Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/RqD3Sc8_3to7TfboJPuJCBM2gI0.roa
File: RqD3Sc8_3to7TfboJPuJCBM2gI0.roa (raw, json)
Hash identifier: aKYfRcZBREMslgZB5CuQSmJsWjmghuAeE5eqP5P/8To=
Subject key identifier: 46:A0:F7:49:CF:3F:DE:DA:3B:4D:F6:E8:24:FB:89:08:13:36:80:8D
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2699
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/RqD3Sc8_3to7TfboJPuJCBM2gI0.roa
Signing time: Sat 14 Jun 2025 08:18:20 +0000
ROA not before: Sat 14 Jun 2025 08:18:20 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9881 (0x2699)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 14 08:18:20 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=46A0F749CF3FDEDA3B4DF6E824FB89081336808D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:a1:de:ef:b4:94:f0:83:2b:60:68:47:97:71:
61:4f:cb:3c:8c:ed:7b:8f:5d:9e:83:86:fa:1b:d3:
cf:bc:04:15:39:71:46:d5:b8:8c:9f:66:2c:e9:bd:
da:bb:b1:27:d0:42:f8:38:0a:b1:07:66:a8:e1:5c:
ad:6c:b5:e6:5a:5b:5e:e5:11:93:f5:97:bb:64:f0:
2e:7b:6e:fa:36:0a:ef:8b:8f:e7:60:6d:34:6c:17:
35:49:d1:24:05:a5:69:17:71:22:d4:dc:f1:99:1f:
bb:67:e7:9c:bd:6c:cb:d3:61:54:87:7b:cc:c2:c0:
5c:e8:46:e2:2b:11:22:53:40:87:4c:85:75:13:d6:
bf:6e:4e:46:ce:00:6a:dd:80:53:17:fd:72:bf:d5:
58:1b:9a:7d:23:81:34:5f:67:51:83:60:eb:e2:02:
16:f5:f0:4b:bd:7d:34:17:9d:14:01:6e:6e:e2:a3:
42:f7:85:73:c9:40:ef:11:a6:4b:fa:7f:f4:6d:b1:
04:f8:72:8d:04:06:3d:5f:3f:b6:09:a3:64:65:66:
74:11:45:1b:c2:29:87:ab:62:85:3a:55:87:a3:e9:
21:7a:cc:93:5b:41:3d:2d:3f:a6:29:ea:3b:a1:ca:
1b:f7:7e:b9:f4:12:b6:de:28:28:87:22:e0:5a:d2:
56:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:A0:F7:49:CF:3F:DE:DA:3B:4D:F6:E8:24:FB:89:08:13:36:80:8D
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/RqD3Sc8_3to7TfboJPuJCBM2gI0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
af:b5:fb:c2:ca:74:50:39:fc:e8:2b:bc:69:2c:10:ba:77:fe:
9c:8f:41:0c:33:b9:bb:85:c0:b7:57:44:52:75:7c:72:12:91:
23:0d:97:07:3b:36:ec:7f:83:b9:c6:c1:12:02:03:2d:a8:8a:
b2:c6:ce:a8:87:08:3e:45:e6:d3:da:fe:d6:b4:94:fa:c6:bb:
c5:fe:fc:bc:ac:88:7a:25:f2:ab:58:a6:f9:6f:98:94:b7:ad:
54:53:48:1d:90:40:23:91:a8:88:d0:1c:69:7b:f0:9d:42:32:
24:17:02:fe:bc:2b:22:a7:c9:e5:8f:48:d6:a2:f7:00:2e:59:
78:45:9b:e2:50:15:24:52:ed:4c:ac:83:5f:48:01:91:80:06:
6b:0a:6e:d9:b7:54:67:83:55:cc:7a:ce:89:78:08:33:a2:27:
30:77:75:e9:d8:b9:c4:49:37:6d:d6:ce:f0:7e:68:5a:12:e0:
65:b6:4d:fc:5f:de:a0:f1:0d:0c:de:0f:75:e5:54:b2:91:62:
85:b2:89:2f:4e:56:71:53:2c:df:63:98:df:01:1e:bd:6e:b4:
2d:5d:b3:2c:cb:b3:cb:5c:3c:51:ba:8a:4c:a6:2f:d0:09:74:
df:8c:b5:54:c0:8d:04:d3:57:a7:c5:0d:6c:3d:d2:b2:a2:eb:
2d:b8:e7:ac
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJpkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTQw
ODE4MjBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQ2QTBGNzQ5Q0YzRkRF
REEzQjRERjZFODI0RkI4OTA4MTMzNjgwOEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD0od7vtJTwgytgaEeXcWFPyzyM7XuPXZ6Dhvob08+8BBU5cUbV
uIyfZizpvdq7sSfQQvg4CrEHZqjhXK1steZaW17lEZP1l7tk8C57bvo2Cu+Lj+dg
bTRsFzVJ0SQFpWkXcSLU3PGZH7tn55y9bMvTYVSHe8zCwFzoRuIrESJTQIdMhXUT
1r9uTkbOAGrdgFMX/XK/1Vgbmn0jgTRfZ1GDYOviAhb18Eu9fTQXnRQBbm7io0L3
hXPJQO8Rpkv6f/RtsQT4co0EBj1fP7YJo2RlZnQRRRvCKYerYoU6VYej6SF6zJNb
QT0tP6Yp6juhyhv3frn0ErbeKCiHIuBa0lbTAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQURqD3Sc8/3to7TfboJPuJCBM2gI0wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvUnFEM1NjOF8zdG83
VGZib0pQdUpDQk0yZ0kwLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAK+1+8LKdFA5/OgrvGksELp3/pyP
QQwzubuFwLdXRFJ1fHISkSMNlwc7Nux/g7nGwRICAy2oirLGzqiHCD5F5tPa/ta0
lPrGu8X+/LysiHol8qtYpvlvmJS3rVRTSB2QQCORqIjQHGl78J1CMiQXAv68KyKn
yeWPSNai9wAuWXhFm+JQFSRS7Uysg19IAZGABmsKbtm3VGeDVcx6zol4CDOiJzB3
denYucRJN23WzvB+aFoS4GW2Tfxf3qDxDQzeD3XlVLKRYoWyiS9OVnFTLN9jmN8B
Hr1utC1dsyzLs8tcPFG6ikymL9AJdN+MtVTAjQTTV6fFDWw90rKi6y2456w=
-----END CERTIFICATE-----
Generated at Sat Jun 21 17:25:54 2025 by rpki-client