Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/OfZFBR6mGWdDsPKgAaaXAGHoqXM.roa
File: OfZFBR6mGWdDsPKgAaaXAGHoqXM.roa (raw, json)
Hash identifier: N9uAVCGJDV1YfmdB3VxzfPSbHUIYPCzRHvrkiy1McPM=
Subject key identifier: 39:F6:45:05:1E:A6:19:67:43:B0:F2:A0:01:A6:97:00:61:E8:A9:73
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2562
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/OfZFBR6mGWdDsPKgAaaXAGHoqXM.roa
Signing time: Thu 12 Jun 2025 04:09:13 +0000
ROA not before: Thu 12 Jun 2025 04:09:13 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9570 (0x2562)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 04:09:13 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=39F645051EA6196743B0F2A001A6970061E8A973
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:6e:dc:a3:2e:5f:3d:c7:cb:f4:10:35:ee:2d:
6a:03:56:6c:b7:a1:e1:61:d1:8c:c2:74:f9:9b:44:
c1:6d:f6:f0:61:e2:7a:5b:82:1b:4a:25:6e:cd:dc:
77:d4:27:5a:3b:09:af:31:28:bf:92:06:04:fd:f8:
9d:f7:a6:89:16:7c:77:d5:f4:9d:20:75:86:1a:87:
46:25:7f:d8:a3:30:e9:c7:dc:92:9d:9e:fa:9a:00:
cf:fb:69:5d:ee:64:78:14:45:cb:59:97:95:7b:d5:
40:78:c8:96:19:53:59:aa:ad:1a:ad:30:51:b8:e3:
b6:a7:7f:6b:19:fc:9d:b6:3b:df:53:9b:aa:8c:02:
6b:a9:b7:50:3d:70:b7:83:a4:01:08:a2:4e:82:10:
8f:9a:9b:56:a4:e4:e1:52:f9:84:f6:d3:fa:8e:84:
86:9d:2c:82:3d:35:be:45:a1:de:65:fb:4b:29:c8:
67:a9:88:ec:10:fa:95:fd:20:66:78:de:f9:2b:6b:
4f:7e:71:21:e6:e9:ba:e9:c0:e1:a4:03:88:6a:8a:
fe:6f:25:fc:0b:f7:92:2f:da:d1:39:11:19:a8:6c:
28:6e:ba:a4:8e:8a:e8:18:45:bc:c8:43:5c:48:64:
66:ba:3f:68:62:e7:ed:f9:f7:7e:3d:6d:96:70:0d:
57:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:F6:45:05:1E:A6:19:67:43:B0:F2:A0:01:A6:97:00:61:E8:A9:73
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/OfZFBR6mGWdDsPKgAaaXAGHoqXM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
31:24:e0:3e:04:32:66:67:7b:29:62:0b:f3:72:a7:e9:4b:00:
42:ac:3d:a3:5a:2b:6f:ed:c3:60:ff:11:15:48:61:fe:6b:9d:
31:b7:7f:82:90:6c:6f:17:11:2f:e2:04:84:0f:75:d7:d0:be:
09:2a:fb:1e:4d:56:55:d7:61:ab:6b:af:e1:88:b9:17:f4:ec:
47:4a:48:5e:55:75:17:86:52:1a:b5:ef:44:2c:39:be:2f:18:
d9:30:89:64:b1:64:83:84:42:f6:48:48:ee:01:19:ba:98:d3:
1e:f8:3a:c5:fe:5f:eb:78:df:c5:a7:7b:17:d9:a1:32:62:5b:
8f:f9:74:56:2e:e4:b7:0c:42:89:1d:fb:d5:75:49:ed:78:83:
f2:13:c3:00:c2:a4:1e:a3:37:b7:59:8e:9d:55:23:7b:f9:4f:
db:65:03:12:a4:af:63:f1:b3:ed:bf:92:9f:aa:a4:f4:62:60:
8f:1e:70:b9:fe:ca:af:69:31:1e:ce:97:2a:da:dc:d3:aa:77:
8c:89:0e:77:39:ad:c0:a3:18:c2:8d:1a:90:ba:0f:c5:ee:06:
f2:a1:94:e6:1e:dc:50:b8:6f:b3:d2:5b:f7:c7:a7:33:36:d8:
ab:e1:51:23:97:ba:8d:7c:07:fb:df:a7:91:b8:5b:7c:ac:92:
18:ca:ca:9a
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJWIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIw
NDA5MTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM5RjY0NTA1MUVBNjE5
Njc0M0IwRjJBMDAxQTY5NzAwNjFFOEE5NzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCobtyjLl89x8v0EDXuLWoDVmy3oeFh0YzCdPmbRMFt9vBh4npb
ghtKJW7N3HfUJ1o7Ca8xKL+SBgT9+J33pokWfHfV9J0gdYYah0Ylf9ijMOnH3JKd
nvqaAM/7aV3uZHgURctZl5V71UB4yJYZU1mqrRqtMFG447anf2sZ/J22O99Tm6qM
Amupt1A9cLeDpAEIok6CEI+am1ak5OFS+YT20/qOhIadLII9Nb5Fod5l+0spyGep
iOwQ+pX9IGZ43vkra09+cSHm6brpwOGkA4hqiv5vJfwL95Iv2tE5ERmobChuuqSO
iugYRbzIQ1xIZGa6P2hi5+359349bZZwDVcRAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUOfZFBR6mGWdDsPKgAaaXAGHoqXMwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvT2ZaRkJSNm1HV2RE
c1BLZ0FhYVhBR0hvcVhNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBADEk4D4EMmZneyliC/Nyp+lLAEKs
PaNaK2/tw2D/ERVIYf5rnTG3f4KQbG8XES/iBIQPddfQvgkq+x5NVlXXYatrr+GI
uRf07EdKSF5VdReGUhq170QsOb4vGNkwiWSxZIOEQvZISO4BGbqY0x74OsX+X+t4
38WnexfZoTJiW4/5dFYu5LcMQokd+9V1Se14g/ITwwDCpB6jN7dZjp1VI3v5T9tl
AxKkr2Pxs+2/kp+qpPRiYI8ecLn+yq9pMR7Olyra3NOqd4yJDnc5rcCjGMKNGpC6
D8XuBvKhlOYe3FC4b7PSW/fHpzM22KvhUSOXuo18B/vfp5G4W3yskhjKypo=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:53:15 2025 by rpki-client