Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/dXhqX_0P3JNfl3w9_RwICct8qBM.roa
File: dXhqX_0P3JNfl3w9_RwICct8qBM.roa (raw, json)
Hash identifier: IsV0Py21Ad5S8U38n3w5X+qMVoTGwjEP7ArtoTdieyk=
Subject key identifier: 75:78:6A:5F:FD:0F:DC:93:5F:97:7C:3D:FD:1C:08:09:CB:7C:A8:13
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2616
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/dXhqX_0P3JNfl3w9_RwICct8qBM.roa
Signing time: Fri 13 Jun 2025 10:09:15 +0000
ROA not before: Fri 13 Jun 2025 10:09:15 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9750 (0x2616)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 10:09:15 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=75786A5FFD0FDC935F977C3DFD1C0809CB7CA813
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:52:41:49:01:89:8b:10:8f:b8:ae:d1:e7:3c:
09:c5:5e:8a:32:9c:dc:f1:da:89:b1:55:f6:d0:3c:
2b:4f:60:29:79:cd:c5:b6:7d:02:53:6e:d6:f0:a6:
1b:64:47:2a:2a:21:66:6b:3c:ef:82:ec:61:8f:7d:
f8:b9:ce:e0:d5:cc:8a:7a:ef:78:09:67:2c:19:2b:
57:4c:67:b2:17:81:08:55:82:3b:81:dd:1d:d2:d4:
5c:0e:e4:0a:91:d5:ad:75:e3:2b:14:8a:32:d1:27:
ff:dc:c6:2b:47:04:55:7e:95:4c:e6:2f:f6:06:97:
fd:96:cb:ce:fe:b8:85:0d:43:61:78:95:f3:b8:48:
a8:21:62:5c:cc:63:0b:86:95:3c:2a:a6:48:b8:49:
d5:af:ed:b4:6d:93:24:c5:83:43:91:10:51:2d:bc:
67:81:46:4f:78:d7:d6:38:0d:f9:f0:4a:65:3d:51:
e4:73:67:e8:83:60:cc:96:28:74:73:10:a4:01:ce:
52:0c:4f:0b:7f:a4:ee:28:9f:ef:fb:a4:fd:31:ec:
0e:00:35:a7:d4:b0:54:4f:7c:9c:4c:d9:c8:d3:ba:
ad:f9:ee:fd:25:a6:e2:75:71:a6:75:5d:e2:f8:49:
53:1b:d6:4c:fa:d6:34:b0:48:2b:00:dd:8c:bd:c7:
cc:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:78:6A:5F:FD:0F:DC:93:5F:97:7C:3D:FD:1C:08:09:CB:7C:A8:13
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/dXhqX_0P3JNfl3w9_RwICct8qBM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
7b:29:bd:52:6e:d9:e2:be:08:aa:86:f3:da:ce:79:62:54:f6:
87:50:3b:41:e5:06:4e:f2:6f:3d:6d:18:b5:39:f0:75:26:4c:
d0:12:70:fa:81:45:50:bd:04:dd:83:ca:59:97:7a:79:b2:4b:
37:7e:23:f8:4b:ae:31:b0:51:bb:f2:46:b8:0b:27:c9:f4:0f:
56:2f:5d:58:25:82:de:19:07:82:1f:18:9a:79:2e:07:3a:6a:
49:75:7e:8b:b8:cb:51:91:f6:29:59:f8:49:ad:2b:64:f3:a7:
27:d6:74:fc:52:86:8e:0a:5c:d0:1d:a2:10:cb:98:d6:fd:c4:
4c:73:b4:97:50:09:6a:b9:3d:d3:e3:45:a7:e9:dd:d1:6d:9a:
80:60:03:0e:06:70:f9:c9:ae:9f:e6:cb:33:ba:a4:8b:e0:45:
7f:59:52:c9:a3:35:5c:6d:7d:32:22:19:83:85:9c:48:a6:54:
14:cc:c6:00:16:cc:1c:f6:25:f1:2b:2e:99:fa:be:5c:a7:0d:
7f:88:9a:5e:84:bd:fa:b3:28:3c:e6:ed:20:54:07:76:55:7a:
f6:9d:17:9f:3d:cc:6b:64:74:4a:7c:c1:1f:a6:a2:ab:35:a6:
41:c4:0f:33:59:39:17:f2:40:6b:ed:cb:2e:35:fb:d3:85:07:
d4:8b:79:a2
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJhYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMx
MDA5MTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDc1Nzg2QTVGRkQwRkRD
OTM1Rjk3N0MzREZEMUMwODA5Q0I3Q0E4MTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDvUkFJAYmLEI+4rtHnPAnFXooynNzx2omxVfbQPCtPYCl5zcW2
fQJTbtbwphtkRyoqIWZrPO+C7GGPffi5zuDVzIp673gJZywZK1dMZ7IXgQhVgjuB
3R3S1FwO5AqR1a114ysUijLRJ//cxitHBFV+lUzmL/YGl/2Wy87+uIUNQ2F4lfO4
SKghYlzMYwuGlTwqpki4SdWv7bRtkyTFg0OREFEtvGeBRk9419Y4DfnwSmU9UeRz
Z+iDYMyWKHRzEKQBzlIMTwt/pO4on+/7pP0x7A4ANafUsFRPfJxM2cjTuq357v0l
puJ1caZ1XeL4SVMb1kz61jSwSCsA3Yy9x8wbAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUdXhqX/0P3JNfl3w9/RwICct8qBMwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvZFhocVhfMFAzSk5m
bDN3OV9Sd0lDY3Q4cUJNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAHspvVJu2eK+CKqG89rOeWJU9odQ
O0HlBk7ybz1tGLU58HUmTNAScPqBRVC9BN2DylmXenmySzd+I/hLrjGwUbvyRrgL
J8n0D1YvXVglgt4ZB4IfGJp5Lgc6akl1fou4y1GR9ilZ+EmtK2TzpyfWdPxSho4K
XNAdohDLmNb9xExztJdQCWq5PdPjRafp3dFtmoBgAw4GcPnJrp/myzO6pIvgRX9Z
UsmjNVxtfTIiGYOFnEimVBTMxgAWzBz2JfErLpn6vlynDX+Iml6EvfqzKDzm7SBU
B3ZVevadF589zGtkdEp8wR+moqs1pkHEDzNZORfyQGvtyy41+9OFB9SLeaI=
-----END CERTIFICATE-----
Generated at Sat Jun 21 02:39:38 2025 by rpki-client