Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Wo3EnkeB2AYzm8xtmAql26z9qiM.roa
File: Wo3EnkeB2AYzm8xtmAql26z9qiM.roa (raw, json)
Hash identifier: m/p7YOuVKQQCW507Q4Msd1Zm7yEjlIU8myho/ENwnC4=
Subject key identifier: 5A:8D:C4:9E:47:81:D8:06:33:9B:CC:6D:98:0A:A5:DB:AC:FD:AA:23
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 25C2
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Wo3EnkeB2AYzm8xtmAql26z9qiM.roa
Signing time: Thu 12 Jun 2025 20:09:13 +0000
ROA not before: Thu 12 Jun 2025 20:09:13 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9666 (0x25c2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 12 20:09:13 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=5A8DC49E4781D806339BCC6D980AA5DBACFDAA23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:41:0e:9f:78:d0:87:54:ea:be:fd:86:28:d8:
28:1b:f4:c8:a1:66:4c:4a:57:7b:75:39:0b:a0:2d:
fe:dc:b5:7b:03:8a:5e:af:c4:3a:1b:04:ad:d2:af:
74:f2:27:2d:aa:4a:1e:02:12:77:92:19:53:38:b3:
29:43:15:68:0c:b8:91:60:5c:8d:45:10:60:c7:7f:
0c:aa:c8:e7:5e:af:7e:5f:dd:2b:2f:6d:59:06:04:
05:0d:8b:a4:2a:bf:40:b5:84:66:74:3b:0d:7f:6f:
8e:69:52:8d:e1:08:eb:ab:d1:c7:d7:8e:11:15:fa:
63:67:45:7c:ca:83:78:c1:94:6e:7c:c1:b1:40:b2:
8f:8b:31:f6:28:74:95:e6:4b:2d:3d:6f:74:c5:f4:
3a:ed:fe:88:93:db:f3:91:4a:6d:b0:97:87:54:c3:
93:e5:bf:09:5e:4d:bb:c0:66:d2:03:f6:ab:9b:ff:
da:9d:7e:4d:0c:73:8b:34:56:ce:43:d2:bd:8e:04:
5b:7d:ff:f5:45:30:28:58:3e:58:30:39:6c:e2:01:
0f:a9:ac:36:3a:e6:be:c8:18:bb:a4:2b:a5:ab:3b:
81:a8:5b:48:26:82:08:c3:d8:2c:15:58:47:57:58:
97:98:53:50:2d:bc:33:f4:88:d3:ad:68:2c:2d:5a:
36:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:8D:C4:9E:47:81:D8:06:33:9B:CC:6D:98:0A:A5:DB:AC:FD:AA:23
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Wo3EnkeB2AYzm8xtmAql26z9qiM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
31:16:2c:fd:d4:70:72:49:b6:bd:df:a7:ea:53:2d:24:8c:67:
fd:b7:d2:78:52:cb:a8:90:63:64:72:1e:ee:0e:41:36:a7:51:
bd:19:4e:da:c4:fb:c8:d5:1f:77:3f:0e:53:0f:e2:1f:18:d1:
49:26:f3:cb:48:74:54:c0:20:78:6c:33:db:17:66:03:0b:38:
70:63:16:37:72:1b:e1:da:0d:92:30:fb:8e:37:0f:f6:99:4e:
32:d5:ac:08:7f:e0:53:cc:ea:61:15:78:e2:a7:ca:6f:e7:d3:
8c:9e:83:74:26:c3:bf:c0:9f:fa:f9:37:20:a3:f5:a2:7f:6d:
89:3b:6a:77:ca:f9:0c:ef:b8:da:b6:ff:b3:5a:45:df:3a:d1:
6c:cb:dd:2d:a4:b0:b6:4e:51:0d:56:6b:4b:9e:aa:50:d6:b9:
b2:e9:70:58:74:49:ee:a9:72:fb:d4:44:74:73:c8:88:17:73:
a2:37:cf:9f:b3:82:0b:7c:06:1c:35:45:8d:17:8e:1e:ad:90:
76:2d:05:9e:fd:bb:25:85:ab:69:58:3f:8a:28:2b:9e:12:ba:
58:bf:13:1f:28:9b:b8:09:cc:c6:91:59:e5:96:a1:34:aa:b5:
e8:b9:29:3c:84:3e:b2:b5:37:17:02:17:08:d6:02:b1:25:87:
bc:db:3c:cd
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJcIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTIy
MDA5MTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDVBOERDNDlFNDc4MUQ4
MDYzMzlCQ0M2RDk4MEFBNURCQUNGREFBMjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBQQ6feNCHVOq+/YYo2Cgb9MihZkxKV3t1OQugLf7ctXsDil6v
xDobBK3Sr3TyJy2qSh4CEneSGVM4sylDFWgMuJFgXI1FEGDHfwyqyOder35f3Ssv
bVkGBAUNi6Qqv0C1hGZ0Ow1/b45pUo3hCOur0cfXjhEV+mNnRXzKg3jBlG58wbFA
so+LMfYodJXmSy09b3TF9Drt/oiT2/ORSm2wl4dUw5PlvwleTbvAZtID9qub/9qd
fk0Mc4s0Vs5D0r2OBFt9//VFMChYPlgwOWziAQ+prDY65r7IGLukK6WrO4GoW0gm
ggjD2CwVWEdXWJeYU1AtvDP0iNOtaCwtWjazAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUWo3EnkeB2AYzm8xtmAql26z9qiMwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvV28zRW5rZUIyQVl6
bTh4dG1BcWwyNno5cWlNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBADEWLP3UcHJJtr3fp+pTLSSMZ/23
0nhSy6iQY2RyHu4OQTanUb0ZTtrE+8jVH3c/DlMP4h8Y0Ukm88tIdFTAIHhsM9sX
ZgMLOHBjFjdyG+HaDZIw+443D/aZTjLVrAh/4FPM6mEVeOKnym/n04yeg3Qmw7/A
n/r5NyCj9aJ/bYk7anfK+QzvuNq2/7NaRd860WzL3S2ksLZOUQ1Wa0ueqlDWubLp
cFh0Se6pcvvURHRzyIgXc6I3z5+zggt8Bhw1RY0Xjh6tkHYtBZ79uyWFq2lYP4oo
K54Suli/Ex8om7gJzMaRWeWWoTSqtei5KTyEPrK1NxcCFwjWArElh7zbPM0=
-----END CERTIFICATE-----
Generated at Sat Jun 21 21:41:15 2025 by rpki-client