Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Oiwm-7H4rXciTcLM4N3PFNnjQFY.roa
File: Oiwm-7H4rXciTcLM4N3PFNnjQFY.roa (raw, json)
Hash identifier: EhHlkr59eIy9RJYdxu0aZk2TISEF3txfERtdiz0xUoY=
Subject key identifier: 3A:2C:26:FB:B1:F8:AD:77:22:4D:C2:CC:E0:DD:CF:14:D9:E3:40:56
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 21B7
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Oiwm-7H4rXciTcLM4N3PFNnjQFY.roa
Signing time: Thu 05 Jun 2025 15:38:49 +0000
ROA not before: Thu 05 Jun 2025 15:38:49 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8631 (0x21b7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 15:38:49 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3A2C26FBB1F8AD77224DC2CCE0DDCF14D9E34056
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:e8:dc:ee:00:42:5c:46:61:82:db:60:34:d4:
f3:b3:d6:68:a2:ff:a5:1c:7c:d7:df:28:50:8e:df:
32:fd:f8:f2:f4:ba:3f:a1:53:c6:71:57:dd:01:a5:
76:dd:7e:05:c3:4b:a7:6d:8b:ff:41:6b:d4:93:3d:
8b:f7:ca:fe:a8:83:98:c4:1a:87:ef:7a:b7:74:8b:
de:b1:b3:25:69:10:c4:8f:56:41:8f:2c:92:f1:81:
31:67:ac:09:0d:09:69:5b:2c:66:b1:fb:b1:f3:13:
b9:ed:5c:16:5f:21:26:c6:b0:96:ad:29:6b:b6:13:
9f:49:5a:b2:ee:32:fc:58:9e:03:bc:1b:34:b8:2f:
8d:ea:d8:71:8c:c7:ba:90:35:85:da:93:46:d0:ca:
e8:78:74:19:44:00:f1:ef:01:df:f9:3f:26:a6:56:
ce:27:b1:62:c0:6d:4f:8a:06:30:12:c3:0c:08:c3:
84:35:f9:2c:f6:5c:15:3e:2a:da:bc:d2:02:59:bf:
bc:f9:58:40:ed:60:1a:77:e4:c1:62:82:b2:54:30:
94:68:f1:33:07:a7:13:98:eb:d1:9b:ea:f4:5c:4d:
a9:bc:46:fd:8d:5e:13:fc:10:e8:ca:b1:78:a9:88:
0f:37:1f:4a:42:cc:12:6b:aa:bc:79:8e:55:2b:9f:
e0:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:2C:26:FB:B1:F8:AD:77:22:4D:C2:CC:E0:DD:CF:14:D9:E3:40:56
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Oiwm-7H4rXciTcLM4N3PFNnjQFY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
5d:58:d4:10:f7:85:87:04:61:14:7a:28:9c:ef:04:03:57:69:
55:ae:c3:3e:bc:43:41:1c:81:d4:e8:8e:64:21:57:f6:53:67:
29:93:27:d8:fe:48:98:20:48:81:ce:2d:32:8f:17:ce:53:1d:
ba:f0:b3:18:6a:b9:ff:a6:bd:b1:ed:29:a0:8d:cb:9b:df:9a:
5f:06:6d:c1:f7:e6:5a:75:7b:95:87:62:f9:7a:ef:a6:90:f9:
66:23:2a:f2:da:31:a2:b5:c2:d5:a6:7f:ae:a2:5d:a0:ec:2f:
f0:d3:27:4a:04:16:88:b5:ed:dd:15:00:10:78:51:66:dc:2a:
83:7e:48:c9:e3:5a:f8:2e:0f:1f:da:26:f6:72:18:60:d2:94:
92:1c:1f:30:2d:a6:3d:36:71:a4:9f:81:d9:c5:29:56:3c:af:
b4:ef:c8:65:20:70:88:1f:d0:5a:69:e8:83:e2:a7:54:fa:e8:
4f:c3:0b:d5:df:7c:11:b1:20:d3:d2:6c:e3:a9:eb:f7:76:ff:
ee:3b:56:38:60:56:4e:66:13:13:4b:07:cd:30:2b:93:4c:47:
ce:2c:05:e4:85:20:74:00:77:e1:d7:e5:3c:3a:4b:7f:51:84:
84:fb:f1:88:e5:53:9a:dc:39:8f:4e:6c:7a:f6:b9:65:65:02:
4e:2d:ee:6c
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIbcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUx
NTM4NDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNBMkMyNkZCQjFGOEFE
NzcyMjREQzJDQ0UwRERDRjE0RDlFMzQwNTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC46NzuAEJcRmGC22A01POz1mii/6UcfNffKFCO3zL9+PL0uj+h
U8ZxV90BpXbdfgXDS6dti/9Ba9STPYv3yv6og5jEGofverd0i96xsyVpEMSPVkGP
LJLxgTFnrAkNCWlbLGax+7HzE7ntXBZfISbGsJatKWu2E59JWrLuMvxYngO8GzS4
L43q2HGMx7qQNYXak0bQyuh4dBlEAPHvAd/5PyamVs4nsWLAbU+KBjASwwwIw4Q1
+Sz2XBU+Ktq80gJZv7z5WEDtYBp35MFigrJUMJRo8TMHpxOY69Gb6vRcTam8Rv2N
XhP8EOjKsXipiA83H0pCzBJrqrx5jlUrn+AdAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUOiwm+7H4rXciTcLM4N3PFNnjQFYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvT2l3bS03SDRyWGNp
VGNMTTROM1BGTm5qUUZZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAF1Y1BD3hYcEYRR6KJzvBANXaVWu
wz68Q0EcgdTojmQhV/ZTZymTJ9j+SJggSIHOLTKPF85THbrwsxhquf+mvbHtKaCN
y5vfml8GbcH35lp1e5WHYvl676aQ+WYjKvLaMaK1wtWmf66iXaDsL/DTJ0oEFoi1
7d0VABB4UWbcKoN+SMnjWvguDx/aJvZyGGDSlJIcHzAtpj02caSfgdnFKVY8r7Tv
yGUgcIgf0Fpp6IPip1T66E/DC9XffBGxINPSbOOp6/d2/+47VjhgVk5mExNLB80w
K5NMR84sBeSFIHQAd+HX5Tw6S39RhIT78YjlU5rcOY9ObHr2uWVlAk4t7mw=
-----END CERTIFICATE-----
Generated at Sun Jun 22 00:03:32 2025 by rpki-client