Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/ZJzeHIRmeeOzlYL2B805nN2sn48.roa
File: ZJzeHIRmeeOzlYL2B805nN2sn48.roa (raw, json)
Hash identifier: QYBJzNjVtPZHj5GcSSCKs41Nr383kxN+Jk9fTYilHQo=
Subject key identifier: 64:9C:DE:1C:84:66:79:E3:B3:95:82:F6:07:CD:39:9C:DD:AC:9F:8F
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 46F5
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ZJzeHIRmeeOzlYL2B805nN2sn48.roa
Signing time: Mon 11 Aug 2025 08:31:15 +0000
ROA not before: Mon 11 Aug 2025 08:31:15 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18165 (0x46f5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Aug 11 08:31:15 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=649CDE1C846679E3B39582F607CD399CDDAC9F8F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:d1:0d:39:d9:6d:fe:64:47:50:03:bb:84:0c:
ab:51:d8:da:f2:86:7a:4a:13:d3:01:f5:4d:d9:6f:
18:98:a3:86:d2:18:01:e4:27:24:7a:00:e1:36:58:
5b:2c:21:13:98:bd:df:48:49:51:fb:f4:bd:de:43:
cc:79:d8:17:54:74:98:54:90:4f:2c:3c:e5:db:3a:
a3:9d:82:f4:ab:37:ee:51:57:ed:c5:b6:88:18:39:
07:76:84:9d:1d:31:c7:f0:b1:86:ee:7c:40:82:4b:
be:36:67:f6:3d:da:ff:a9:f7:cb:b2:1f:93:64:f0:
60:e7:16:af:5d:15:54:65:37:2f:d4:4a:e4:b3:38:
08:5b:ee:a9:31:f1:fa:bf:1c:f5:4c:d4:a6:3c:74:
6b:d7:d2:10:6e:9c:63:f6:9d:75:4e:41:01:97:f2:
eb:90:29:49:81:5a:43:ac:7c:4f:2f:0a:f2:b9:81:
cc:48:32:1c:97:7e:bd:bd:d5:e2:a0:2f:9f:fc:dc:
7f:11:12:05:a2:7c:e4:c6:dc:f2:27:3f:06:07:22:
5b:f1:84:01:60:2e:12:40:ce:24:ed:02:40:0e:20:
7b:63:04:80:57:09:40:17:41:47:f1:5e:40:88:ab:
2d:9f:b9:88:71:5c:e8:65:af:8d:18:e6:7b:15:3a:
91:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:9C:DE:1C:84:66:79:E3:B3:95:82:F6:07:CD:39:9C:DD:AC:9F:8F
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ZJzeHIRmeeOzlYL2B805nN2sn48.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
ba:c4:85:cc:19:13:07:d9:7b:aa:31:b7:13:20:38:5d:3b:e2:
ee:fd:ca:54:f9:f3:88:9e:1d:a4:d6:00:5f:74:b1:17:0b:ad:
67:ce:65:2d:53:9f:a7:4f:36:40:3c:1f:65:c4:22:69:e0:f4:
4c:a0:6a:91:ae:e0:64:21:72:a6:60:de:5f:9f:31:fd:e3:98:
14:db:f7:41:e0:35:4b:e0:88:38:d0:9a:b1:fd:f7:3c:17:88:
a9:ee:ed:38:e4:17:16:0e:22:86:30:ea:42:bf:21:70:29:58:
76:11:ae:c6:74:a7:65:1e:12:66:80:32:84:4c:59:75:c5:6c:
e6:bd:01:33:90:63:e1:c4:6a:8c:97:9b:19:fe:05:8d:4a:5c:
d8:7d:ed:79:60:26:3b:55:d9:cb:4c:0d:90:3d:45:45:11:70:
56:3c:5f:20:45:4b:14:54:39:e0:d9:de:fa:e2:eb:6e:aa:67:
ad:53:42:ec:e0:08:f6:1c:6d:09:6f:4b:df:b3:15:d0:27:40:
75:b0:2c:54:0e:e6:88:a2:f2:f1:80:35:57:e4:3d:26:1a:25:
13:33:a6:27:61:ce:e5:25:51:95:27:69:41:4e:91:4a:8f:b7:
52:b8:45:c5:e3:67:2c:1d:ac:1d:c1:32:97:f4:6f:54:06:d7:
5a:f3:a8:98
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICRvUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA4MTEw
ODMxMTVaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDY0OUNERTFDODQ2Njc5
RTNCMzk1ODJGNjA3Q0QzOTlDRERBQzlGOEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDa0Q052W3+ZEdQA7uEDKtR2NryhnpKE9MB9U3ZbxiYo4bSGAHk
JyR6AOE2WFssIROYvd9ISVH79L3eQ8x52BdUdJhUkE8sPOXbOqOdgvSrN+5RV+3F
togYOQd2hJ0dMcfwsYbufECCS742Z/Y92v+p98uyH5Nk8GDnFq9dFVRlNy/USuSz
OAhb7qkx8fq/HPVM1KY8dGvX0hBunGP2nXVOQQGX8uuQKUmBWkOsfE8vCvK5gcxI
MhyXfr291eKgL5/83H8REgWifOTG3PInPwYHIlvxhAFgLhJAziTtAkAOIHtjBIBX
CUAXQUfxXkCIqy2fuYhxXOhlr40Y5nsVOpE3AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUZJzeHIRmeeOzlYL2B805nN2sn48wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvWkp6ZUhJUm1lZU96
bFlMMkI4MDVuTjJzbjQ4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALrEhcwZEwfZe6oxtxMgOF074u79
ylT584ieHaTWAF90sRcLrWfOZS1Tn6dPNkA8H2XEImng9EygapGu4GQhcqZg3l+f
Mf3jmBTb90HgNUvgiDjQmrH99zwXiKnu7TjkFxYOIoYw6kK/IXApWHYRrsZ0p2Ue
EmaAMoRMWXXFbOa9ATOQY+HEaoyXmxn+BY1KXNh97XlgJjtV2ctMDZA9RUURcFY8
XyBFSxRUOeDZ3vri626qZ61TQuzgCPYcbQlvS9+zFdAnQHWwLFQO5oii8vGANVfk
PSYaJRMzpidhzuUlUZUnaUFOkUqPt1K4RcXjZywdrB3BMpf0b1QG11rzqJg=
-----END CERTIFICATE-----
Generated at Mon Aug 11 13:08:03 2025 by rpki-client