Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/dOeXrwsLkYmXGCe0rDGYrpBFVmQ.roa
File: dOeXrwsLkYmXGCe0rDGYrpBFVmQ.roa (raw, json)
Hash identifier: 91YipvBIMJi5IR+YMduxqbC0h3diEzSwYH1tV1H1LYA=
Subject key identifier: 74:E7:97:AF:0B:0B:91:89:97:18:27:B4:AC:31:98:AE:90:45:56:64
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2189
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/dOeXrwsLkYmXGCe0rDGYrpBFVmQ.roa
Signing time: Thu 05 Jun 2025 08:08:43 +0000
ROA not before: Thu 05 Jun 2025 08:08:43 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8585 (0x2189)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 5 08:08:43 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=74E797AF0B0B9189971827B4AC3198AE90455664
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:71:5d:98:d3:60:09:cb:20:d1:00:de:24:04:
be:34:e0:52:90:cb:bf:7d:6e:22:af:1b:8f:e8:2c:
86:6b:45:ad:31:d1:c6:86:28:0f:81:6d:22:0a:76:
b7:a2:42:c1:fa:d5:04:74:6b:93:fd:e5:92:86:6d:
0b:aa:ac:67:80:61:1e:2f:9e:1a:28:cd:52:65:7e:
ce:75:78:57:f1:ce:5e:e2:34:58:91:0b:c0:56:a1:
3c:12:ba:8f:20:14:e9:d3:08:65:6f:f4:ba:ba:08:
97:33:c0:bd:34:c7:f6:4d:34:aa:a0:81:8c:9e:69:
3b:d1:d8:cd:d5:72:f0:ad:30:28:c9:52:38:3a:a0:
5e:38:28:72:84:7c:d7:dc:d1:78:18:ff:48:23:44:
52:67:1a:60:78:c4:09:aa:90:94:fc:44:e0:fe:c0:
9b:78:36:13:c4:a2:8b:13:6c:49:25:e6:71:c3:ec:
1a:71:35:f5:d9:08:89:e5:fc:95:df:be:66:fb:94:
33:38:17:81:e7:b0:63:c8:43:7b:ee:3f:39:0a:c4:
c8:9e:ca:ec:a2:4f:ae:4c:f8:b1:94:d3:1c:2e:26:
32:8e:de:d9:cd:68:16:88:33:0b:3e:d1:16:a0:c4:
7c:3e:7f:fa:33:36:78:10:08:79:ed:7e:b2:81:ef:
c0:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:E7:97:AF:0B:0B:91:89:97:18:27:B4:AC:31:98:AE:90:45:56:64
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/dOeXrwsLkYmXGCe0rDGYrpBFVmQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
12:49:71:97:cf:1b:cd:ea:ce:24:3a:50:d7:d6:b1:d6:a7:89:
2d:26:b4:02:bb:89:37:86:68:50:85:2d:8c:c2:e1:cd:13:11:
4a:39:0a:15:c3:f5:9f:9f:d9:1c:67:a3:87:9b:26:c9:cd:23:
ed:12:08:4c:da:10:d0:bd:2b:b1:03:86:50:ba:12:84:aa:7d:
31:cc:43:4e:3d:56:a8:41:61:19:dd:ce:55:19:2a:66:d8:1d:
97:e9:88:32:69:3a:a4:c7:a9:3e:88:a8:51:21:fd:2f:1f:9e:
f6:35:c0:79:e3:34:3d:b1:31:bb:e8:4d:af:cb:f4:d4:ed:81:
f1:be:f6:36:49:75:39:e3:80:55:47:61:6c:58:25:7e:e3:16:
62:92:1e:d3:b4:63:e9:73:a6:e6:9c:ce:89:b5:af:32:17:b0:
28:dc:02:37:4c:ec:82:31:64:47:0d:49:09:62:c2:7c:bb:02:
52:d2:e2:86:cd:95:c7:8e:71:4a:91:24:1a:04:16:9b:01:91:
99:b2:7c:bb:db:a1:21:d3:e0:05:b6:50:41:98:50:60:52:b1:
6e:bd:4e:77:fd:e6:5a:6f:be:15:ea:f9:94:ca:7b:5b:ef:88:
d5:96:0e:c7:b7:54:6a:85:b9:fd:3f:1a:53:76:e6:ed:fb:8b:
b8:e1:16:a4
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIYkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDUw
ODA4NDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDc0RTc5N0FGMEIwQjkx
ODk5NzE4MjdCNEFDMzE5OEFFOTA0NTU2NjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6cV2Y02AJyyDRAN4kBL404FKQy799biKvG4/oLIZrRa0x0caG
KA+BbSIKdreiQsH61QR0a5P95ZKGbQuqrGeAYR4vnhoozVJlfs51eFfxzl7iNFiR
C8BWoTwSuo8gFOnTCGVv9Lq6CJczwL00x/ZNNKqggYyeaTvR2M3VcvCtMCjJUjg6
oF44KHKEfNfc0XgY/0gjRFJnGmB4xAmqkJT8ROD+wJt4NhPEoosTbEkl5nHD7Bpx
NfXZCInl/JXfvmb7lDM4F4HnsGPIQ3vuPzkKxMieyuyiT65M+LGU0xwuJjKO3tnN
aBaIMws+0RagxHw+f/ozNngQCHntfrKB78CNAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUdOeXrwsLkYmXGCe0rDGYrpBFVmQwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvZE9lWHJ3c0xrWW1Y
R0NlMHJER1lycEJGVm1RLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABJJcZfPG83qziQ6UNfWsdaniS0m
tAK7iTeGaFCFLYzC4c0TEUo5ChXD9Z+f2Rxno4ebJsnNI+0SCEzaENC9K7EDhlC6
EoSqfTHMQ049VqhBYRndzlUZKmbYHZfpiDJpOqTHqT6IqFEh/S8fnvY1wHnjND2x
MbvoTa/L9NTtgfG+9jZJdTnjgFVHYWxYJX7jFmKSHtO0Y+lzpuaczom1rzIXsCjc
AjdM7IIxZEcNSQliwny7AlLS4obNlceOcUqRJBoEFpsBkZmyfLvboSHT4AW2UEGY
UGBSsW69Tnf95lpvvhXq+ZTKe1vviNWWDse3VGqFuf0/GlN25u37i7jhFqQ=
-----END CERTIFICATE-----
Generated at Sun Jun 22 00:23:58 2025 by rpki-client