Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/GWHzLa_3XZmBMYfOCPa11gkDZDw.roa
File: GWHzLa_3XZmBMYfOCPa11gkDZDw.roa (raw, json)
Hash identifier: 1/0AYPIIvu9vGeLOwCzEUINXOjd5Pje1wDtqZ3RaJok=
Subject key identifier: 19:61:F3:2D:AF:F7:5D:99:81:31:87:CE:08:F6:B5:D6:09:03:64:3C
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 77A1
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/GWHzLa_3XZmBMYfOCPa11gkDZDw.roa
Signing time: Wed 05 Nov 2025 20:12:51 +0000
ROA not before: Wed 05 Nov 2025 20:12:51 +0000
ROA not after: Fri 23 Oct 2026 03:01:03 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30625 (0x77a1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Nov 5 20:12:51 2025 GMT
Not After : Oct 23 03:01:03 2026 GMT
Subject: CN=1961F32DAFF75D99813187CE08F6B5D60903643C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:f4:26:ab:4a:63:f0:7a:d4:bb:7d:1a:f2:f0:
65:67:d9:e0:27:2b:66:41:44:f2:62:a3:34:d8:de:
3b:6b:08:69:af:2d:8b:80:47:15:61:c3:5d:4d:27:
ed:0f:a8:57:0a:a1:e0:92:4a:75:a0:dc:25:e2:62:
13:54:77:5e:2b:f4:dd:0d:c1:8b:c5:38:1b:69:47:
e3:d7:c8:d6:96:ed:b6:71:59:01:23:ca:fb:8b:04:
cc:2e:4c:4a:83:d1:dd:17:58:2d:9b:77:5e:e7:b9:
e1:09:32:c3:65:1e:94:2a:c9:eb:75:96:db:a8:3c:
6f:67:9a:3c:10:9d:57:ce:9f:37:bc:58:67:5a:5d:
20:9f:9c:2c:a4:bf:d3:3e:ee:6f:c9:6c:cc:9e:79:
15:cf:f2:82:c3:f6:25:f9:2d:8f:43:04:7f:f5:18:
e8:c8:dd:50:89:a0:80:d4:22:f0:ed:5f:d5:f3:c7:
43:75:9f:ac:5f:ab:60:27:2b:30:83:e7:76:f7:93:
41:ac:d2:d7:b0:0f:ec:f2:71:d4:15:76:0c:88:82:
a6:a0:70:32:29:29:ea:b7:a6:19:9c:bd:f7:a4:5a:
32:8f:e9:9b:bb:20:b9:3a:2b:d5:fb:aa:3b:d0:8a:
51:3e:d9:d5:ce:17:5d:fb:b1:3f:91:5d:ee:fc:02:
58:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:61:F3:2D:AF:F7:5D:99:81:31:87:CE:08:F6:B5:D6:09:03:64:3C
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/GWHzLa_3XZmBMYfOCPa11gkDZDw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
27:ed:6c:89:b4:09:45:30:9e:89:3f:96:3f:c1:68:0f:5e:96:
3b:0a:77:5f:cb:3b:e4:ed:10:19:c6:74:e0:fd:da:55:6b:26:
7e:ba:6d:ef:33:e4:1c:1c:06:88:2a:99:c8:94:74:85:43:f2:
8b:57:6a:fe:23:df:22:e9:2e:e5:78:c7:b6:9e:aa:e5:f0:f2:
9e:32:2e:dc:80:24:f7:57:b4:a3:48:a5:0b:d6:35:02:1d:c2:
12:6e:61:a8:90:3f:63:41:8b:8f:ad:34:e6:47:92:58:eb:95:
db:30:e6:e4:2d:77:19:c6:82:2e:c7:9b:29:4b:9a:9d:21:c6:
a5:e3:23:be:1c:b7:9a:92:6b:d9:dc:1c:ac:59:b9:42:5e:0d:
a5:e7:b7:d7:42:9e:e1:5b:2d:e9:85:99:af:f1:aa:91:a7:12:
b7:09:b1:30:77:83:c0:d9:fc:0d:2d:48:de:f5:49:4e:71:48:
0b:15:8d:14:08:f5:fb:2f:6c:82:87:5b:99:87:a8:b3:b7:f8:
e3:79:19:f4:4a:20:48:83:19:82:15:90:a6:92:af:81:2a:d5:
65:5e:a1:70:ca:19:b9:b1:19:5c:9b:65:6b:d6:05:7e:5f:fd:
d8:0b:d7:af:b0:d7:11:d6:f6:a5:82:3d:68:d9:1b:97:bf:aa:
7e:1d:d5:e3
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICd6EwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTExMDUy
MDEyNTFaFw0yNjEwMjMwMzAxMDNaMDMxMTAvBgNVBAMTKDE5NjFGMzJEQUZGNzVE
OTk4MTMxODdDRTA4RjZCNUQ2MDkwMzY0M0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC29CarSmPwetS7fRry8GVn2eAnK2ZBRPJiozTY3jtrCGmvLYuA
RxVhw11NJ+0PqFcKoeCSSnWg3CXiYhNUd14r9N0NwYvFOBtpR+PXyNaW7bZxWQEj
yvuLBMwuTEqD0d0XWC2bd17nueEJMsNlHpQqyet1ltuoPG9nmjwQnVfOnze8WGda
XSCfnCykv9M+7m/JbMyeeRXP8oLD9iX5LY9DBH/1GOjI3VCJoIDUIvDtX9Xzx0N1
n6xfq2AnKzCD53b3k0Gs0tewD+zycdQVdgyIgqagcDIpKeq3phmcvfekWjKP6Zu7
ILk6K9X7qjvQilE+2dXOF137sT+RXe78AljTAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUGWHzLa/3XZmBMYfOCPa11gkDZDwwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvR1dIekxhXzNYWm1C
TVlmT0NQYTExZ2tEWkR3LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBACftbIm0CUUwnok/lj/BaA9eljsK
d1/LO+TtEBnGdOD92lVrJn66be8z5BwcBogqmciUdIVD8otXav4j3yLpLuV4x7ae
quXw8p4yLtyAJPdXtKNIpQvWNQIdwhJuYaiQP2NBi4+tNOZHkljrldsw5uQtdxnG
gi7HmylLmp0hxqXjI74ct5qSa9ncHKxZuUJeDaXnt9dCnuFbLemFma/xqpGnErcJ
sTB3g8DZ/A0tSN71SU5xSAsVjRQI9fsvbIKHW5mHqLO3+ON5GfRKIEiDGYIVkKaS
r4Eq1WVeoXDKGbmxGVybZWvWBX5f/dgL16+w1xHW9qWCPWjZG5e/qn4d1eM=
-----END CERTIFICATE-----
Generated at Thu Nov 6 00:34:23 2025 by rpki-client