Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/O4QTvTXaYqZAzezg2_-k0Gm2y4U.roa
File: O4QTvTXaYqZAzezg2_-k0Gm2y4U.roa (raw, json)
Hash identifier: 5AuHFFIhaTZBZKvcs6QfGtdQkMT08KesmitqmAaYYqY=
Subject key identifier: 3B:84:13:BD:35:DA:62:A6:40:CD:EC:E0:DB:FF:A4:D0:69:B6:CB:85
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 20C6
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/O4QTvTXaYqZAzezg2_-k0Gm2y4U.roa
Signing time: Tue 03 Jun 2025 23:38:39 +0000
ROA not before: Tue 03 Jun 2025 23:38:39 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8390 (0x20c6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 3 23:38:39 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3B8413BD35DA62A640CDECE0DBFFA4D069B6CB85
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:1f:a0:5a:af:dc:62:d1:94:ee:e1:ba:fe:c8:
55:16:ad:97:49:53:db:d6:ea:1e:c2:47:2e:ae:51:
6c:ec:65:88:b6:5e:9d:41:c4:2e:7b:ae:1a:74:8c:
85:da:5f:78:61:5d:2c:10:ba:ef:61:d0:bb:ca:a1:
b6:19:80:32:10:b5:2a:67:ec:01:b0:eb:7a:f7:5f:
6e:97:bf:cc:24:99:aa:94:7c:6a:bc:73:72:d1:34:
4d:63:2f:b9:31:f8:1c:9d:56:a6:2a:99:7b:82:50:
9c:8c:0e:c9:02:97:ae:b0:36:90:45:55:1d:19:25:
f1:40:92:f9:ae:0a:68:d6:13:e9:54:4a:c9:fa:ac:
9d:77:b4:30:c3:86:e0:ad:63:ab:b1:36:ac:fe:f3:
30:73:54:47:a2:46:01:d3:61:c0:28:78:b1:6d:b4:
a7:85:87:63:30:ca:41:f6:79:99:32:6d:6e:42:cf:
0f:cf:f1:46:53:fe:6d:4c:1a:42:47:63:f7:0f:d2:
4d:7f:e7:2a:c9:b2:9f:3f:86:2a:aa:c5:df:cc:42:
85:f1:09:d7:40:a8:5b:83:d2:29:1d:2f:38:0d:51:
4d:9c:a2:7f:f8:63:38:ba:1a:1e:30:37:7b:10:b8:
72:ed:1d:a5:85:7b:4a:07:26:f8:5f:4c:1b:10:da:
a3:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:84:13:BD:35:DA:62:A6:40:CD:EC:E0:DB:FF:A4:D0:69:B6:CB:85
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/O4QTvTXaYqZAzezg2_-k0Gm2y4U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
73:3a:78:a0:12:01:40:6a:7e:14:60:9d:8d:eb:5d:e9:2d:9b:
71:ea:36:14:36:e2:fd:3a:83:c7:4f:37:5c:ff:2b:56:82:54:
0c:06:72:bc:00:88:83:63:29:4a:bc:4b:d1:ed:84:36:e6:2f:
e6:40:e8:a2:4f:9b:5d:a9:86:39:f3:ce:1e:48:27:7f:2b:e3:
35:94:10:78:e6:07:86:37:33:7e:9a:23:46:6f:34:56:59:ea:
9b:df:2a:87:96:20:f4:3b:c7:1f:45:fd:19:01:9b:ad:4f:9e:
d5:84:0d:12:88:2a:13:b5:1f:65:2a:44:8c:36:b3:b5:03:e2:
41:f5:91:4f:e0:c1:d1:42:e3:d7:2e:e7:37:bc:7d:f4:de:00:
a4:34:bc:65:e4:d0:ec:00:46:89:89:4b:5f:4d:93:01:48:85:
ef:83:7c:aa:65:6b:e2:ec:f8:18:d1:4e:50:0b:d3:1b:4e:2c:
30:21:fb:60:6b:69:b6:78:30:ff:eb:3b:20:9b:c9:12:7a:59:
fb:84:ba:58:a1:23:0a:71:3b:75:18:67:dc:7b:71:0f:3c:f6:
75:9e:b9:b0:18:db:de:9a:f9:18:3d:f9:1f:ff:c3:fb:70:10:
1d:c2:46:34:0e:38:10:c7:b9:2d:2c:5a:f0:c7:1f:6b:01:27:
d1:ca:56:3b
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIMYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDMy
MzM4MzlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNCODQxM0JEMzVEQTYy
QTY0MENERUNFMERCRkZBNEQwNjlCNkNCODUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtH6Bar9xi0ZTu4br+yFUWrZdJU9vW6h7CRy6uUWzsZYi2Xp1B
xC57rhp0jIXaX3hhXSwQuu9h0LvKobYZgDIQtSpn7AGw63r3X26Xv8wkmaqUfGq8
c3LRNE1jL7kx+BydVqYqmXuCUJyMDskCl66wNpBFVR0ZJfFAkvmuCmjWE+lUSsn6
rJ13tDDDhuCtY6uxNqz+8zBzVEeiRgHTYcAoeLFttKeFh2MwykH2eZkybW5Czw/P
8UZT/m1MGkJHY/cP0k1/5yrJsp8/hiqqxd/MQoXxCddAqFuD0ikdLzgNUU2con/4
Yzi6Gh4wN3sQuHLtHaWFe0oHJvhfTBsQ2qPfAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUO4QTvTXaYqZAzezg2/+k0Gm2y4UwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTzRRVHZUWGFZcVpB
emV6ZzJfLWswR20yeTRVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAHM6eKASAUBqfhRgnY3rXektm3Hq
NhQ24v06g8dPN1z/K1aCVAwGcrwAiINjKUq8S9HthDbmL+ZA6KJPm12phjnzzh5I
J38r4zWUEHjmB4Y3M36aI0ZvNFZZ6pvfKoeWIPQ7xx9F/RkBm61PntWEDRKIKhO1
H2UqRIw2s7UD4kH1kU/gwdFC49cu5ze8ffTeAKQ0vGXk0OwARomJS19NkwFIhe+D
fKpla+Ls+BjRTlAL0xtOLDAh+2BrabZ4MP/rOyCbyRJ6WfuEulihIwpxO3UYZ9x7
cQ889nWeubAY296a+Rg9+R//w/twEB3CRjQOOBDHuS0sWvDHH2sBJ9HKVjs=
-----END CERTIFICATE-----
Generated at Sun Jun 22 00:56:10 2025 by rpki-client