Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/NOA9z17TZZYQz5j3Xeq-oOZCD-U.roa
File: NOA9z17TZZYQz5j3Xeq-oOZCD-U.roa (raw, json)
Hash identifier: WedrJnaPiFhF0ZE1+rq5SNbbLvcWh6s2jZE99+BJhAU=
Subject key identifier: 34:E0:3D:CF:5E:D3:65:96:10:CF:98:F7:5D:EA:BE:A0:E6:42:0F:E5
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 236D
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/NOA9z17TZZYQz5j3Xeq-oOZCD-U.roa
Signing time: Sun 08 Jun 2025 16:39:00 +0000
ROA not before: Sun 08 Jun 2025 16:39:00 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9069 (0x236d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 8 16:39:00 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=34E03DCF5ED3659610CF98F75DEABEA0E6420FE5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:b4:9a:37:e5:40:c6:85:aa:47:47:bd:50:15:
d1:4e:c2:9f:3f:10:d7:de:b9:f8:4b:da:9f:04:a6:
14:b7:16:b2:db:ea:ef:8c:5d:9d:c6:dc:6f:d9:68:
49:85:78:5a:7b:dd:70:85:ed:12:3a:d7:9c:76:d7:
d1:46:76:08:5d:e5:0d:ad:01:b0:63:04:b6:c1:01:
1d:69:20:8b:eb:56:e4:f3:d9:d5:cc:83:14:64:f2:
8e:8e:84:f0:d3:d1:10:0d:0f:64:fe:fb:b4:11:87:
ad:cb:f2:ea:08:6d:56:1f:a9:b0:ec:ce:6e:51:da:
64:76:73:eb:d6:34:ea:31:84:ad:d1:09:3d:12:a6:
c7:2f:32:c0:46:74:75:b6:30:61:20:46:37:54:9c:
d8:ce:51:e6:eb:e6:35:d3:03:61:83:4b:ac:2a:71:
d0:e5:a2:6e:14:c5:14:41:bf:0c:78:32:04:cc:ff:
f8:31:0c:c0:ff:66:d3:66:67:e7:2e:ab:10:7c:d3:
bd:38:2a:ac:34:e8:5c:2e:34:bb:01:15:34:61:d7:
00:52:61:d8:01:d6:63:21:75:f1:4c:94:10:f0:8d:
66:73:27:4c:5a:4f:ae:8d:31:0e:b6:a6:e8:69:e5:
94:8a:17:f8:f7:98:8c:31:d0:e6:0c:5b:16:0e:25:
8e:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:E0:3D:CF:5E:D3:65:96:10:CF:98:F7:5D:EA:BE:A0:E6:42:0F:E5
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/NOA9z17TZZYQz5j3Xeq-oOZCD-U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
40:65:b6:77:8b:21:a4:e9:52:1c:47:18:cb:ef:b6:0b:76:84:
c9:57:33:28:57:f7:6f:01:c4:31:d8:d6:3d:f9:9d:f8:e3:c2:
50:2c:76:44:d3:54:d8:44:e8:98:40:f2:3d:66:f8:0c:8c:78:
22:08:9e:1a:d3:f9:c1:9f:94:70:88:38:8a:3d:af:4c:4d:44:
8f:a9:f5:68:85:95:ab:b8:e8:db:75:53:ad:58:8c:06:16:30:
fa:6b:cb:f9:cf:6e:9e:55:da:8e:70:1b:98:00:69:f8:cd:54:
4f:d0:44:09:aa:3f:1f:56:df:e5:2b:d1:04:14:e0:f4:7e:aa:
6f:34:14:da:c0:56:c1:eb:f1:09:0e:d1:89:13:70:aa:40:85:
4c:85:83:07:87:85:02:54:30:27:7f:7f:2a:5f:49:c8:48:a2:
94:8e:ff:71:ed:f1:6e:dd:35:ea:47:d3:ff:5d:6f:9b:cb:b5:
bf:5b:e4:2f:d6:07:85:04:cd:5e:46:15:6f:85:fe:8e:71:6e:
19:6c:64:5e:56:fa:20:39:89:76:7d:b2:ef:b8:dc:1d:da:58:
87:73:cc:9e:5d:7a:7f:71:6d:d6:b6:e6:a7:d6:98:3a:67:f0:
65:2c:f7:f1:1e:e4:ce:a2:c9:f2:83:e3:d7:4a:57:1a:ac:55:
a9:87:de:63
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICI20wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDgx
NjM5MDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM0RTAzRENGNUVEMzY1
OTYxMENGOThGNzVERUFCRUEwRTY0MjBGRTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvtJo35UDGhapHR71QFdFOwp8/ENfeufhL2p8EphS3FrLb6u+M
XZ3G3G/ZaEmFeFp73XCF7RI615x219FGdghd5Q2tAbBjBLbBAR1pIIvrVuTz2dXM
gxRk8o6OhPDT0RAND2T++7QRh63L8uoIbVYfqbDszm5R2mR2c+vWNOoxhK3RCT0S
pscvMsBGdHW2MGEgRjdUnNjOUebr5jXTA2GDS6wqcdDlom4UxRRBvwx4MgTM//gx
DMD/ZtNmZ+cuqxB80704Kqw06FwuNLsBFTRh1wBSYdgB1mMhdfFMlBDwjWZzJ0xa
T66NMQ62puhp5ZSKF/j3mIwx0OYMWxYOJY6XAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUNOA9z17TZZYQz5j3Xeq+oOZCD+UwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTk9BOXoxN1RaWllR
ejVqM1hlcS1vT1pDRC1VLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAEBltneLIaTpUhxHGMvvtgt2hMlX
MyhX928BxDHY1j35nfjjwlAsdkTTVNhE6JhA8j1m+AyMeCIInhrT+cGflHCIOIo9
r0xNRI+p9WiFlau46Nt1U61YjAYWMPpry/nPbp5V2o5wG5gAafjNVE/QRAmqPx9W
3+Ur0QQU4PR+qm80FNrAVsHr8QkO0YkTcKpAhUyFgweHhQJUMCd/fypfSchIopSO
/3Ht8W7dNepH0/9db5vLtb9b5C/WB4UEzV5GFW+F/o5xbhlsZF5W+iA5iXZ9su+4
3B3aWIdzzJ5den9xbda25qfWmDpn8GUs9/Ee5M6iyfKD49dKVxqsVamH3mM=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:07:01 2025 by rpki-client