Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/OqY8X7hEQn3pgYn84i_f3SFtoDQ.roa
File: OqY8X7hEQn3pgYn84i_f3SFtoDQ.roa (raw, json)
Hash identifier: +WHYc6V3HFPQcVguy9vw/1SQoW2Zr3YGn1CgEwbX8Ow=
Subject key identifier: 3A:A6:3C:5F:B8:44:42:7D:E9:81:89:FC:E2:2F:DF:DD:21:6D:A0:34
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2655
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/OqY8X7hEQn3pgYn84i_f3SFtoDQ.roa
Signing time: Fri 13 Jun 2025 20:39:18 +0000
ROA not before: Fri 13 Jun 2025 20:39:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9813 (0x2655)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 20:39:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3AA63C5FB844427DE98189FCE22FDFDD216DA034
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:9e:a0:b1:d5:5a:6d:3b:60:f7:1b:68:8a:e6:
86:48:c3:55:55:a1:e5:41:0c:35:2d:a9:3c:9b:19:
4d:9f:45:f5:60:ab:fb:fd:ae:51:9d:1c:8c:23:d6:
3a:59:7c:1a:63:f6:5a:03:7c:c2:af:e1:36:d7:01:
90:5e:22:5f:08:e7:00:39:78:cc:1f:f7:a1:e8:f9:
a8:54:dc:37:2c:ce:2f:89:fc:8c:79:e6:48:c1:94:
a4:db:51:5c:b2:42:19:94:d2:6e:94:a2:3c:cf:a5:
e3:47:fd:48:91:bd:08:72:78:db:6d:cd:23:f2:5a:
3a:7b:9c:6b:f2:e8:e4:f2:2a:6f:df:f8:ec:b2:60:
5f:90:10:63:b0:2a:e0:c1:8d:eb:e9:53:8d:8b:6c:
4c:35:e0:4f:d1:15:39:94:5a:71:1e:e3:4f:0f:bc:
00:26:61:8c:05:2c:45:17:b7:08:22:64:31:02:7c:
37:7a:80:b9:16:34:01:bb:de:fa:1b:93:93:ad:57:
06:d7:cb:d5:b6:07:56:03:bb:48:da:82:b6:49:ad:
bf:35:aa:61:05:3c:93:71:e3:24:79:f2:b3:7a:30:
ce:9e:5e:ff:6c:35:68:7b:ad:59:b8:0a:70:a8:0b:
30:7f:79:7a:07:c3:65:df:2b:8d:e2:c8:8d:f9:77:
7d:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:A6:3C:5F:B8:44:42:7D:E9:81:89:FC:E2:2F:DF:DD:21:6D:A0:34
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/OqY8X7hEQn3pgYn84i_f3SFtoDQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
4c:66:e9:99:f2:fd:9a:17:9e:c6:27:98:79:29:0b:2c:e1:47:
48:d3:7e:c5:1d:a3:61:fb:ff:c9:da:95:71:08:c0:b3:16:58:
e4:42:bd:22:e3:e8:15:f5:03:b1:27:d4:0d:93:34:db:9b:81:
52:76:72:5c:e0:05:35:93:f5:da:df:61:cb:c2:31:69:46:64:
80:07:5c:21:ec:af:f2:cf:4c:45:60:ab:5d:23:0e:1c:96:fc:
5f:6e:89:6a:2e:34:24:e1:d1:dc:99:9e:24:33:ba:20:9e:35:
b5:b7:54:e9:66:46:ef:1f:3e:5d:6d:5d:6c:5d:ea:99:b0:2d:
48:a2:51:92:e7:69:1e:a2:e3:0e:f3:c0:3c:1e:74:8e:3d:2e:
87:21:93:90:45:bd:50:c3:97:5d:1d:41:31:92:27:e7:6b:02:
e4:6d:7f:32:8b:9a:1b:ec:8f:f9:49:51:40:ed:21:48:cd:f4:
1f:6e:a3:db:1c:a7:ce:00:82:49:c3:d4:3e:ab:0b:f6:91:85:
c3:5f:a5:2a:b0:45:9c:38:90:98:ac:ec:87:56:5e:ab:1e:96:
ff:7b:c7:97:4c:11:29:24:9d:c8:0d:dc:fa:68:22:1a:db:a9:
fa:a5:e7:28:7d:d2:2c:ae:43:f0:5e:fe:dc:4c:0a:dd:f7:96:
6c:45:d1:c6
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJlUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMy
MDM5MThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNBQTYzQzVGQjg0NDQy
N0RFOTgxODlGQ0UyMkZERkREMjE2REEwMzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVnqCx1VptO2D3G2iK5oZIw1VVoeVBDDUtqTybGU2fRfVgq/v9
rlGdHIwj1jpZfBpj9loDfMKv4TbXAZBeIl8I5wA5eMwf96Ho+ahU3Dcszi+J/Ix5
5kjBlKTbUVyyQhmU0m6UojzPpeNH/UiRvQhyeNttzSPyWjp7nGvy6OTyKm/f+Oyy
YF+QEGOwKuDBjevpU42LbEw14E/RFTmUWnEe408PvAAmYYwFLEUXtwgiZDECfDd6
gLkWNAG73vobk5OtVwbXy9W2B1YDu0jagrZJrb81qmEFPJNx4yR58rN6MM6eXv9s
NWh7rVm4CnCoCzB/eXoHw2XfK43iyI35d32hAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUOqY8X7hEQn3pgYn84i/f3SFtoDQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvT3FZOFg3aEVRbjNw
Z1luODRpX2YzU0Z0b0RRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAExm6Zny/ZoXnsYnmHkpCyzhR0jT
fsUdo2H7/8nalXEIwLMWWORCvSLj6BX1A7En1A2TNNubgVJ2clzgBTWT9drfYcvC
MWlGZIAHXCHsr/LPTEVgq10jDhyW/F9uiWouNCTh0dyZniQzuiCeNbW3VOlmRu8f
Pl1tXWxd6pmwLUiiUZLnaR6i4w7zwDwedI49Lochk5BFvVDDl10dQTGSJ+drAuRt
fzKLmhvsj/lJUUDtIUjN9B9uo9scp84AgknD1D6rC/aRhcNfpSqwRZw4kJis7IdW
Xqselv97x5dMESkkncgN3PpoIhrbqfql5yh90iyuQ/Be/txMCt33lmxF0cY=
-----END CERTIFICATE-----
Generated at Sun Jun 22 16:46:13 2025 by rpki-client