Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/ZQOTOS425gv4Y7kbDs8oydxcbvw.roa
File: ZQOTOS425gv4Y7kbDs8oydxcbvw.roa (raw, json)
Hash identifier: 99VQK83hKQorIOt7Nl1kqH+7I362+0CJ81dfTATu56w=
Subject key identifier: 65:03:93:39:2E:36:E6:0B:F8:63:B9:1B:0E:CF:28:C9:DC:5C:6E:FC
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1F22
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ZQOTOS425gv4Y7kbDs8oydxcbvw.roa
Signing time: Sun 01 Jun 2025 01:38:31 +0000
ROA not before: Sun 01 Jun 2025 01:38:31 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7970 (0x1f22)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 1 01:38:31 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=650393392E36E60BF863B91B0ECF28C9DC5C6EFC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fa:66:a7:5c:a9:73:e1:65:a4:cf:a9:44:2d:3e:
a2:3c:6f:6e:5e:56:b9:cb:67:16:aa:35:b4:cf:53:
2e:23:6d:71:68:a4:2a:79:fa:b2:dc:a4:81:af:aa:
7f:ae:d8:14:c4:68:6f:df:41:7e:7e:33:36:8a:32:
11:1f:d0:21:6b:93:0e:71:ab:1f:6d:87:28:fb:cf:
40:96:29:c2:76:87:5c:4c:4a:45:b5:02:ec:41:d1:
3c:81:fe:d3:fc:a3:d8:1a:3f:ac:d2:d0:76:30:99:
db:8e:fd:6d:55:88:a2:03:4d:e5:0a:50:0f:6d:fb:
63:26:bd:24:c6:2a:27:6a:64:a7:97:c9:06:90:d4:
9f:5f:e9:11:bd:86:b2:7f:c8:67:70:93:4e:77:03:
45:7c:26:2f:fc:5c:29:c9:74:92:b0:b2:49:56:82:
50:a5:7b:5d:e4:06:8f:2a:90:ac:7b:d2:c8:83:fe:
15:1c:ef:df:c4:41:12:c5:9d:f5:dc:14:43:bd:46:
e9:7e:df:31:c0:fc:31:3f:cc:4b:fb:6f:a7:30:02:
18:e8:b6:6b:12:22:5f:84:39:1a:02:9e:86:19:bb:
bd:f2:71:09:24:80:d4:bc:f8:e9:2c:ab:0e:8b:be:
da:fc:15:0f:61:cb:9c:bc:2c:6c:62:bd:14:91:49:
13:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:03:93:39:2E:36:E6:0B:F8:63:B9:1B:0E:CF:28:C9:DC:5C:6E:FC
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/ZQOTOS425gv4Y7kbDs8oydxcbvw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
90:8f:49:38:3d:5e:00:1e:24:59:b8:8a:bf:d0:e0:10:d8:2e:
cd:5d:25:21:f3:86:ea:a0:0a:bb:c4:7b:ec:32:a7:31:74:8b:
83:3e:75:e2:4e:a0:bb:5a:6c:20:0b:a5:af:8c:10:c1:2e:36:
3f:57:d8:6f:c4:ea:71:e2:7b:fb:0c:be:89:03:43:a4:1a:75:
f6:f2:3e:c3:4b:f9:b1:1b:ae:c1:20:5c:90:f2:4f:e7:02:56:
3c:6e:0a:bc:41:63:1c:b7:7c:f4:e5:aa:61:77:27:da:af:27:
11:ab:42:8b:66:2b:7a:9d:60:0d:b5:43:19:73:d9:fb:0f:58:
7a:23:49:26:3a:9b:6d:17:dd:8b:5b:c5:49:a8:d0:6a:7d:da:
d3:9f:2c:94:28:ce:19:a1:d1:3f:ab:ab:ce:59:5f:75:a9:00:
b0:bc:a9:71:8a:48:63:fe:bf:82:56:a3:f9:40:4d:f2:93:48:
a9:a4:a5:85:d3:ca:04:dc:98:33:70:ab:40:12:db:66:42:e0:
d9:dc:24:b0:09:0e:53:40:8b:71:01:82:eb:f9:ec:99:f0:17:
d7:cf:73:b7:4c:14:25:51:89:07:3a:b3:b2:b3:d5:1c:b5:98:
06:7b:27:cb:dd:d5:4f:5c:c7:f7:7f:18:c8:67:a4:c5:ae:6d:
11:aa:87:d6
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHyIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDEw
MTM4MzFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDY1MDM5MzM5MkUzNkU2
MEJGODYzQjkxQjBFQ0YyOEM5REM1QzZFRkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD6ZqdcqXPhZaTPqUQtPqI8b25eVrnLZxaqNbTPUy4jbXFopCp5
+rLcpIGvqn+u2BTEaG/fQX5+MzaKMhEf0CFrkw5xqx9thyj7z0CWKcJ2h1xMSkW1
AuxB0TyB/tP8o9gaP6zS0HYwmduO/W1ViKIDTeUKUA9t+2MmvSTGKidqZKeXyQaQ
1J9f6RG9hrJ/yGdwk053A0V8Ji/8XCnJdJKwsklWglCle13kBo8qkKx70siD/hUc
79/EQRLFnfXcFEO9Rul+3zHA/DE/zEv7b6cwAhjotmsSIl+EORoCnoYZu73ycQkk
gNS8+Oksqw6Lvtr8FQ9hy5y8LGxivRSRSRPhAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUZQOTOS425gv4Y7kbDs8oydxcbvwwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvWlFPVE9TNDI1Z3Y0
WTdrYkRzOG95ZHhjYnZ3LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAJCPSTg9XgAeJFm4ir/Q4BDYLs1d
JSHzhuqgCrvEe+wypzF0i4M+deJOoLtabCALpa+MEMEuNj9X2G/E6nHie/sMvokD
Q6QadfbyPsNL+bEbrsEgXJDyT+cCVjxuCrxBYxy3fPTlqmF3J9qvJxGrQotmK3qd
YA21Qxlz2fsPWHojSSY6m20X3YtbxUmo0Gp92tOfLJQozhmh0T+rq85ZX3WpALC8
qXGKSGP+v4JWo/lATfKTSKmkpYXTygTcmDNwq0AS22ZC4NncJLAJDlNAi3EBguv5
7JnwF9fPc7dMFCVRiQc6s7Kz1Ry1mAZ7J8vd1U9cx/d/GMhnpMWubRGqh9Y=
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:22:13 2025 by rpki-client