Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/OX4039NEoRr0b9dh_5BnCW-ajCM.roa
File: OX4039NEoRr0b9dh_5BnCW-ajCM.roa (raw, json)
Hash identifier: xvfTp2khqYxdKUwk2HoLFXS/3eVPOQjc7OzpdBSFB+8=
Subject key identifier: 39:7E:34:DF:D3:44:A1:1A:F4:6F:D7:61:FF:90:67:09:6F:9A:8C:23
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2579
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/OX4039NEoRr0b9dh_5BnCW-ajCM.roa
Signing time: Thu 12 Jun 2025 08:09:16 +0000
ROA not before: Thu 12 Jun 2025 08:09:16 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9593 (0x2579)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 08:09:16 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=397E34DFD344A11AF46FD761FF9067096F9A8C23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:8a:80:f4:c3:db:c8:d7:e0:0e:90:41:0e:1f:
22:b6:b7:57:3e:7c:a8:02:3b:8e:80:c0:a1:a9:25:
c9:16:0f:e0:7b:e7:d5:af:61:0a:b7:1f:36:ac:d5:
3b:4b:71:a8:1e:b3:4c:8b:6f:c2:ba:86:0c:f1:b0:
96:e9:b4:fe:2e:8f:99:35:65:d9:78:76:ba:73:42:
25:1d:4f:06:52:cc:c8:20:6a:17:96:71:c6:84:43:
6b:01:bd:2e:d3:80:62:28:0f:85:f2:f3:07:05:a6:
4a:fe:6a:41:3d:49:1b:2f:f6:1c:6c:9d:79:f5:0d:
d3:5b:b4:f0:b3:82:69:b0:ee:fc:00:11:1f:4f:39:
56:c0:e7:91:f7:89:c1:6a:9f:fd:3a:c8:ab:6c:91:
76:42:57:3a:ea:83:07:01:20:c0:c1:80:f1:21:68:
f1:e6:6b:19:40:b5:46:b3:69:db:9a:05:36:43:d0:
cf:f0:85:dd:e1:7c:3a:4e:e6:2b:0f:f5:1e:72:27:
ae:3e:d9:2a:3d:ca:64:d5:84:3a:e2:b9:a6:68:49:
ae:fd:e3:af:4c:b2:56:2c:45:96:69:e0:fd:dd:fb:
6d:ee:b3:67:07:e7:2d:ed:24:b2:f9:8b:23:ba:d0:
57:79:e6:70:b9:6f:ef:bd:b9:74:b9:33:96:31:4c:
6c:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:7E:34:DF:D3:44:A1:1A:F4:6F:D7:61:FF:90:67:09:6F:9A:8C:23
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/OX4039NEoRr0b9dh_5BnCW-ajCM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
47:9c:61:81:d2:ec:5d:ce:a5:bd:71:79:15:42:cc:30:b6:57:
09:41:0a:b0:e5:43:71:c0:cb:2d:27:4e:14:3f:89:ee:3e:b6:
f6:c7:fc:cd:05:6f:18:b4:5d:c6:78:a1:52:7e:5a:ee:0c:a9:
79:fd:4f:aa:5b:4d:60:3b:19:a2:b4:63:17:f9:a8:d0:db:1b:
94:1b:73:e8:c5:3b:90:6f:0c:df:95:75:f4:47:3a:55:aa:7d:
47:6b:1d:11:c6:6e:b8:41:2a:33:2e:55:39:c9:cf:05:b3:f8:
9e:d5:d9:cb:b0:55:c0:76:ca:1f:20:d1:0c:21:47:76:d4:c1:
62:cf:87:b7:83:ba:79:8e:4f:c3:c7:03:c7:0d:0e:71:4d:11:
d7:28:97:26:bd:48:0a:da:38:84:6d:97:95:47:ef:21:cc:11:
bb:e7:98:7c:3a:1f:4f:14:99:79:3b:b8:6b:fa:81:de:ea:56:
07:34:9e:e8:ab:21:b2:7d:3e:03:55:df:76:8c:28:3a:73:ed:
b2:f3:60:e2:67:f2:b3:98:9c:27:84:25:cc:9f:dc:a3:ef:4b:
28:e8:0a:4e:26:96:69:fd:63:ab:fa:e2:d1:80:ec:44:b5:18:
1f:ff:b9:8b:5b:7e:c1:84:10:39:a8:d7:50:7d:00:6b:0c:4a:
40:f3:87:10
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJXkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIw
ODA5MTZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM5N0UzNERGRDM0NEEx
MUFGNDZGRDc2MUZGOTA2NzA5NkY5QThDMjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4ioD0w9vI1+AOkEEOHyK2t1c+fKgCO46AwKGpJckWD+B759Wv
YQq3Hzas1TtLcages0yLb8K6hgzxsJbptP4uj5k1Zdl4drpzQiUdTwZSzMggaheW
ccaEQ2sBvS7TgGIoD4Xy8wcFpkr+akE9SRsv9hxsnXn1DdNbtPCzgmmw7vwAER9P
OVbA55H3icFqn/06yKtskXZCVzrqgwcBIMDBgPEhaPHmaxlAtUazaduaBTZD0M/w
hd3hfDpO5isP9R5yJ64+2So9ymTVhDriuaZoSa79469MslYsRZZp4P3d+23us2cH
5y3tJLL5iyO60Fd55nC5b++9uXS5M5YxTGzfAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUOX4039NEoRr0b9dh/5BnCW+ajCMwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvT1g0MDM5TkVvUnIw
YjlkaF81Qm5DVy1hakNNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAEecYYHS7F3Opb1xeRVCzDC2VwlB
CrDlQ3HAyy0nThQ/ie4+tvbH/M0Fbxi0XcZ4oVJ+Wu4MqXn9T6pbTWA7GaK0Yxf5
qNDbG5Qbc+jFO5BvDN+VdfRHOlWqfUdrHRHGbrhBKjMuVTnJzwWz+J7V2cuwVcB2
yh8g0QwhR3bUwWLPh7eDunmOT8PHA8cNDnFNEdcolya9SAraOIRtl5VH7yHMEbvn
mHw6H08UmXk7uGv6gd7qVgc0nuirIbJ9PgNV33aMKDpz7bLzYOJn8rOYnCeEJcyf
3KPvSyjoCk4mlmn9Y6v64tGA7ES1GB//uYtbfsGEEDmo11B9AGsMSkDzhxA=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:33:23 2025 by rpki-client