Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Or3HbhC-zCarVGoNdVc5xLA2Krg.roa
File: Or3HbhC-zCarVGoNdVc5xLA2Krg.roa (raw, json)
Hash identifier: VtAH/RIwMaJUCkPW8V88gnNU/pL9lZCmvUY/TXnmY18=
Subject key identifier: 3A:BD:C7:6E:10:BE:CC:26:AB:54:6A:0D:75:57:39:C4:B0:36:2A:B8
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 23CD
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Or3HbhC-zCarVGoNdVc5xLA2Krg.roa
Signing time: Mon 09 Jun 2025 08:38:59 +0000
ROA not before: Mon 09 Jun 2025 08:38:59 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9165 (0x23cd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 9 08:38:59 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3ABDC76E10BECC26AB546A0D755739C4B0362AB8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:da:ff:8b:16:55:08:f7:01:d1:00:9b:75:e6:
ff:70:45:c1:da:fc:11:13:bd:4a:49:28:f1:d7:a5:
e8:0e:11:4a:55:65:67:41:2b:c3:08:1e:ca:7d:40:
f1:84:f1:9b:9f:d9:b2:71:10:27:9b:af:1f:cb:b3:
03:1d:21:cf:40:95:01:b0:48:29:b2:f0:de:1c:be:
3e:a5:88:1c:6a:e1:20:4e:45:af:16:50:11:fb:aa:
c1:ef:b9:4c:66:6b:95:2c:92:b9:6c:4d:2b:ff:cb:
6f:f7:54:30:ad:80:09:31:c1:65:59:8f:4d:fa:c9:
45:76:41:f2:21:83:c9:38:53:bf:c9:2a:46:47:6e:
46:6f:10:14:a0:d8:c5:77:86:e7:6f:7a:bb:a3:1a:
12:b5:a1:09:8d:97:d2:9b:d8:60:36:c9:0b:2c:25:
e6:18:92:2b:7b:1f:6f:2e:ba:43:fa:2c:ff:f5:1e:
06:30:32:7b:39:9e:5b:6d:ef:7e:13:1a:43:81:ae:
07:08:f1:40:78:d0:80:78:2e:5b:7c:0a:b8:a0:d5:
93:e0:e0:d0:63:8c:bc:22:6c:eb:c2:d6:39:5c:5a:
5c:ef:55:f6:ad:fa:65:71:55:33:29:39:d8:0d:89:
93:0a:3e:af:b6:9c:ad:f1:ea:88:9f:1a:f2:e3:b9:
17:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:BD:C7:6E:10:BE:CC:26:AB:54:6A:0D:75:57:39:C4:B0:36:2A:B8
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Or3HbhC-zCarVGoNdVc5xLA2Krg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
80:5b:51:52:8c:d5:c8:c8:14:e6:65:b5:78:15:0f:51:b0:c2:
1d:af:bd:44:43:84:12:f7:b5:6b:84:13:50:ac:7a:40:dc:25:
28:5f:31:19:ca:7c:7e:1b:28:78:1a:32:19:56:2f:ab:59:ef:
72:8c:19:a4:31:14:37:34:a6:0c:14:5f:7e:eb:69:33:e6:63:
38:28:75:32:04:1b:ae:7e:e0:8f:5a:39:69:a0:8a:3a:98:f5:
23:90:c9:cd:dd:ec:00:8e:31:f3:3f:d8:02:72:12:2b:26:75:
11:69:ce:e0:ff:8f:15:06:74:5a:da:bb:67:7f:31:92:17:e9:
f6:95:c1:78:74:85:29:90:83:c5:be:86:09:d3:bd:a9:b5:56:
cc:06:45:fb:73:59:a9:bf:ca:fd:89:d7:be:d7:6a:6c:4f:23:
71:62:32:8f:cf:31:e3:4d:10:24:ed:d2:5d:f3:7c:63:9e:69:
38:6f:f9:c7:44:5d:89:8c:0c:38:00:56:eb:05:4b:f3:bc:ef:
0b:a0:40:5c:22:57:db:b3:dd:8c:91:dd:0b:7f:22:c7:ce:f7:
f6:18:7a:7f:61:ab:69:07:7a:38:c0:78:38:dc:94:fc:16:38:
07:41:5d:28:5e:a6:ff:87:5e:73:f2:d5:75:b7:c0:ce:a0:a4:
85:4e:df:35
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICI80wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDkw
ODM4NTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNBQkRDNzZFMTBCRUND
MjZBQjU0NkEwRDc1NTczOUM0QjAzNjJBQjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDp2v+LFlUI9wHRAJt15v9wRcHa/BETvUpJKPHXpegOEUpVZWdB
K8MIHsp9QPGE8Zuf2bJxECebrx/LswMdIc9AlQGwSCmy8N4cvj6liBxq4SBORa8W
UBH7qsHvuUxma5UskrlsTSv/y2/3VDCtgAkxwWVZj036yUV2QfIhg8k4U7/JKkZH
bkZvEBSg2MV3hudverujGhK1oQmNl9Kb2GA2yQssJeYYkit7H28uukP6LP/1HgYw
Mns5nltt734TGkOBrgcI8UB40IB4Llt8Crig1ZPg4NBjjLwibOvC1jlcWlzvVfat
+mVxVTMpOdgNiZMKPq+2nK3x6oifGvLjuReZAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUOr3HbhC+zCarVGoNdVc5xLA2KrgwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvT3IzSGJoQy16Q2Fy
VkdvTmRWYzV4TEEyS3JnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAIBbUVKM1cjIFOZltXgVD1Gwwh2v
vURDhBL3tWuEE1CsekDcJShfMRnKfH4bKHgaMhlWL6tZ73KMGaQxFDc0pgwUX37r
aTPmYzgodTIEG65+4I9aOWmgijqY9SOQyc3d7ACOMfM/2AJyEismdRFpzuD/jxUG
dFrau2d/MZIX6faVwXh0hSmQg8W+hgnTvam1VswGRftzWam/yv2J177XamxPI3Fi
Mo/PMeNNECTt0l3zfGOeaThv+cdEXYmMDDgAVusFS/O87wugQFwiV9uz3YyR3Qt/
IsfO9/YYen9hq2kHejjAeDjclPwWOAdBXShepv+HXnPy1XW3wM6gpIVO3zU=
-----END CERTIFICATE-----
Generated at Sat Jun 21 22:30:16 2025 by rpki-client