Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/N3NvGDUK6KE6dUgiEOnELcCWrN8.roa
File: N3NvGDUK6KE6dUgiEOnELcCWrN8.roa (raw, json)
Hash identifier: OZWBZBzGdAd5zsk7PsgUEbbd7T0OofmQQSuxgGiOxpg=
Subject key identifier: 37:73:6F:18:35:0A:E8:A1:3A:75:48:22:10:E9:C4:2D:C0:96:AC:DF
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 23F0
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/N3NvGDUK6KE6dUgiEOnELcCWrN8.roa
Signing time: Mon 09 Jun 2025 14:38:59 +0000
ROA not before: Mon 09 Jun 2025 14:38:59 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9200 (0x23f0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 9 14:38:59 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=37736F18350AE8A13A75482210E9C42DC096ACDF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:2b:f9:bd:2a:67:42:70:ac:c1:8c:60:08:89:
59:11:45:a6:9e:cd:8a:d8:c0:8a:33:30:db:89:48:
a4:75:af:55:92:e5:71:73:d0:23:05:68:a5:ef:4d:
43:b9:38:2a:a6:a0:b3:33:c3:c1:00:36:3c:79:67:
55:ca:62:28:4a:49:7b:67:07:ac:21:11:63:9d:c2:
11:26:91:e2:74:cd:bc:36:8f:16:89:ca:39:f3:69:
06:69:b3:1f:e8:9d:bd:74:53:13:2e:6e:fd:e5:b0:
02:09:f6:8a:d4:29:0c:01:32:ff:0f:63:c2:28:97:
05:da:31:bb:28:82:46:99:d0:38:61:2a:51:37:b5:
5b:e9:c1:a6:76:52:bf:62:d9:50:25:d4:7e:87:d4:
27:9e:39:d8:33:36:a2:d6:18:4c:7b:18:39:ca:46:
08:b5:31:0e:d3:44:10:d5:b3:db:ae:11:29:ff:19:
8f:77:b0:ce:f3:a8:fc:a2:15:f0:ff:a4:12:38:19:
a8:ae:26:76:11:10:3c:87:68:dc:c7:5c:be:4f:74:
ed:1f:2b:c7:0a:24:73:4c:48:0b:b5:50:c4:95:83:
db:92:a4:ef:b0:20:65:ab:7d:d0:f6:44:cb:b4:a1:
c0:51:60:37:8e:b4:78:f2:f5:b2:9e:bc:14:9e:aa:
35:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:73:6F:18:35:0A:E8:A1:3A:75:48:22:10:E9:C4:2D:C0:96:AC:DF
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/N3NvGDUK6KE6dUgiEOnELcCWrN8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
52:73:f9:d4:7b:17:1e:38:c8:f7:7c:6a:99:10:5f:09:f5:3b:
7e:0c:2c:c0:b0:a9:f3:65:c7:c0:62:48:05:51:5b:3b:77:25:
a9:84:b3:5e:3b:88:e9:8f:82:31:fd:da:60:61:95:8f:ae:04:
e1:70:fc:91:52:d6:d9:d4:59:6f:d0:e2:c9:47:3d:df:42:ea:
ea:c5:9c:a8:82:13:0a:d3:ff:29:2d:f8:d5:69:0f:8a:9b:c1:
6f:f5:7e:47:7d:b0:2c:e0:57:e0:de:17:7b:50:ec:d0:df:ac:
7f:00:69:ea:96:47:f5:e9:f5:8b:10:97:ff:ec:f0:6d:84:46:
40:41:d6:92:3b:a2:e8:2c:77:98:01:b9:7c:0d:38:ee:6c:23:
fa:3e:ce:55:2d:1b:89:17:2f:f0:88:2a:33:3a:90:ea:11:0e:
82:79:c6:cf:a6:7c:03:34:29:41:32:fb:32:31:a5:8d:ef:3d:
19:ed:31:cc:f0:17:fa:d0:12:fc:06:7a:04:34:52:17:9d:a0:
d5:ae:24:f3:f9:2b:e5:dd:ba:fb:f7:35:b0:2e:73:8c:8e:1f:
2e:e9:a5:4a:07:38:4b:c3:ed:56:89:7d:c5:c6:a5:68:a0:7d:
96:a1:45:4b:36:85:7c:71:5f:86:1b:c1:c5:9b:c4:99:3d:32:
36:16:b7:40
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICI/AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDkx
NDM4NTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM3NzM2RjE4MzUwQUU4
QTEzQTc1NDgyMjEwRTlDNDJEQzA5NkFDREYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+K/m9KmdCcKzBjGAIiVkRRaaezYrYwIozMNuJSKR1r1WS5XFz
0CMFaKXvTUO5OCqmoLMzw8EANjx5Z1XKYihKSXtnB6whEWOdwhEmkeJ0zbw2jxaJ
yjnzaQZpsx/onb10UxMubv3lsAIJ9orUKQwBMv8PY8IolwXaMbsogkaZ0DhhKlE3
tVvpwaZ2Ur9i2VAl1H6H1CeeOdgzNqLWGEx7GDnKRgi1MQ7TRBDVs9uuESn/GY93
sM7zqPyiFfD/pBI4GaiuJnYREDyHaNzHXL5PdO0fK8cKJHNMSAu1UMSVg9uSpO+w
IGWrfdD2RMu0ocBRYDeOtHjy9bKevBSeqjVBAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUN3NvGDUK6KE6dUgiEOnELcCWrN8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTjNOdkdEVUs2S0U2
ZFVnaUVPbkVMY0NXck44LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAFJz+dR7Fx44yPd8apkQXwn1O34M
LMCwqfNlx8BiSAVRWzt3JamEs147iOmPgjH92mBhlY+uBOFw/JFS1tnUWW/Q4slH
Pd9C6urFnKiCEwrT/ykt+NVpD4qbwW/1fkd9sCzgV+DeF3tQ7NDfrH8AaeqWR/Xp
9YsQl//s8G2ERkBB1pI7ougsd5gBuXwNOO5sI/o+zlUtG4kXL/CIKjM6kOoRDoJ5
xs+mfAM0KUEy+zIxpY3vPRntMczwF/rQEvwGegQ0UhedoNWuJPP5K+Xduvv3NbAu
c4yOHy7ppUoHOEvD7VaJfcXGpWigfZahRUs2hXxxX4YbwcWbxJk9MjYWt0A=
-----END CERTIFICATE-----
Generated at Sat Jun 21 00:46:50 2025 by rpki-client