:f5:2b:a0:01:15:44:3d:6f:a3:c2:76:0c:a9:
48:39:f5:1f:7c:12:c1:64:3d:d7:31:3f:b7:64:15:09:c0:dc:
2f:cd:19:41:2a:14:9a:3e:df:f7:e0:78:79:3d:1c:f2:23:8b:
f7:e4:e2:81:6d:54:72:35:a1:79:8a:86:9a:97:1b:da:1d:f5:
00:e7:97:51:87:7f:0d:07:ff:bf:dd:23:de:04:82:d1:8f:65:
8d:87:1f:d1:fe:7c:70:d8:56:e5:a4:7c:c5:1a:e7:29:40:40:
e8:31:de:da:39:ca:25:80:d8:70:28:18:fa:b4:54:62:f0:d4:
80:cb:32:01:b7:4d:44:32:66:0e:7c:08:35:5c:27:c5:e6:9b:
d4:c7:6f:fb:ba:9a:51:c4:2a:d2:ce:d2:6a:ff:b8:0e:c7:96:
6a:1f:04:53:ec:1e:91:46:67:13:02:8a:2e:8c:be:cc:2d:92:
1d:b9:81:a1:3d:6e:88:a4:e7:1f:e0:cf:30:d9:ee:e3:7e:b3:
b8:7b:0a:6f:d4:86:e3:c2:f1:c6:b8:86:f7:f6:7b:97:b9:ab:
39:fb:71:6d:4d:7d:5c:87:e2:b4:a6:18:d3:0b:56:ac:01:40:
f0:a1:20:18
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJ1MwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTUx
NTA5MjBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDE4NjNBNERGNjc3OThC
QTYzQjM4NUZGMTRGRkNGNkUzQTZBQjc2MkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBcyCnq/bhvMeGO89zJOBxC1eKdKgInyic0uf/ZZ0EXrtUkpNf
9fNQNd6GlCoHYjud0APaHsSBqslSkR/Vx+1vQjchleH67J4FxmA1xInVR39qHo1E
8VL5ohbJGYeFFi4ZOC/mXz59BWzBtL+D0+9TI5ywr543m8LsxZtG9TKL4SUlmYEq
E78Ri4jpjC8pbPsbq55tmui+I1DKN4VDqZlx9WKTJzk9Z/lBg3mzRYBTzIalfB2A
sHqZF/7ggDRvRwAuaWN1lBROFF86Non4PN+171Dt/Yvsv/jY/RgRt7a6zZL1J/gY
uL4WGJGKy+JJ1GD7f7rzzEp+iFpGIZAAUvlrAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUGGOk32d5i6Y7OF/xT/z246ardi4wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvR0dPazMyZDVpNlk3
T0ZfeFRfejI0NmFyZGk0LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABujcbFaFh4/FhEPU8Gq3BurN3+Z
dRbE9SugARVEPW+jwnYMqUg59R98EsFkPdcxP7dkFQnA3C/NGUEqFJo+3/fgeHk9
HPIji/fk4oFtVHI1oXmKhpqXG9od9QDnl1GHfw0H/7/dI94EgtGPZY2HH9H+fHDY
VuWkfMUa5ylAQOgx3to5yiWA2HAoGPq0VGLw1IDLMgG3TUQyZg58CDVcJ8Xmm9TH
b/u6mlHEKtLO0mr/uA7HlmofBFPsHpFGZxMCii6Mvswtkh25gaE9boik5x/gzzDZ
7uN+s7h7Cm/UhuPC8ca4hvf2e5e5qzn7cW1NfVyH4rSmGNMLVqwBQPChIBg=
-----END CERTIFICATE-----
Generated at Sun Jun 22 05:20:56 2025 by rpki-client