Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/OW-bqthrmZuSZegx8w5TSoS-Z0Y.roa
File: OW-bqthrmZuSZegx8w5TSoS-Z0Y.roa (raw, json)
Hash identifier: F/+yT43UAHp8IBZOottTTM9/cBjmLbo+gziLxzRiWtA=
Subject key identifier: 39:6F:9B:AA:D8:6B:99:9B:92:65:E8:31:F3:0E:53:4A:84:BE:67:46
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 250B
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/OW-bqthrmZuSZegx8w5TSoS-Z0Y.roa
Signing time: Wed 11 Jun 2025 13:39:16 +0000
ROA not before: Wed 11 Jun 2025 13:39:16 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9483 (0x250b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 11 13:39:16 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=396F9BAAD86B999B9265E831F30E534A84BE6746
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:30:3b:df:ba:66:2c:81:2f:df:b3:22:46:ba:
d1:46:c1:ca:56:53:6f:5a:4f:bd:1b:b3:fd:78:c2:
36:6d:9e:5a:f5:83:29:62:be:ad:54:56:6d:4c:27:
e0:d7:27:85:6e:be:36:23:43:7a:ca:62:86:59:48:
c0:11:e0:d7:fc:fb:f9:19:ec:f9:82:d4:3c:ea:07:
3d:97:a3:e6:da:ef:90:fd:ee:48:2e:26:0b:12:27:
f7:40:52:29:f2:07:41:73:9d:d5:fd:a7:c0:79:55:
8e:b2:6b:82:a6:a1:8f:16:f6:7d:29:b6:7a:06:53:
67:f0:f3:3d:75:6c:85:08:d2:9a:43:10:ed:b7:a8:
3d:0d:f7:a9:b1:a2:87:32:d4:f3:5e:a5:4f:53:97:
4d:51:81:d5:e1:64:d4:de:c5:00:b5:1e:cb:69:fa:
ba:e4:48:65:83:2b:4d:73:1e:29:98:f2:f3:ec:be:
c4:0d:b5:cc:23:ad:c2:6e:25:fd:70:1e:10:9b:c9:
29:f0:a8:df:55:54:50:ac:2e:b6:b1:c9:30:0f:d8:
3a:17:88:c7:f4:de:36:17:60:64:94:10:38:78:0e:
fe:bd:38:e3:3a:54:01:12:a7:23:d1:af:23:36:fc:
07:3a:dc:ab:20:6a:01:88:e0:50:47:41:d6:70:8e:
71:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:6F:9B:AA:D8:6B:99:9B:92:65:E8:31:F3:0E:53:4A:84:BE:67:46
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/OW-bqthrmZuSZegx8w5TSoS-Z0Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
52:78:83:79:93:2f:d1:04:41:36:ca:f8:39:33:2c:0a:13:72:
fb:27:c0:a6:d5:bc:b1:ca:a7:e7:dd:dc:80:23:f9:49:f7:77:
b2:d9:84:4f:55:bb:05:40:9d:ad:d5:ce:b2:f6:bd:58:de:e4:
f9:47:2d:fd:45:87:b0:6e:86:2a:58:29:ac:b5:1e:d5:26:e7:
4b:63:52:16:a5:8c:eb:b1:d2:12:6c:cc:05:3f:32:fd:ca:b9:
85:cb:82:1f:e3:fb:ae:73:5e:1f:79:82:c6:63:5a:05:25:5e:
28:f6:9e:12:4b:23:a4:cb:e8:55:8d:15:d1:14:b2:fb:d0:06:
a3:4a:ef:10:5a:b4:ab:29:c3:11:f6:6e:50:e9:aa:db:37:ac:
65:33:f9:8a:8d:99:0c:0b:d8:60:d9:5f:a8:e7:af:89:53:02:
f6:bb:e5:c4:d2:65:a6:16:5a:ec:23:93:0e:b8:9d:92:48:69:
b5:02:37:99:17:47:10:a2:61:e7:f0:da:18:70:17:d6:b6:69:
41:55:86:90:88:9f:61:2c:14:20:6c:00:2a:48:25:ab:f7:75:
97:75:3d:be:a8:76:c5:92:ed:bb:cd:db:42:f0:85:2d:da:9d:
12:fb:dd:2f:6c:03:ed:38:51:ad:cd:f3:94:53:a0:b1:3b:38:
80:fd:4d:b4
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJQswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTEx
MzM5MTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM5NkY5QkFBRDg2Qjk5
OUI5MjY1RTgzMUYzMEU1MzRBODRCRTY3NDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7MDvfumYsgS/fsyJGutFGwcpWU29aT70bs/14wjZtnlr1gyli
vq1UVm1MJ+DXJ4VuvjYjQ3rKYoZZSMAR4Nf8+/kZ7PmC1DzqBz2Xo+ba75D97kgu
JgsSJ/dAUinyB0FzndX9p8B5VY6ya4KmoY8W9n0ptnoGU2fw8z11bIUI0ppDEO23
qD0N96mxoocy1PNepU9Tl01RgdXhZNTexQC1Hstp+rrkSGWDK01zHimY8vPsvsQN
tcwjrcJuJf1wHhCbySnwqN9VVFCsLraxyTAP2DoXiMf03jYXYGSUEDh4Dv69OOM6
VAESpyPRryM2/Ac63KsgagGI4FBHQdZwjnGRAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUOW+bqthrmZuSZegx8w5TSoS+Z0YwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvT1ctYnF0aHJtWnVT
WmVneDh3NVRTb1MtWjBZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAFJ4g3mTL9EEQTbK+DkzLAoTcvsn
wKbVvLHKp+fd3IAj+Un3d7LZhE9VuwVAna3VzrL2vVje5PlHLf1Fh7BuhipYKay1
HtUm50tjUhaljOux0hJszAU/Mv3KuYXLgh/j+65zXh95gsZjWgUlXij2nhJLI6TL
6FWNFdEUsvvQBqNK7xBatKspwxH2blDpqts3rGUz+YqNmQwL2GDZX6jnr4lTAva7
5cTSZaYWWuwjkw64nZJIabUCN5kXRxCiYefw2hhwF9a2aUFVhpCIn2EsFCBsACpI
Jav3dZd1Pb6odsWS7bvN20LwhS3anRL73S9sA+04Ua3N85RToLE7OID9TbQ=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:13:13 2025 by rpki-client