Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/PUlD6X85JuxIZOK18lVnfZpiSqM.roa
File: PUlD6X85JuxIZOK18lVnfZpiSqM.roa (raw, json)
Hash identifier: zwNi+rUS4953eWlGKpTwRCk0HyS9QP2zc40/7kT/Fns=
Subject key identifier: 3D:49:43:E9:7F:39:26:EC:48:64:E2:B5:F2:55:67:7D:9A:62:4A:A3
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 239D
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/PUlD6X85JuxIZOK18lVnfZpiSqM.roa
Signing time: Mon 09 Jun 2025 00:38:57 +0000
ROA not before: Mon 09 Jun 2025 00:38:57 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9117 (0x239d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 9 00:38:57 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3D4943E97F3926EC4864E2B5F255677D9A624AA3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:22:c4:d4:ec:75:53:66:8c:47:a7:47:d5:14:
09:6d:34:39:d4:71:1f:af:db:0c:b4:91:79:ad:dd:
7b:f2:7e:0a:a0:e0:b3:d4:0b:cc:a6:5e:6c:ab:24:
d3:bc:4b:11:98:8e:c0:28:15:92:91:cb:a5:c6:fc:
1f:4b:de:72:62:34:0b:e4:81:86:c9:87:0c:d1:6a:
d3:f8:99:62:a9:5a:27:b6:ef:95:cb:00:a4:1e:f6:
e3:fe:38:13:1a:1b:fb:e9:32:f4:85:9f:5b:74:fc:
61:50:3a:d6:c2:aa:46:d6:f4:ce:42:c9:01:23:1b:
6f:1b:e3:85:b1:c0:7f:50:50:ee:5e:5f:1b:b3:ce:
72:0c:5c:60:27:80:7a:33:48:26:67:ba:91:4b:ec:
22:95:e2:e4:62:6b:57:bc:44:c2:c3:a6:8a:35:5f:
a2:de:57:c9:3f:0f:77:1f:5f:c7:95:77:34:2f:4e:
d5:9f:a4:93:ea:4e:06:60:83:56:4b:dc:20:b9:43:
70:31:31:88:86:70:c0:ad:97:35:98:50:80:f2:4b:
76:c3:0c:42:90:4e:10:4b:83:7c:fc:fc:35:b5:6d:
4a:d8:92:35:65:ea:8d:a0:50:4c:b7:0d:4c:f0:8b:
24:26:2a:bb:20:2e:cd:0b:36:fe:d7:37:7d:a2:ac:
89:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:49:43:E9:7F:39:26:EC:48:64:E2:B5:F2:55:67:7D:9A:62:4A:A3
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/PUlD6X85JuxIZOK18lVnfZpiSqM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
63:ad:a8:3e:80:01:83:d2:b1:90:10:42:77:30:c5:bf:17:65:
38:9a:ff:4d:36:42:74:3f:fc:ad:12:99:bb:f8:60:4f:af:95:
f2:fd:fd:c1:3c:0a:11:a9:57:13:f6:e5:b9:41:fb:66:41:e3:
68:6a:b6:27:d8:67:2b:44:1d:89:89:02:0b:52:73:7a:b4:4f:
d4:86:ca:01:c6:6b:ad:9e:9d:34:ee:40:b4:d2:08:2e:af:5f:
7a:e2:5c:ec:8a:2d:40:75:a0:8d:5d:14:69:60:e6:3e:48:0e:
2a:1b:8c:9e:dc:8c:b1:46:74:1c:df:b2:85:d2:d7:bd:5d:d8:
52:e6:b1:7b:4f:eb:59:ea:f0:88:dd:fe:69:42:d0:a3:0c:53:
5a:b6:3a:ce:fa:17:33:0d:34:e4:47:59:9f:4c:1a:31:70:8c:
4c:fe:29:84:ac:6c:6c:19:a6:bc:2f:fd:d3:3c:ee:61:74:be:
db:33:58:d8:5e:5c:42:9e:9c:7f:02:37:ed:17:10:95:02:61:
e3:18:38:1b:78:46:66:25:b1:79:22:61:fa:c3:ce:21:22:24:
95:9e:71:c5:5a:ad:21:63:27:ac:4f:d9:9b:89:6f:ec:d3:a3:
8c:db:b0:df:f8:97:b4:84:85:dd:45:fc:ab:c2:dd:92:0a:60:
a9:1d:dd:b1
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICI50wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDkw
MDM4NTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNENDk0M0U5N0YzOTI2
RUM0ODY0RTJCNUYyNTU2NzdEOUE2MjRBQTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYIsTU7HVTZoxHp0fVFAltNDnUcR+v2wy0kXmt3Xvyfgqg4LPU
C8ymXmyrJNO8SxGYjsAoFZKRy6XG/B9L3nJiNAvkgYbJhwzRatP4mWKpWie275XL
AKQe9uP+OBMaG/vpMvSFn1t0/GFQOtbCqkbW9M5CyQEjG28b44WxwH9QUO5eXxuz
znIMXGAngHozSCZnupFL7CKV4uRia1e8RMLDpoo1X6LeV8k/D3cfX8eVdzQvTtWf
pJPqTgZgg1ZL3CC5Q3AxMYiGcMCtlzWYUIDyS3bDDEKQThBLg3z8/DW1bUrYkjVl
6o2gUEy3DUzwiyQmKrsgLs0LNv7XN32irIm3AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUPUlD6X85JuxIZOK18lVnfZpiSqMwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvUFVsRDZYODVKdXhJ
Wk9LMThsVm5mWnBpU3FNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGOtqD6AAYPSsZAQQncwxb8XZTia
/002QnQ//K0Smbv4YE+vlfL9/cE8ChGpVxP25blB+2ZB42hqtifYZytEHYmJAgtS
c3q0T9SGygHGa62enTTuQLTSCC6vX3riXOyKLUB1oI1dFGlg5j5IDiobjJ7cjLFG
dBzfsoXS171d2FLmsXtP61nq8Ijd/mlC0KMMU1q2Os76FzMNNORHWZ9MGjFwjEz+
KYSsbGwZprwv/dM87mF0vtszWNheXEKenH8CN+0XEJUCYeMYOBt4RmYlsXkiYfrD
ziEiJJWeccVarSFjJ6xP2ZuJb+zTo4zbsN/4l7SEhd1F/KvC3ZIKYKkd3bE=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:59:19 2025 by rpki-client