Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/MoqrHJ11Y3EGbVF4hPq4SlfwFCI.roa
File: MoqrHJ11Y3EGbVF4hPq4SlfwFCI.roa (raw, json)
Hash identifier: erdmGcOYvAeqCZT7/K4QTE2nX3wwCKgypsAFvyeHQ5g=
Subject key identifier: 32:8A:AB:1C:9D:75:63:71:06:6D:51:78:84:FA:B8:4A:57:F0:14:22
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 24EF
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/MoqrHJ11Y3EGbVF4hPq4SlfwFCI.roa
Signing time: Wed 11 Jun 2025 09:09:09 +0000
ROA not before: Wed 11 Jun 2025 09:09:09 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9455 (0x24ef)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 11 09:09:09 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=328AAB1C9D756371066D517884FAB84A57F01422
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:32:a6:05:63:36:00:5e:78:3b:1e:54:aa:cc:
45:13:65:dc:4d:31:c0:58:36:bb:2e:ad:0a:74:a2:
3a:4f:d2:fc:f1:67:3d:4d:a8:e3:66:37:a9:fd:2f:
a2:3b:45:3b:f7:e4:98:9d:9c:54:d9:ad:9c:3f:6c:
38:75:80:02:17:52:ae:c5:e0:81:53:40:bd:79:5f:
b7:31:f3:e1:4a:71:39:c5:5e:a6:62:39:49:9b:49:
00:15:71:db:94:fe:cb:2b:43:23:04:e5:c6:12:77:
14:a9:24:d6:48:c6:cd:c9:23:58:35:ec:38:32:32:
62:7c:d8:92:75:34:e7:36:98:62:8a:59:32:30:33:
b9:67:f8:8b:da:9e:2a:79:89:30:c4:a3:1d:11:42:
f4:81:8b:c0:9b:58:c4:ee:07:49:80:8c:aa:6f:1c:
ea:e8:76:37:cd:3f:9c:d1:0c:cd:f3:25:81:87:c4:
69:19:08:10:a2:14:67:45:c7:4c:e3:59:57:d3:60:
bc:52:59:e1:32:67:0c:4f:d8:4d:4a:f9:1a:b7:18:
4f:9c:ae:4f:f9:ab:34:69:48:6c:ca:92:71:c0:9c:
83:34:bf:05:3a:e7:25:1f:11:3d:0b:04:b3:08:79:
2a:14:78:35:c2:70:69:27:9c:09:3c:22:c6:15:0e:
c5:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:8A:AB:1C:9D:75:63:71:06:6D:51:78:84:FA:B8:4A:57:F0:14:22
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/MoqrHJ11Y3EGbVF4hPq4SlfwFCI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
4b:9b:83:e8:44:b8:50:75:15:89:de:f2:a4:18:1b:d6:76:94:
16:8c:f6:ef:2f:8a:0d:98:dc:e6:89:0c:45:bc:4e:cf:d3:9e:
e9:d3:2f:fc:96:f9:52:9f:ad:0f:7f:d7:f2:3f:11:59:9e:5e:
ea:6f:66:5a:0a:36:b5:3f:4c:af:16:a9:a9:9a:c6:62:ce:8e:
d8:f2:5b:2f:5c:6d:db:d4:eb:c5:3a:7e:eb:6f:eb:8c:d0:62:
21:43:5b:4c:97:dd:e7:e8:2b:a5:4a:2b:98:6c:ff:79:ca:95:
20:0e:f7:fe:30:32:8b:9e:9f:eb:67:57:ea:53:bc:9d:e2:88:
8b:87:ab:f2:87:45:76:88:ef:29:04:c3:96:15:b7:40:20:53:
d9:7b:f9:fb:95:75:bb:1b:09:cb:b5:b2:97:52:96:f9:5c:bb:
98:2d:b8:3b:ce:33:e9:0c:9d:8c:7a:10:b7:48:0c:9a:fe:a5:
2a:47:49:f6:e1:92:cb:d1:e9:59:03:94:20:e1:9f:15:2a:69:
61:59:91:c9:35:88:18:4e:2a:6a:5b:2f:3c:22:d6:f4:4a:b2:
a3:0a:30:6e:3b:a5:4f:60:9f:be:e0:6d:ad:2a:ac:59:94:5b:
f7:a1:eb:df:c7:39:a6:39:e2:53:86:9d:24:9d:e1:aa:84:22:
d5:f2:24:49
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJO8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTEw
OTA5MDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDMyOEFBQjFDOUQ3NTYz
NzEwNjZENTE3ODg0RkFCODRBNTdGMDE0MjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDcMqYFYzYAXng7HlSqzEUTZdxNMcBYNrsurQp0ojpP0vzxZz1N
qONmN6n9L6I7RTv35JidnFTZrZw/bDh1gAIXUq7F4IFTQL15X7cx8+FKcTnFXqZi
OUmbSQAVcduU/ssrQyME5cYSdxSpJNZIxs3JI1g17DgyMmJ82JJ1NOc2mGKKWTIw
M7ln+Ivanip5iTDEox0RQvSBi8CbWMTuB0mAjKpvHOrodjfNP5zRDM3zJYGHxGkZ
CBCiFGdFx0zjWVfTYLxSWeEyZwxP2E1K+Rq3GE+crk/5qzRpSGzKknHAnIM0vwU6
5yUfET0LBLMIeSoUeDXCcGknnAk8IsYVDsWjAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUMoqrHJ11Y3EGbVF4hPq4SlfwFCIwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTW9xckhKMTFZM0VH
YlZGNGhQcTRTbGZ3RkNJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAEubg+hEuFB1FYne8qQYG9Z2lBaM
9u8vig2Y3OaJDEW8Ts/TnunTL/yW+VKfrQ9/1/I/EVmeXupvZloKNrU/TK8Wqama
xmLOjtjyWy9cbdvU68U6futv64zQYiFDW0yX3efoK6VKK5hs/3nKlSAO9/4wMoue
n+tnV+pTvJ3iiIuHq/KHRXaI7ykEw5YVt0AgU9l7+fuVdbsbCcu1spdSlvlcu5gt
uDvOM+kMnYx6ELdIDJr+pSpHSfbhksvR6VkDlCDhnxUqaWFZkck1iBhOKmpbLzwi
1vRKsqMKMG47pU9gn77gba0qrFmUW/eh69/HOaY54lOGnSSd4aqEItXyJEk=
-----END CERTIFICATE-----
Generated at Sun Jun 22 20:42:27 2025 by rpki-client