Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/OzIJjzzGobl65ROE8VWsg-zPBg8.roa
File: OzIJjzzGobl65ROE8VWsg-zPBg8.roa (raw, json)
Hash identifier: 1RZu9HrOx7QhBReW3aTrTQQWCzldc++bWx/+2ND1r2g=
Subject key identifier: 3B:32:09:8F:3C:C6:A1:B9:7A:E5:13:84:F1:55:AC:83:EC:CF:06:0F
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2420
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/OzIJjzzGobl65ROE8VWsg-zPBg8.roa
Signing time: Mon 09 Jun 2025 22:39:02 +0000
ROA not before: Mon 09 Jun 2025 22:39:02 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9248 (0x2420)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 9 22:39:02 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3B32098F3CC6A1B97AE51384F155AC83ECCF060F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:d3:33:de:fa:d4:fb:df:98:f2:fe:51:99:5e:
9d:d6:28:d4:5e:16:4e:8b:f8:74:b5:2c:d6:d0:4c:
8a:36:d8:06:71:60:eb:98:58:8b:dd:1b:e2:4b:d5:
ec:81:a1:42:c9:93:f5:11:5c:4f:02:58:24:7b:fc:
fe:81:ea:7a:28:65:8b:46:16:6e:31:06:b2:fd:df:
df:65:b9:3a:a6:93:a4:76:60:b2:ad:e8:6d:b1:b5:
1b:37:2d:60:38:92:c0:96:be:29:fb:bc:90:92:d4:
b8:2b:a6:8c:d3:c2:c2:89:ac:ca:90:db:0b:03:7b:
76:c5:2f:58:54:3a:3d:f2:4c:0b:5b:e9:a7:fa:68:
d6:01:9c:b4:94:33:72:d4:17:ad:18:fe:6d:a9:87:
41:30:c5:4f:76:38:8d:24:14:03:cf:69:7f:f1:d2:
8f:64:b4:b6:34:22:be:53:a2:7a:b4:95:7c:fe:81:
6c:b7:14:68:0c:4a:80:fc:01:7c:cb:a7:a9:b7:af:
75:d5:a1:55:72:81:32:c3:82:54:84:13:06:fe:d5:
1e:7e:00:83:02:e8:56:bf:a1:73:f5:b3:98:62:32:
f0:57:98:60:87:5b:21:a2:2c:a9:fd:c2:d3:1a:a4:
93:cb:1c:4a:f6:48:c4:c9:d2:05:77:f3:83:82:58:
2a:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:32:09:8F:3C:C6:A1:B9:7A:E5:13:84:F1:55:AC:83:EC:CF:06:0F
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/OzIJjzzGobl65ROE8VWsg-zPBg8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
a3:c5:50:f8:99:ac:e6:90:d8:6d:16:07:36:43:42:e0:c4:bc:
28:46:7c:2d:bf:56:21:ac:40:11:a8:12:bd:35:14:52:d6:86:
ff:0e:d6:a9:49:86:34:18:03:ad:9f:54:a5:99:cc:76:6e:f0:
85:6e:2a:6b:11:06:18:52:28:6a:1d:89:67:10:04:3a:65:d4:
6e:3d:57:08:10:ed:e6:61:76:b5:57:db:7c:42:87:cf:f4:bf:
f2:04:a3:d8:a7:4d:37:80:4f:df:8d:f5:de:69:49:fe:bc:76:
50:a7:66:e1:ea:42:de:2c:f4:c1:47:54:e9:ad:bb:dc:6e:a0:
50:7c:b2:67:e0:53:af:9a:38:3b:65:47:34:b1:ec:86:ce:80:
ba:ea:71:24:1f:8d:1b:6c:a2:7b:ad:87:00:6f:ec:2d:f6:63:
61:16:26:c2:70:fa:12:0c:23:d8:14:b5:53:1d:87:38:3b:88:
9d:9b:0b:bd:bd:20:d9:f6:e5:92:6b:76:f3:29:49:01:b8:1d:
cf:b6:16:8d:d0:6d:7f:de:e9:ed:4a:10:1e:ca:4b:ca:e0:9f:
13:9a:6d:af:54:20:50:0e:72:80:42:84:b1:f4:04:eb:18:ac:
0b:67:88:b2:03:84:48:7f:2a:35:a2:2c:93:68:9a:be:41:de:
24:bf:55:69
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJCAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDky
MjM5MDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNCMzIwOThGM0NDNkEx
Qjk3QUU1MTM4NEYxNTVBQzgzRUNDRjA2MEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJ0zPe+tT735jy/lGZXp3WKNReFk6L+HS1LNbQTIo22AZxYOuY
WIvdG+JL1eyBoULJk/URXE8CWCR7/P6B6nooZYtGFm4xBrL9399luTqmk6R2YLKt
6G2xtRs3LWA4ksCWvin7vJCS1LgrpozTwsKJrMqQ2wsDe3bFL1hUOj3yTAtb6af6
aNYBnLSUM3LUF60Y/m2ph0EwxU92OI0kFAPPaX/x0o9ktLY0Ir5Tonq0lXz+gWy3
FGgMSoD8AXzLp6m3r3XVoVVygTLDglSEEwb+1R5+AIMC6Fa/oXP1s5hiMvBXmGCH
WyGiLKn9wtMapJPLHEr2SMTJ0gV384OCWCq1AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUOzIJjzzGobl65ROE8VWsg+zPBg8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvT3pJSmp6ekdvYmw2
NVJPRThWV3NnLXpQQmc4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAKPFUPiZrOaQ2G0WBzZDQuDEvChG
fC2/ViGsQBGoEr01FFLWhv8O1qlJhjQYA62fVKWZzHZu8IVuKmsRBhhSKGodiWcQ
BDpl1G49VwgQ7eZhdrVX23xCh8/0v/IEo9inTTeAT9+N9d5pSf68dlCnZuHqQt4s
9MFHVOmtu9xuoFB8smfgU6+aODtlRzSx7IbOgLrqcSQfjRtsonuthwBv7C32Y2EW
JsJw+hIMI9gUtVMdhzg7iJ2bC729INn25ZJrdvMpSQG4Hc+2Fo3QbX/e6e1KEB7K
S8rgnxOaba9UIFAOcoBChLH0BOsYrAtniLIDhEh/KjWiLJNomr5B3iS/VWk=
-----END CERTIFICATE-----
Generated at Sat Jun 21 13:39:29 2025 by rpki-client