Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/PBHV2QU48Z2YoRBrFG7q1FqlYnU.roa
File: PBHV2QU48Z2YoRBrFG7q1FqlYnU.roa (raw, json)
Hash identifier: qQPOMTfeE0gw3KbZgGYXZ4KOknvPnX6p0M5BtSw3Qio=
Subject key identifier: 3C:11:D5:D9:05:38:F1:9D:98:A1:10:6B:14:6E:EA:D4:5A:A5:62:75
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1EC9
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/PBHV2QU48Z2YoRBrFG7q1FqlYnU.roa
Signing time: Sat 31 May 2025 10:38:28 +0000
ROA not before: Sat 31 May 2025 10:38:28 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7881 (0x1ec9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 31 10:38:28 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3C11D5D90538F19D98A1106B146EEAD45AA56275
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:f5:67:59:3e:54:c8:c9:89:7c:b2:b3:01:c8:
34:f1:65:b0:82:25:be:42:bf:de:c0:2d:73:15:c3:
b0:be:d3:88:f5:b1:27:5b:80:30:9b:56:a7:f3:bc:
7d:7d:38:33:04:e4:08:be:99:e8:cf:b1:6b:21:21:
ca:7e:2b:26:03:43:c9:2b:83:72:a4:7d:2d:7b:6c:
8a:15:89:74:d1:f2:50:99:f3:90:4f:b2:73:84:3e:
06:81:cb:ca:92:e5:76:bd:32:36:b7:e1:5f:1a:09:
28:88:57:3f:b0:6c:9a:f2:35:b3:b6:e6:59:5e:9d:
bd:a2:4d:28:91:dd:1b:69:5b:bc:fe:28:65:40:9e:
e6:a3:41:ae:52:0e:24:1a:d2:b0:af:eb:b2:82:c2:
5a:7b:36:61:a2:09:cc:34:bc:96:2e:c2:2a:1e:44:
5e:52:64:f2:82:85:ab:b2:61:8b:15:03:7b:d1:30:
44:a4:7b:d4:f9:d6:2c:03:f8:4f:a6:8f:66:e5:8e:
e6:b0:41:a4:ae:62:f7:6b:24:e9:c4:0a:3b:bc:cc:
8a:9a:b1:03:68:4c:fd:c6:c1:ca:80:9c:28:71:1c:
9c:d8:93:53:ab:e3:a7:39:0a:16:da:72:cd:f6:8b:
94:a9:7d:1a:05:cf:a0:a1:35:b5:39:57:1f:c6:fb:
e8:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:11:D5:D9:05:38:F1:9D:98:A1:10:6B:14:6E:EA:D4:5A:A5:62:75
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/PBHV2QU48Z2YoRBrFG7q1FqlYnU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
60:3c:2a:73:bb:be:2a:1e:24:3c:52:f2:b8:3f:45:85:8a:60:
05:d9:d3:f6:16:4f:28:04:ce:80:e3:c1:e6:36:0e:0b:37:8f:
cf:e7:25:f1:6b:e0:8e:fe:37:ca:ec:f8:ad:ef:96:b5:74:16:
50:f7:8c:8d:7a:cc:b3:1b:5d:7f:87:52:00:41:8f:5b:88:b8:
1d:1d:a4:91:bc:c9:35:fe:4e:d3:3a:49:c4:b9:02:99:bb:11:
79:94:1b:0d:a9:7f:2d:24:4b:44:ed:4e:fa:44:9e:ff:16:97:
5e:df:c6:c3:1c:2e:c9:b4:08:6a:b9:cc:4d:b3:86:a0:4f:37:
31:1d:58:b3:d7:96:25:44:7e:3a:16:c8:d3:c7:0e:d8:aa:8e:
7f:11:73:af:c1:ab:80:82:55:63:2b:7a:d0:41:1e:d3:8e:72:
ab:ce:b9:de:bd:e3:fd:78:cc:49:79:39:9a:e2:3b:e8:eb:4b:
b3:86:90:8e:cc:60:4e:6c:cc:45:b3:0a:54:fb:1e:3b:e8:4f:
69:67:f8:4b:29:19:b8:51:f4:55:36:0d:2c:69:9e:79:f2:3f:
9a:50:99:ac:df:ec:be:1a:d0:cd:14:a3:c1:11:c0:fc:eb:66:
b2:e6:ed:ab:12:51:79:2f:b9:ca:6e:19:68:ad:7e:aa:71:a2:
a7:6d:ce:e4
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHskwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MzEx
MDM4MjhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNDMTFENUQ5MDUzOEYx
OUQ5OEExMTA2QjE0NkVFQUQ0NUFBNTYyNzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDk9WdZPlTIyYl8srMByDTxZbCCJb5Cv97ALXMVw7C+04j1sSdb
gDCbVqfzvH19ODME5Ai+mejPsWshIcp+KyYDQ8krg3KkfS17bIoViXTR8lCZ85BP
snOEPgaBy8qS5Xa9Mja34V8aCSiIVz+wbJryNbO25llenb2iTSiR3RtpW7z+KGVA
nuajQa5SDiQa0rCv67KCwlp7NmGiCcw0vJYuwioeRF5SZPKChauyYYsVA3vRMESk
e9T51iwD+E+mj2bljuawQaSuYvdrJOnECju8zIqasQNoTP3GwcqAnChxHJzYk1Or
46c5Chbacs32i5SpfRoFz6ChNbU5Vx/G++jFAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUPBHV2QU48Z2YoRBrFG7q1FqlYnUwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvUEJIVjJRVTQ4WjJZ
b1JCckZHN3ExRnFsWW5VLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGA8KnO7vioeJDxS8rg/RYWKYAXZ
0/YWTygEzoDjweY2Dgs3j8/nJfFr4I7+N8rs+K3vlrV0FlD3jI16zLMbXX+HUgBB
j1uIuB0dpJG8yTX+TtM6ScS5Apm7EXmUGw2pfy0kS0TtTvpEnv8Wl17fxsMcLsm0
CGq5zE2zhqBPNzEdWLPXliVEfjoWyNPHDtiqjn8Rc6/Bq4CCVWMretBBHtOOcqvO
ud694/14zEl5OZriO+jrS7OGkI7MYE5szEWzClT7HjvoT2ln+EspGbhR9FU2DSxp
nnnyP5pQmazf7L4a0M0Uo8ERwPzrZrLm7asSUXkvucpuGWitfqpxoqdtzuQ=
-----END CERTIFICATE-----
Generated at Sat Jun 21 01:49:37 2025 by rpki-client