Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/IH3cZEAJ7yNarKv-NY6ZMsUCLZ8.roa
File: IH3cZEAJ7yNarKv-NY6ZMsUCLZ8.roa (raw, json)
Hash identifier: 3X6+EheMT2yyiVaMHpFc5jdQ5LmT5FwmzyIj8+9d1Kc=
Subject key identifier: 20:7D:DC:64:40:09:EF:23:5A:AC:AB:FE:35:8E:99:32:C5:02:2D:9F
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 204C
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/IH3cZEAJ7yNarKv-NY6ZMsUCLZ8.roa
Signing time: Tue 03 Jun 2025 03:08:38 +0000
ROA not before: Tue 03 Jun 2025 03:08:38 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8268 (0x204c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 3 03:08:38 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=207DDC644009EF235AACABFE358E9932C5022D9F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:49:97:42:ed:cf:30:25:e9:b2:58:cc:94:22:
8c:04:5e:dc:43:4f:53:31:29:61:82:29:1e:8a:23:
00:90:77:d2:ab:1f:41:dd:27:0b:71:95:f0:73:6f:
a8:d9:cb:81:b9:48:9c:7c:db:f1:7e:8f:76:79:df:
b4:b3:76:ec:3e:c4:ac:6f:76:c3:68:d7:8f:7f:b0:
ff:9c:62:f3:4a:bb:5a:dc:47:8f:fd:93:ef:3f:1a:
32:49:a4:8c:05:84:e6:f8:c5:bf:bf:ab:b4:3f:97:
2e:7a:be:1d:42:b4:32:e4:78:de:46:ac:89:13:6f:
76:49:8a:a8:d2:d3:40:b6:c8:51:a2:02:3c:a9:d7:
33:91:8b:6d:de:6d:ab:1c:47:ea:31:05:3d:30:81:
02:3d:6d:7f:d7:21:c7:44:1a:a8:e1:6f:4d:46:53:
a8:7f:d0:42:2e:40:bd:fd:b9:23:69:60:f7:cd:39:
84:8d:49:27:38:d8:84:f7:5e:f0:f8:95:19:20:8d:
8f:f0:22:ea:3d:65:ad:16:9b:58:38:18:49:72:35:
19:85:a6:7f:aa:dd:f7:bb:27:35:33:8e:63:9a:f0:
87:5e:96:33:cb:4d:7e:11:28:8d:a3:07:e7:ca:ed:
a7:46:3b:61:69:19:90:3a:c0:e0:4e:01:73:42:82:
2b:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:7D:DC:64:40:09:EF:23:5A:AC:AB:FE:35:8E:99:32:C5:02:2D:9F
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/IH3cZEAJ7yNarKv-NY6ZMsUCLZ8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
8a:48:9a:20:ae:db:5b:15:7b:b0:4a:f4:73:08:0c:1b:da:9b:
7c:e3:88:af:75:ca:cf:db:19:cf:1c:4a:b5:64:a7:64:5b:bc:
0f:0c:f0:75:cb:8b:c7:7a:d5:98:38:24:41:88:16:de:11:db:
81:16:8e:28:27:84:eb:36:9d:0b:c3:56:1f:10:2d:53:ca:15:
ed:8e:48:c3:94:1b:3f:02:b5:f6:73:ce:e3:b7:bb:ea:72:f5:
e2:c9:49:41:85:7d:02:07:74:aa:ab:f6:ae:21:e2:28:aa:a7:
f9:e8:92:88:3b:61:a5:40:08:63:bb:04:f1:dd:b2:d4:3d:be:
ec:d6:11:d1:67:0d:d3:7d:b9:0d:3d:35:1e:36:13:cb:e0:2e:
d1:17:11:95:42:e7:95:cf:6e:5c:2b:90:e6:1c:64:5a:0f:7d:
e7:03:df:ea:e3:61:bc:20:df:09:3c:11:a6:2f:29:4d:9b:a2:
d3:63:62:44:6d:b4:30:78:d1:8a:d5:81:6a:1b:b0:d9:01:df:
59:13:77:37:36:f0:0b:ca:f1:aa:a5:34:5d:01:05:d0:7c:60:
e9:e2:b7:57:b8:c0:f6:e1:c0:93:03:0d:9c:da:73:e4:f7:b5:
35:63:46:ca:3f:1f:ce:e8:65:db:f5:ef:cb:55:3b:1d:c8:ac:
76:8e:cf:0f
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIEwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDMw
MzA4MzhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDIwN0REQzY0NDAwOUVG
MjM1QUFDQUJGRTM1OEU5OTMyQzUwMjJEOUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDNSZdC7c8wJemyWMyUIowEXtxDT1MxKWGCKR6KIwCQd9KrH0Hd
JwtxlfBzb6jZy4G5SJx82/F+j3Z537Szduw+xKxvdsNo149/sP+cYvNKu1rcR4/9
k+8/GjJJpIwFhOb4xb+/q7Q/ly56vh1CtDLkeN5GrIkTb3ZJiqjS00C2yFGiAjyp
1zORi23ebascR+oxBT0wgQI9bX/XIcdEGqjhb01GU6h/0EIuQL39uSNpYPfNOYSN
SSc42IT3XvD4lRkgjY/wIuo9Za0Wm1g4GElyNRmFpn+q3fe7JzUzjmOa8IdeljPL
TX4RKI2jB+fK7adGO2FpGZA6wOBOAXNCgitFAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUIH3cZEAJ7yNarKv+NY6ZMsUCLZ8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvSUgzY1pFQUo3eU5h
ckt2LU5ZNlpNc1VDTFo4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAIpImiCu21sVe7BK9HMIDBvam3zj
iK91ys/bGc8cSrVkp2RbvA8M8HXLi8d61Zg4JEGIFt4R24EWjignhOs2nQvDVh8Q
LVPKFe2OSMOUGz8CtfZzzuO3u+py9eLJSUGFfQIHdKqr9q4h4iiqp/nokog7YaVA
CGO7BPHdstQ9vuzWEdFnDdN9uQ09NR42E8vgLtEXEZVC55XPblwrkOYcZFoPfecD
3+rjYbwg3wk8EaYvKU2botNjYkRttDB40YrVgWobsNkB31kTdzc28AvK8aqlNF0B
BdB8YOnit1e4wPbhwJMDDZzac+T3tTVjRso/H87oZdv178tVOx3IrHaOzw8=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:32:18 2025 by rpki-client