Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/PisWBuEMnR0pfarsM46s1Y2wd9I.roa
File: PisWBuEMnR0pfarsM46s1Y2wd9I.roa (raw, json)
Hash identifier: 7r+o3RQdunNUUMpDsRvRZHRx8hpnFUtt4STlu7x18zs=
Subject key identifier: 3E:2B:16:06:E1:0C:9D:1D:29:7D:AA:EC:33:8E:AC:D5:8D:B0:77:D2
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 22D3
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/PisWBuEMnR0pfarsM46s1Y2wd9I.roa
Signing time: Sat 07 Jun 2025 15:08:52 +0000
ROA not before: Sat 07 Jun 2025 15:08:52 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8915 (0x22d3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 7 15:08:52 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3E2B1606E10C9D1D297DAAEC338EACD58DB077D2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:5c:20:1f:89:61:93:94:28:12:a1:9d:d3:10:
94:7b:6e:a1:f9:5d:a4:53:ff:18:30:5a:1b:d7:77:
46:e0:f9:d0:93:da:ec:04:9a:e6:76:5b:cb:b2:37:
34:ab:12:dc:a1:8e:dd:1b:10:7a:dd:a3:3e:0d:2f:
6c:a2:ed:93:7a:57:90:ec:44:2a:aa:52:6d:96:f5:
d7:5b:89:9b:d6:dd:b5:45:38:ad:19:34:e2:ad:db:
73:8f:38:36:d6:98:93:f5:0e:37:be:41:fa:03:57:
46:4c:84:11:8c:57:d5:31:56:b6:73:79:b6:cc:56:
69:20:c7:0e:b2:0e:fe:f6:f9:4c:2f:62:b9:22:f2:
b7:05:ec:6c:da:f8:fe:af:c1:2c:fe:8b:d6:4a:36:
8d:55:89:e8:95:4e:f4:06:f9:d6:c7:f5:0e:3f:00:
b5:ce:77:04:f5:6d:d9:d4:78:b5:83:d9:ec:e4:0f:
90:42:90:23:f4:13:3c:9e:d9:9b:00:b9:51:5c:06:
e5:16:39:77:e4:b7:de:cc:ef:89:34:7e:87:20:b2:
8a:71:5d:78:13:00:93:50:d7:1b:9d:10:04:46:7b:
47:4b:3f:73:27:c1:f7:82:ae:b2:2e:f0:a2:1a:82:
d3:ed:a0:cf:d9:ce:0b:c8:ce:0f:ba:82:c8:a1:7b:
d8:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:2B:16:06:E1:0C:9D:1D:29:7D:AA:EC:33:8E:AC:D5:8D:B0:77:D2
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/PisWBuEMnR0pfarsM46s1Y2wd9I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
b3:23:df:8b:d4:29:54:17:31:5d:6e:a2:97:4b:1c:e0:de:c7:
dc:cc:01:19:57:45:7a:3c:4a:7e:0e:e6:4a:27:ea:d8:d6:46:
bd:b8:98:33:7c:20:08:37:d3:6e:06:45:dc:71:f5:78:76:61:
af:7e:02:ac:df:b0:60:dd:2c:b5:9f:ad:f9:78:1e:67:7e:0c:
13:ff:af:e7:aa:0b:ac:da:52:55:a9:62:9a:a3:03:4e:02:d2:
02:e5:9f:f9:7f:4a:06:28:3c:c4:73:09:9c:a0:de:67:6c:13:
f3:dd:95:85:2b:a9:9d:0f:30:03:37:30:31:92:d3:48:a1:33:
a8:06:ba:6c:5b:01:af:2a:6f:60:2a:ac:9b:c9:30:4a:6f:03:
f3:85:e7:63:16:08:16:a4:85:bc:76:d4:16:13:d3:ff:b1:08:
3a:bb:f9:cc:a9:ca:ea:55:31:27:11:ba:3c:2f:98:45:26:ef:
89:b0:00:aa:ae:80:2a:6c:6f:ba:c8:bc:2b:5e:9f:e7:a3:75:
1e:96:d0:cd:b7:7e:10:d1:6b:87:f3:04:c0:47:45:76:87:51:
78:7c:4f:c1:7b:68:2e:73:f2:a3:54:2f:f4:2d:12:2e:7f:a6:
6e:1a:51:16:72:30:33:d7:42:3e:66:ba:7d:1b:ce:98:3b:6f:
af:9a:90:a2
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICItMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDcx
NTA4NTJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNFMkIxNjA2RTEwQzlE
MUQyOTdEQUFFQzMzOEVBQ0Q1OERCMDc3RDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCZXCAfiWGTlCgSoZ3TEJR7bqH5XaRT/xgwWhvXd0bg+dCT2uwE
muZ2W8uyNzSrEtyhjt0bEHrdoz4NL2yi7ZN6V5DsRCqqUm2W9ddbiZvW3bVFOK0Z
NOKt23OPODbWmJP1Dje+QfoDV0ZMhBGMV9UxVrZzebbMVmkgxw6yDv72+UwvYrki
8rcF7Gza+P6vwSz+i9ZKNo1VieiVTvQG+dbH9Q4/ALXOdwT1bdnUeLWD2ezkD5BC
kCP0Ezye2ZsAuVFcBuUWOXfkt97M74k0focgsopxXXgTAJNQ1xudEARGe0dLP3Mn
wfeCrrIu8KIagtPtoM/ZzgvIzg+6gsihe9grAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUPisWBuEMnR0pfarsM46s1Y2wd9IwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvUGlzV0J1RU1uUjBw
ZmFyc000NnMxWTJ3ZDlJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALMj34vUKVQXMV1uopdLHODex9zM
ARlXRXo8Sn4O5kon6tjWRr24mDN8IAg3024GRdxx9Xh2Ya9+AqzfsGDdLLWfrfl4
Hmd+DBP/r+eqC6zaUlWpYpqjA04C0gLln/l/SgYoPMRzCZyg3mdsE/PdlYUrqZ0P
MAM3MDGS00ihM6gGumxbAa8qb2AqrJvJMEpvA/OF52MWCBakhbx21BYT0/+xCDq7
+cypyupVMScRujwvmEUm74mwAKqugCpsb7rIvCten+ejdR6W0M23fhDRa4fzBMBH
RXaHUXh8T8F7aC5z8qNUL/QtEi5/pm4aURZyMDPXQj5mun0bzpg7b6+akKI=
-----END CERTIFICATE-----
Generated at Sat Jun 21 14:46:36 2025 by rpki-client