Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Rwu-j-dcmL2JBOkgfQ0-isovPvY.roa
File: Rwu-j-dcmL2JBOkgfQ0-isovPvY.roa (raw, json)
Hash identifier: sIvz8+ROrFUSUkkJRc+Ga0kf/s0nBKz+6GI7NEF+RwU=
Subject key identifier: 47:0B:BE:8F:E7:5C:98:BD:89:04:E9:20:7D:0D:3E:8A:CA:2F:3E:F6
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2634
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Rwu-j-dcmL2JBOkgfQ0-isovPvY.roa
Signing time: Fri 13 Jun 2025 15:09:14 +0000
ROA not before: Fri 13 Jun 2025 15:09:14 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9780 (0x2634)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 15:09:14 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=470BBE8FE75C98BD8904E9207D0D3E8ACA2F3EF6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:eb:62:18:06:72:66:46:50:08:d4:72:c9:c8:
76:c6:49:2d:a7:14:6d:d8:cc:af:25:be:94:ef:09:
f7:32:ff:0f:90:5d:af:cd:6e:30:df:8c:76:f2:ba:
98:93:e5:c9:49:9c:55:59:4a:95:b0:1a:00:49:cb:
60:bc:1a:3a:d1:72:94:5f:93:c7:a9:77:15:3e:eb:
00:de:a1:02:e0:6e:50:01:1a:18:e2:49:9f:a2:eb:
68:ae:bc:c7:5c:49:c3:59:90:65:50:b4:d7:84:67:
5c:19:9a:17:a9:2b:42:07:19:9b:25:a1:c1:f4:55:
2a:60:66:ac:1c:29:d4:e5:c1:a9:65:4c:fa:d4:fe:
77:b4:0f:14:d8:d1:aa:69:d8:df:b1:d5:36:1d:ae:
35:ab:9b:85:3f:52:44:32:ed:ae:2f:1b:00:08:2b:
b1:df:fc:5a:f3:a1:13:1d:a9:7f:01:26:23:5a:d6:
58:47:3d:ef:9b:76:02:7e:31:aa:83:e8:7a:f4:9a:
f1:d1:7d:ca:20:d9:02:6d:af:e8:b4:4c:84:c7:1a:
f9:cc:69:18:56:23:f5:c9:fb:0f:32:26:c3:fb:09:
a0:08:a1:3b:ca:5a:b2:91:2e:ca:8d:3d:21:c0:b2:
0c:72:34:6f:27:7d:55:8f:aa:85:21:1c:d7:0c:9b:
57:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:0B:BE:8F:E7:5C:98:BD:89:04:E9:20:7D:0D:3E:8A:CA:2F:3E:F6
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Rwu-j-dcmL2JBOkgfQ0-isovPvY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
89:d9:ff:0b:8b:2f:9a:fe:47:f7:c6:71:3f:70:a7:6d:74:9d:
36:5d:17:d3:69:c7:51:24:90:a5:6a:74:f9:48:78:98:c2:94:
1a:72:d5:ee:fe:eb:0d:6e:91:1a:22:2f:36:85:43:72:ca:d3:
3f:bb:22:97:71:bd:45:b3:3c:33:a1:9f:73:43:f9:d4:78:2d:
44:18:19:55:3a:25:f4:88:2e:da:c8:3e:a1:03:42:8e:af:02:
e5:c8:0c:d9:8e:fd:77:8c:64:18:10:12:92:37:41:7c:4b:3d:
ef:1b:bc:5f:65:90:97:42:47:40:cb:7f:1b:80:3c:1f:70:53:
ce:93:f7:7f:5b:a6:39:c3:2f:1b:c8:7a:a9:0e:cd:45:9c:7a:
5b:28:63:11:93:a5:15:df:b6:61:05:55:6a:f7:a0:f7:7a:4c:
71:1f:e4:07:2a:44:8f:21:8d:da:2a:58:88:46:4c:d1:95:af:
2b:25:15:6f:c5:7b:92:5a:fd:7f:fd:58:19:cf:d0:24:8b:6b:
43:32:4a:ba:b5:3b:20:27:04:7c:45:d9:ab:76:9a:30:ff:04:
2c:fc:e9:81:58:44:e4:cf:bc:75:66:66:a9:4f:19:7f:a5:84:
05:f7:4a:d5:d6:ed:a7:fc:1b:fb:b2:7a:d7:c9:3d:67:ce:fb:
53:65:06:5b
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJjQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMx
NTA5MTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQ3MEJCRThGRTc1Qzk4
QkQ4OTA0RTkyMDdEMEQzRThBQ0EyRjNFRjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDP62IYBnJmRlAI1HLJyHbGSS2nFG3YzK8lvpTvCfcy/w+QXa/N
bjDfjHbyupiT5clJnFVZSpWwGgBJy2C8GjrRcpRfk8epdxU+6wDeoQLgblABGhji
SZ+i62iuvMdcScNZkGVQtNeEZ1wZmhepK0IHGZslocH0VSpgZqwcKdTlwallTPrU
/ne0DxTY0app2N+x1TYdrjWrm4U/UkQy7a4vGwAIK7Hf/FrzoRMdqX8BJiNa1lhH
Pe+bdgJ+MaqD6Hr0mvHRfcog2QJtr+i0TITHGvnMaRhWI/XJ+w8yJsP7CaAIoTvK
WrKRLsqNPSHAsgxyNG8nfVWPqoUhHNcMm1cDAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQURwu+j+dcmL2JBOkgfQ0+isovPvYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvUnd1LWotZGNtTDJK
Qk9rZ2ZRMC1pc292UHZZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAInZ/wuLL5r+R/fGcT9wp210nTZd
F9Npx1EkkKVqdPlIeJjClBpy1e7+6w1ukRoiLzaFQ3LK0z+7IpdxvUWzPDOhn3ND
+dR4LUQYGVU6JfSILtrIPqEDQo6vAuXIDNmO/XeMZBgQEpI3QXxLPe8bvF9lkJdC
R0DLfxuAPB9wU86T939bpjnDLxvIeqkOzUWcelsoYxGTpRXftmEFVWr3oPd6THEf
5AcqRI8hjdoqWIhGTNGVryslFW/Fe5Ja/X/9WBnP0CSLa0MySrq1OyAnBHxF2at2
mjD/BCz86YFYROTPvHVmZqlPGX+lhAX3StXW7af8G/uyetfJPWfO+1NlBls=
-----END CERTIFICATE-----
Generated at Fri Jun 20 11:48:19 2025 by rpki-client