Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/PF3Y8csjlpuVJAQX1xgLogjPghg.roa
File: PF3Y8csjlpuVJAQX1xgLogjPghg.roa (raw, json)
Hash identifier: WrFoMMKbHF/uqhem53M77pR+gfE/CcVBsCkRqr33hNM=
Subject key identifier: 3C:5D:D8:F1:CB:23:96:9B:95:24:04:17:D7:18:0B:A2:08:CF:82:18
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 46C5
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/PF3Y8csjlpuVJAQX1xgLogjPghg.roa
Signing time: Mon 11 Aug 2025 00:31:15 +0000
ROA not before: Mon 11 Aug 2025 00:31:15 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18117 (0x46c5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Aug 11 00:31:15 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=3C5DD8F1CB23969B95240417D7180BA208CF8218
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:69:7d:aa:6e:73:31:66:9d:53:12:80:22:2c:
85:f3:8e:6f:b4:d9:17:44:ba:42:b6:f4:1c:d6:a0:
a8:b8:9f:54:7d:49:02:c6:c8:60:b2:8e:f5:e0:4c:
bb:dd:34:96:36:50:81:53:17:83:6f:b0:fd:26:98:
c0:c6:c4:44:c7:e4:13:cb:8e:33:ed:52:4c:e1:47:
52:a8:de:72:72:60:5f:4b:c8:7c:9c:be:f0:65:a5:
e5:0d:76:72:90:29:c1:f9:57:25:6b:89:88:88:5c:
db:ee:ab:f2:07:e1:b8:24:7b:43:a3:30:7d:0f:9f:
2d:f8:ce:c8:01:83:e1:5e:b2:a0:ec:fb:64:4c:da:
5a:74:47:4a:d3:45:63:19:86:86:bd:1b:92:e1:3d:
cd:5d:23:14:a7:a7:69:b7:56:d1:71:43:cf:f2:4d:
f6:f9:e7:b8:8a:b1:90:1b:51:83:55:2f:34:d7:a7:
0c:e3:fa:8b:cb:08:23:cc:65:0d:1c:40:fc:b0:c1:
2b:6d:87:21:c2:1b:92:d4:c0:22:a1:19:f0:18:78:
dd:57:a1:47:b8:c5:41:d7:06:1a:9f:00:0c:e6:b3:
9b:5b:66:50:fc:bf:65:35:98:c3:50:d4:e4:ec:b3:
08:32:95:1c:9e:06:08:e6:91:19:90:bc:63:64:17:
2c:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:5D:D8:F1:CB:23:96:9B:95:24:04:17:D7:18:0B:A2:08:CF:82:18
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/PF3Y8csjlpuVJAQX1xgLogjPghg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
3d:49:ec:97:d3:ae:71:49:00:9a:2f:b4:de:66:c5:32:4e:f5:
fb:5a:6f:3b:38:93:cc:e1:6b:68:ec:89:4a:8a:3f:6d:0b:d7:
ed:d4:e2:c5:44:ac:98:aa:77:33:14:39:9d:92:c7:50:61:c8:
2b:79:9b:d6:ce:7b:21:1f:f5:e3:bd:87:4e:63:80:45:e2:89:
c8:18:9b:22:9b:41:9c:d9:7f:7b:4f:fa:88:a2:3b:1c:54:35:
b0:01:67:43:00:18:0b:56:cd:58:ee:63:01:ef:eb:5e:4a:43:
47:55:1b:f9:fb:9c:d9:c7:6f:a4:5f:35:86:73:bc:9d:fd:43:
0f:2e:8e:4a:ad:5c:8e:53:ea:96:cc:07:32:1d:7e:0a:ca:09:
ed:77:03:c9:e8:ff:b1:cc:62:33:ff:26:05:2b:a7:c7:3f:92:
ac:87:ff:62:f3:9a:0c:9e:3d:c8:c5:dd:88:78:24:3e:ee:76:
6d:14:a4:bd:8b:21:44:6c:c6:27:ef:13:88:e8:61:65:26:87:
ca:6f:53:0b:da:c2:71:12:da:bc:98:94:8d:72:cc:c2:b1:11:
41:aa:fa:af:ca:09:73:40:ae:84:84:b4:96:e2:56:89:b8:21:
03:a1:3f:aa:a3:ea:f6:4d:cb:88:20:d4:80:83:61:ab:ff:9c:
d5:41:c1:84
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICRsUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA4MTEw
MDMxMTVaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDNDNUREOEYxQ0IyMzk2
OUI5NTI0MDQxN0Q3MTgwQkEyMDhDRjgyMTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7aX2qbnMxZp1TEoAiLIXzjm+02RdEukK29BzWoKi4n1R9SQLG
yGCyjvXgTLvdNJY2UIFTF4NvsP0mmMDGxETH5BPLjjPtUkzhR1Ko3nJyYF9LyHyc
vvBlpeUNdnKQKcH5VyVriYiIXNvuq/IH4bgke0OjMH0Pny34zsgBg+FesqDs+2RM
2lp0R0rTRWMZhoa9G5LhPc1dIxSnp2m3VtFxQ8/yTfb557iKsZAbUYNVLzTXpwzj
+ovLCCPMZQ0cQPywwStthyHCG5LUwCKhGfAYeN1XoUe4xUHXBhqfAAzms5tbZlD8
v2U1mMNQ1OTsswgylRyeBgjmkRmQvGNkFyx5AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUPF3Y8csjlpuVJAQX1xgLogjPghgwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvUEYzWThjc2pscHVW
SkFRWDF4Z0xvZ2pQZ2hnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAD1J7JfTrnFJAJovtN5mxTJO9fta
bzs4k8zha2jsiUqKP20L1+3U4sVErJiqdzMUOZ2Sx1BhyCt5m9bOeyEf9eO9h05j
gEXiicgYmyKbQZzZf3tP+oiiOxxUNbABZ0MAGAtWzVjuYwHv615KQ0dVG/n7nNnH
b6RfNYZzvJ39Qw8ujkqtXI5T6pbMBzIdfgrKCe13A8no/7HMYjP/JgUrp8c/kqyH
/2LzmgyePcjF3Yh4JD7udm0UpL2LIURsxifvE4joYWUmh8pvUwvawnES2ryYlI1y
zMKxEUGq+q/KCXNAroSEtJbiVom4IQOhP6qj6vZNy4gg1ICDYav/nNVBwYQ=
-----END CERTIFICATE-----
Generated at Mon Aug 11 04:32:05 2025 by rpki-client