Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/PF6FRz2U0rsmR_RGZF_1vtN6KmU.roa
File: PF6FRz2U0rsmR_RGZF_1vtN6KmU.roa (raw, json)
Hash identifier: o8DBd+sdvu3agCnD4riFFCR7fVVlk/2JCRcv8FLTP6o=
Subject key identifier: 3C:5E:85:47:3D:94:D2:BB:26:47:F4:46:64:5F:F5:BE:D3:7A:2A:65
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2168
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/PF6FRz2U0rsmR_RGZF_1vtN6KmU.roa
Signing time: Thu 05 Jun 2025 02:38:44 +0000
ROA not before: Thu 05 Jun 2025 02:38:44 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8552 (0x2168)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 02:38:44 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3C5E85473D94D2BB2647F446645FF5BED37A2A65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:e5:e1:6a:44:66:a7:d7:d8:9f:7a:a8:99:f7:
b2:80:c6:94:ba:ae:f0:48:d3:11:5c:f6:e1:78:86:
8f:bc:3f:5f:bd:82:10:55:07:33:20:1a:9e:8b:16:
f1:6a:90:75:3e:ff:ea:c8:ff:d1:ce:97:c7:fd:31:
3b:d2:44:d4:b3:52:a9:10:ed:50:27:2b:3e:c4:4b:
13:ff:ac:46:1c:29:af:20:3e:d5:69:2f:e3:52:cc:
12:f1:bf:8f:b3:f7:ac:2e:1e:b3:ef:fe:16:45:8b:
fe:a8:ca:71:62:28:e8:85:dc:6b:5f:6b:e5:9e:15:
b6:e7:63:a7:7b:10:ad:ca:8e:15:1a:90:b0:ed:f7:
e3:a0:b1:fe:2e:af:c8:11:72:e8:98:58:90:7a:f3:
e7:da:ea:7a:8a:69:a1:c1:ee:c3:ec:e8:49:bc:2e:
9d:c9:4c:9b:43:13:3e:e4:8a:55:67:b7:16:46:78:
19:eb:36:80:76:36:99:46:23:aa:79:a3:3a:70:dc:
37:5f:63:7a:05:44:fd:ca:0f:65:ed:01:a1:21:bf:
78:28:32:f8:0d:09:50:8f:aa:b4:9f:e8:58:e9:48:
5b:40:da:b7:3f:49:b1:3f:60:c1:db:69:3b:1a:09:
54:0f:07:64:51:42:fa:bd:0e:f2:4f:c8:17:20:f4:
4d:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:5E:85:47:3D:94:D2:BB:26:47:F4:46:64:5F:F5:BE:D3:7A:2A:65
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/PF6FRz2U0rsmR_RGZF_1vtN6KmU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
ba:b8:12:ea:ff:f6:11:65:03:3b:fc:6d:0d:e3:65:f5:d9:40:
d9:8e:14:05:0e:73:10:64:3f:0b:ec:57:68:db:40:20:f8:7c:
35:b8:2c:1f:f3:1b:b0:ff:06:86:00:1e:dd:6c:1c:f5:86:9a:
39:09:54:50:5c:bd:4b:b2:70:31:2d:2d:73:d2:45:86:10:4c:
4e:b5:55:77:4e:60:fb:85:03:2b:fe:d0:bd:3f:db:8d:31:f6:
49:24:d6:cb:c7:7d:de:41:d1:b7:9f:21:be:82:62:2c:25:59:
3d:9b:06:73:96:ab:e6:89:3a:39:6a:61:70:99:0d:01:99:09:
e8:90:3e:1b:4b:15:60:9a:94:4f:1c:3d:30:fa:cf:74:b5:99:
a2:40:cc:89:d7:ff:95:ce:4f:31:41:22:6c:d2:7a:e4:ca:4a:
ac:93:53:e1:13:b6:5c:6e:a0:fb:40:3e:2f:1a:09:c5:57:0b:
33:ea:4d:cc:8b:eb:57:d7:fe:02:35:18:07:59:bb:b9:b6:a0:
60:cd:20:22:a7:00:ef:5b:4d:60:8b:c8:1c:e1:62:0a:fd:e4:
b9:91:98:5d:db:d6:8b:fc:a7:fe:ad:ef:b3:bb:5f:d5:51:8f:
87:ab:9c:c4:44:3c:47:f1:04:4c:4a:a7:fd:d4:e6:17:3f:2e:
b1:c5:c8:8a
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIWgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUw
MjM4NDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNDNUU4NTQ3M0Q5NEQy
QkIyNjQ3RjQ0NjY0NUZGNUJFRDM3QTJBNjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDU5eFqRGan19ifeqiZ97KAxpS6rvBI0xFc9uF4ho+8P1+9ghBV
BzMgGp6LFvFqkHU+/+rI/9HOl8f9MTvSRNSzUqkQ7VAnKz7ESxP/rEYcKa8gPtVp
L+NSzBLxv4+z96wuHrPv/hZFi/6oynFiKOiF3Gtfa+WeFbbnY6d7EK3KjhUakLDt
9+Ogsf4ur8gRcuiYWJB68+fa6nqKaaHB7sPs6Em8Lp3JTJtDEz7kilVntxZGeBnr
NoB2NplGI6p5ozpw3DdfY3oFRP3KD2XtAaEhv3goMvgNCVCPqrSf6FjpSFtA2rc/
SbE/YMHbaTsaCVQPB2RRQvq9DvJPyBcg9E1tAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUPF6FRz2U0rsmR/RGZF/1vtN6KmUwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvUEY2RlJ6MlUwcnNt
Ul9SR1pGXzF2dE42S21VLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALq4Eur/9hFlAzv8bQ3jZfXZQNmO
FAUOcxBkPwvsV2jbQCD4fDW4LB/zG7D/BoYAHt1sHPWGmjkJVFBcvUuycDEtLXPS
RYYQTE61VXdOYPuFAyv+0L0/240x9kkk1svHfd5B0befIb6CYiwlWT2bBnOWq+aJ
OjlqYXCZDQGZCeiQPhtLFWCalE8cPTD6z3S1maJAzInX/5XOTzFBImzSeuTKSqyT
U+ETtlxuoPtAPi8aCcVXCzPqTcyL61fX/gI1GAdZu7m2oGDNICKnAO9bTWCLyBzh
Ygr95LmRmF3b1ov8p/6t77O7X9VRj4ernMREPEfxBExKp/3U5hc/LrHFyIo=
-----END CERTIFICATE-----
Generated at Fri Jun 20 21:32:14 2025 by rpki-client