Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Oj3e8D4xdMsxyDKDzTthXiIkBRg.roa
File: Oj3e8D4xdMsxyDKDzTthXiIkBRg.roa (raw, json)
Hash identifier: yLNlvQlZlHCMST1vPCaNo6YlAEIOG033CiZnwJjpuew=
Subject key identifier: 3A:3D:DE:F0:3E:31:74:CB:31:C8:32:83:CD:3B:61:5E:22:24:05:18
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2268
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Oj3e8D4xdMsxyDKDzTthXiIkBRg.roa
Signing time: Fri 06 Jun 2025 21:08:50 +0000
ROA not before: Fri 06 Jun 2025 21:08:50 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8808 (0x2268)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 6 21:08:50 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3A3DDEF03E3174CB31C83283CD3B615E22240518
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:34:d1:88:1c:9e:d1:59:f4:3c:8b:ea:21:23:
01:e4:16:4e:c7:fe:a1:f4:5c:20:f1:6e:54:2e:2c:
3c:5d:1e:15:d9:e8:ec:28:a6:77:4f:74:1f:05:dd:
ff:8e:e8:95:a4:11:e6:eb:8d:ea:94:ea:e0:a8:e6:
9a:48:98:af:1a:0b:90:01:36:be:1c:74:33:28:71:
b9:e0:50:b4:30:a0:c3:fe:4a:56:fe:5a:fc:37:9e:
18:8f:db:8a:6b:62:54:95:b7:65:ce:30:3d:2a:89:
79:af:06:ac:b8:b9:7f:39:71:54:ed:22:b6:3c:d3:
51:78:21:2b:a6:5c:a6:dc:3e:d8:b3:5f:41:9e:b8:
18:cc:6a:bc:ce:d2:32:4a:a6:fb:3f:d5:a5:71:1f:
aa:b9:ca:5c:ad:af:e7:58:23:8e:ed:20:56:90:c6:
10:bb:ff:81:df:b8:b2:08:41:50:5b:e5:99:ab:cd:
d5:87:19:05:43:05:5f:12:ee:f5:fa:2a:fd:e1:51:
0e:ed:da:b4:6e:0a:33:9b:5d:cd:f2:86:72:ca:ca:
43:c9:38:f8:64:8b:cf:2e:fd:76:80:c4:13:63:ac:
0d:92:04:c5:55:44:92:4e:6e:74:5c:91:36:48:d9:
cf:44:d8:a4:3b:21:09:20:32:38:f1:15:4d:50:64:
59:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:3D:DE:F0:3E:31:74:CB:31:C8:32:83:CD:3B:61:5E:22:24:05:18
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Oj3e8D4xdMsxyDKDzTthXiIkBRg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
bc:91:3a:8b:21:89:0e:1d:d8:ef:48:f1:92:99:5e:c5:e4:17:
1b:4b:fc:8b:59:99:b1:e3:41:ca:31:7b:18:86:1b:94:af:66:
84:ba:88:02:43:e9:a6:19:a3:23:c8:8e:69:df:ac:06:7e:d0:
96:86:9e:76:e7:d2:bf:54:9e:3e:07:02:de:ea:62:d9:fe:e9:
e4:cf:e1:8f:87:7d:5e:44:4b:ed:38:07:23:94:77:aa:7b:ed:
92:86:77:4f:2c:20:05:d7:67:c5:9c:a5:aa:e6:18:94:44:69:
2c:42:7c:66:2f:e0:c5:1b:7d:91:75:08:ed:c1:00:2e:18:1b:
84:9b:f1:9a:a3:b2:de:5d:bb:f1:01:34:a1:a3:ac:51:2a:01:
a4:16:3a:cf:a3:d7:10:e3:56:f9:e6:24:53:23:7d:3f:da:28:
d7:61:03:84:21:b0:bb:25:e0:16:f3:f7:71:0b:37:95:e8:d6:
ac:21:63:e2:03:d7:35:86:84:02:76:e7:2f:eb:ef:9e:a9:dc:
db:98:f9:cc:a0:27:63:68:5b:bd:98:78:6e:11:3c:e7:6e:9e:
80:ba:d4:74:cf:ad:37:f4:32:f5:f1:4c:3b:90:e9:b8:1c:06:
b2:15:b2:04:9a:e1:8c:dd:3e:98:3c:fa:45:93:2b:8d:6a:75:
cb:20:c4:be
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICImgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDYy
MTA4NTBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNBM0RERUYwM0UzMTc0
Q0IzMUM4MzI4M0NEM0I2MTVFMjIyNDA1MTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDiNNGIHJ7RWfQ8i+ohIwHkFk7H/qH0XCDxblQuLDxdHhXZ6Owo
pndPdB8F3f+O6JWkEebrjeqU6uCo5ppImK8aC5ABNr4cdDMocbngULQwoMP+Slb+
Wvw3nhiP24prYlSVt2XOMD0qiXmvBqy4uX85cVTtIrY801F4ISumXKbcPtizX0Ge
uBjMarzO0jJKpvs/1aVxH6q5ylytr+dYI47tIFaQxhC7/4HfuLIIQVBb5ZmrzdWH
GQVDBV8S7vX6Kv3hUQ7t2rRuCjObXc3yhnLKykPJOPhki88u/XaAxBNjrA2SBMVV
RJJObnRckTZI2c9E2KQ7IQkgMjjxFU1QZFnpAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUOj3e8D4xdMsxyDKDzTthXiIkBRgwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvT2ozZThENHhkTXN4
eURLRHpUdGhYaUlrQlJnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALyROoshiQ4d2O9I8ZKZXsXkFxtL
/ItZmbHjQcoxexiGG5SvZoS6iAJD6aYZoyPIjmnfrAZ+0JaGnnbn0r9Unj4HAt7q
Ytn+6eTP4Y+HfV5ES+04ByOUd6p77ZKGd08sIAXXZ8WcparmGJREaSxCfGYv4MUb
fZF1CO3BAC4YG4Sb8Zqjst5du/EBNKGjrFEqAaQWOs+j1xDjVvnmJFMjfT/aKNdh
A4QhsLsl4Bbz93ELN5Xo1qwhY+ID1zWGhAJ25y/r756p3NuY+cygJ2NoW72YeG4R
POdunoC61HTPrTf0MvXxTDuQ6bgcBrIVsgSa4YzdPpg8+kWTK41qdcsgxL4=
-----END CERTIFICATE-----
Generated at Fri Jun 20 23:59:29 2025 by rpki-client