Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/PAWgnt7s2Qx59c0FeNEZR2mxwy0.roa
File: PAWgnt7s2Qx59c0FeNEZR2mxwy0.roa (raw, json)
Hash identifier: v9EdQ2/1gEXSDIHPnUISKjXvz6EMu8DPLmG9O7B/eHk=
Subject key identifier: 3C:05:A0:9E:DE:EC:D9:0C:79:F5:CD:05:78:D1:19:47:69:B1:C3:2D
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2681
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/PAWgnt7s2Qx59c0FeNEZR2mxwy0.roa
Signing time: Sat 14 Jun 2025 04:09:18 +0000
ROA not before: Sat 14 Jun 2025 04:09:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9857 (0x2681)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 14 04:09:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3C05A09EDEECD90C79F5CD0578D1194769B1C32D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:0f:29:76:40:95:f4:3b:3b:bf:35:27:d1:94:
bb:a8:49:67:eb:30:ee:89:34:b6:d2:7f:1f:7d:85:
4e:a4:a8:74:62:42:6b:4a:a3:93:35:02:b6:c3:c7:
24:59:33:c1:e9:06:e0:7b:4c:ad:56:b4:29:e9:4b:
f4:e3:d3:4b:e0:e8:c4:e6:b0:5e:59:50:1b:fd:96:
91:9b:53:8d:3a:85:44:ab:d8:6c:16:99:9c:da:17:
3a:f7:76:31:83:ae:56:62:83:49:e3:2d:b1:72:50:
89:8b:67:e3:d3:d6:07:19:d2:97:ef:25:bc:6d:1c:
2a:2d:32:78:e1:c3:70:da:62:07:4d:dc:fb:2e:c1:
0c:37:ec:14:cd:50:34:b8:d8:f6:0a:cb:6c:4a:47:
63:32:84:88:80:7a:6c:0d:eb:11:87:fc:0a:20:1e:
6b:ea:0f:10:70:eb:a8:07:3e:a6:38:98:57:91:c9:
7c:39:c6:f8:51:15:8e:c6:72:35:1d:8f:81:56:39:
e3:7c:7b:ad:c7:97:c4:85:6f:d1:1e:94:9d:3a:0c:
6f:55:99:39:6d:2d:a4:f2:de:4f:41:63:46:49:b1:
2a:cb:9b:d2:a5:d7:db:cb:26:b1:9f:a8:f0:22:73:
8f:e8:47:c4:8c:2a:44:39:bb:0d:3b:ca:a4:93:ef:
c3:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:05:A0:9E:DE:EC:D9:0C:79:F5:CD:05:78:D1:19:47:69:B1:C3:2D
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/PAWgnt7s2Qx59c0FeNEZR2mxwy0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
1f:68:b6:30:66:f5:e2:aa:d0:6a:e6:e8:97:a3:63:89:b4:ea:
c5:7d:86:8b:16:05:58:44:4a:53:4b:a5:66:2c:57:63:26:0b:
dd:cc:4c:8e:93:fd:ce:dd:c0:8f:31:2b:85:1f:f8:cc:38:f6:
f3:0c:ff:be:47:03:eb:00:b9:34:96:60:f2:58:d8:1c:db:0d:
a6:85:54:e8:d6:60:62:a9:ce:50:3c:1d:da:d0:fe:6e:8e:fd:
1c:a9:28:c9:16:60:ee:64:e1:2e:94:f8:dd:dc:5e:cb:6c:71:
a2:3d:3e:6f:0a:9b:93:a7:20:61:42:f3:ab:7b:2c:18:9e:5d:
0e:2d:ed:25:c4:92:ec:8a:7d:fc:65:e8:b6:37:24:4a:55:3c:
a3:95:c1:d8:e6:68:f1:c8:21:8f:0b:b5:b8:45:9d:24:c6:ac:
cc:e4:bb:76:77:52:48:1d:4a:70:1f:6c:35:24:e1:6f:71:e2:
7f:1a:d5:11:0f:0d:35:d8:55:ce:d9:29:ce:02:26:15:3c:71:
bf:a0:6a:e3:45:03:5e:53:8d:89:9b:ee:97:7a:89:fc:11:1e:
7d:f9:63:8f:4c:1e:a2:be:47:6a:f9:fb:b3:aa:14:9c:e4:08:
bf:7a:88:60:74:ca:62:a5:e3:3a:da:49:64:0c:5f:dd:cc:5e:
72:cd:88:7a
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJoEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTQw
NDA5MThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNDMDVBMDlFREVFQ0Q5
MEM3OUY1Q0QwNTc4RDExOTQ3NjlCMUMzMkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDWDyl2QJX0Ozu/NSfRlLuoSWfrMO6JNLbSfx99hU6kqHRiQmtK
o5M1ArbDxyRZM8HpBuB7TK1WtCnpS/Tj00vg6MTmsF5ZUBv9lpGbU406hUSr2GwW
mZzaFzr3djGDrlZig0njLbFyUImLZ+PT1gcZ0pfvJbxtHCotMnjhw3DaYgdN3Psu
wQw37BTNUDS42PYKy2xKR2MyhIiAemwN6xGH/AogHmvqDxBw66gHPqY4mFeRyXw5
xvhRFY7GcjUdj4FWOeN8e63Hl8SFb9EelJ06DG9VmTltLaTy3k9BY0ZJsSrLm9Kl
19vLJrGfqPAic4/oR8SMKkQ5uw07yqST78P1AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUPAWgnt7s2Qx59c0FeNEZR2mxwy0wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvUEFXZ250N3MyUXg1
OWMwRmVORVpSMm14d3kwLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAB9otjBm9eKq0Grm6JejY4m06sV9
hosWBVhESlNLpWYsV2MmC93MTI6T/c7dwI8xK4Uf+Mw49vMM/75HA+sAuTSWYPJY
2BzbDaaFVOjWYGKpzlA8HdrQ/m6O/RypKMkWYO5k4S6U+N3cXstscaI9Pm8Km5On
IGFC86t7LBieXQ4t7SXEkuyKffxl6LY3JEpVPKOVwdjmaPHIIY8LtbhFnSTGrMzk
u3Z3UkgdSnAfbDUk4W9x4n8a1REPDTXYVc7ZKc4CJhU8cb+gauNFA15TjYmb7pd6
ifwRHn35Y49MHqK+R2r5+7OqFJzkCL96iGB0ymKl4zraSWQMX93MXnLNiHo=
-----END CERTIFICATE-----
Generated at Mon Jun 23 01:33:45 2025 by rpki-client