Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/O0CvI_2gcvcWnzGHxFdi3IbMgwY.roa
File: O0CvI_2gcvcWnzGHxFdi3IbMgwY.roa (raw, json)
Hash identifier: wLkQCFSAWS7I6pWk3z9oMVC2Nm//o4eFtgcC5c6Rm3c=
Subject key identifier: 3B:40:AF:23:FD:A0:72:F7:16:9F:31:87:C4:57:62:DC:86:CC:83:06
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2513
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/O0CvI_2gcvcWnzGHxFdi3IbMgwY.roa
Signing time: Wed 11 Jun 2025 15:09:12 +0000
ROA not before: Wed 11 Jun 2025 15:09:12 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9491 (0x2513)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 11 15:09:12 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3B40AF23FDA072F7169F3187C45762DC86CC8306
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:90:5b:e4:92:3a:80:ed:3f:c9:f5:c4:42:92:
20:9b:fb:9e:35:8f:1a:c9:e4:03:e5:09:f0:b9:a6:
29:48:6d:ac:eb:92:45:97:5a:5d:0a:ca:d3:09:8d:
b9:73:30:0d:c7:50:7b:8a:2a:c9:d6:12:d5:10:0b:
20:4d:22:64:38:4f:18:da:0a:60:ae:9e:2f:99:d3:
86:9c:34:2c:62:47:b9:33:9b:8b:46:7b:ec:91:34:
2b:b9:aa:b1:21:57:6b:31:4f:55:6d:b2:11:70:57:
e8:91:2a:9e:e1:52:11:d8:c6:78:0e:24:5e:96:54:
3e:cf:27:c6:9d:39:be:74:da:86:20:47:70:45:03:
94:f6:10:60:0b:d5:2d:93:ed:f6:2e:05:c6:7c:39:
ce:c8:db:b6:70:9d:8c:12:4a:66:9e:ae:04:28:3a:
6c:7c:94:e9:23:a8:9c:a9:13:e3:af:e4:ed:77:13:
69:1a:d0:87:3e:92:b6:66:ba:2f:70:a0:66:f8:17:
88:52:83:27:94:91:d2:73:c9:a1:cd:85:3a:6d:01:
02:64:83:e5:84:3b:4b:99:88:e1:87:a8:b2:c5:75:
1a:38:3f:15:d5:87:ec:d5:46:78:8b:6b:7c:8c:0d:
a3:45:a9:03:6e:e7:c7:2b:be:ff:29:56:49:58:96:
bf:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:40:AF:23:FD:A0:72:F7:16:9F:31:87:C4:57:62:DC:86:CC:83:06
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/O0CvI_2gcvcWnzGHxFdi3IbMgwY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
0d:81:79:b1:fc:1c:48:eb:ff:10:63:fa:73:17:e1:4d:e9:ec:
d2:ca:28:de:ed:b7:56:70:02:22:ad:06:f3:c2:7d:5b:f5:4e:
76:e9:af:0d:9f:98:ea:c5:91:27:fd:4a:8c:56:5f:cd:19:2c:
08:9f:b4:4e:a5:e7:f9:10:12:0f:22:8b:2a:b2:ef:f1:a7:9e:
53:d6:20:71:37:6c:bb:db:88:0d:3a:c7:d1:25:e9:b1:59:17:
fd:b6:33:f0:dd:fa:23:89:ca:9b:82:27:6d:77:f2:fb:2c:38:
e8:60:c4:04:7a:38:c4:c0:59:9e:1b:9e:14:19:1e:00:11:c9:
61:3c:f6:33:1d:00:af:f3:3b:7e:bb:75:8b:aa:ea:8b:6d:fe:
ac:b3:bd:1a:60:28:e2:5b:31:94:16:98:a8:9c:57:fe:5e:1b:
58:95:6a:17:66:e0:c8:60:11:f4:29:87:e6:34:54:07:aa:df:
98:55:81:d5:4b:2e:56:02:03:5b:06:be:48:86:db:4f:89:2f:
10:11:1a:0a:fe:7d:92:05:84:e9:43:5b:e3:3c:49:07:a9:01:
fc:9b:d5:7e:0a:f5:3e:ec:bb:1f:ad:f5:ce:ef:5d:2c:29:10:
98:36:4a:cf:fb:f9:97:0a:cf:c6:f0:75:c4:12:2f:84:19:84:
db:bc:dc:c2
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJRMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTEx
NTA5MTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNCNDBBRjIzRkRBMDcy
RjcxNjlGMzE4N0M0NTc2MkRDODZDQzgzMDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCYkFvkkjqA7T/J9cRCkiCb+541jxrJ5APlCfC5pilIbazrkkWX
Wl0KytMJjblzMA3HUHuKKsnWEtUQCyBNImQ4TxjaCmCuni+Z04acNCxiR7kzm4tG
e+yRNCu5qrEhV2sxT1VtshFwV+iRKp7hUhHYxngOJF6WVD7PJ8adOb502oYgR3BF
A5T2EGAL1S2T7fYuBcZ8Oc7I27ZwnYwSSmaergQoOmx8lOkjqJypE+Ov5O13E2ka
0Ic+krZmui9woGb4F4hSgyeUkdJzyaHNhTptAQJkg+WEO0uZiOGHqLLFdRo4PxXV
h+zVRniLa3yMDaNFqQNu58crvv8pVklYlr9zAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUO0CvI/2gcvcWnzGHxFdi3IbMgwYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTzBDdklfMmdjdmNX
bnpHSHhGZGkzSWJNZ3dZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAA2BebH8HEjr/xBj+nMX4U3p7NLK
KN7tt1ZwAiKtBvPCfVv1Tnbprw2fmOrFkSf9SoxWX80ZLAiftE6l5/kQEg8iiyqy
7/GnnlPWIHE3bLvbiA06x9El6bFZF/22M/Dd+iOJypuCJ2138vssOOhgxAR6OMTA
WZ4bnhQZHgARyWE89jMdAK/zO367dYuq6ott/qyzvRpgKOJbMZQWmKicV/5eG1iV
ahdm4MhgEfQph+Y0VAeq35hVgdVLLlYCA1sGvkiG20+JLxARGgr+fZIFhOlDW+M8
SQepAfyb1X4K9T7sux+t9c7vXSwpEJg2Ss/7+ZcKz8bwdcQSL4QZhNu83MI=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:04:06 2025 by rpki-client