Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/deo9IMA0gmkjYADwbBywm47lS9U.roa
File: deo9IMA0gmkjYADwbBywm47lS9U.roa (raw, json)
Hash identifier: 3RDD3+f24Cc1ZqZFrzhUwxw8xMAL9/IctHLAuI7C9Y8=
Subject key identifier: 75:EA:3D:20:C0:34:82:69:23:60:00:F0:6C:1C:B0:9B:8E:E5:4B:D5
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2406
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/deo9IMA0gmkjYADwbBywm47lS9U.roa
Signing time: Mon 09 Jun 2025 18:09:01 +0000
ROA not before: Mon 09 Jun 2025 18:09:01 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9222 (0x2406)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 9 18:09:01 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=75EA3D20C0348269236000F06C1CB09B8EE54BD5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:7b:cc:75:d4:c7:8a:56:60:4e:de:87:ad:82:
32:d5:64:3c:80:35:69:90:bc:4b:7b:e2:f2:b8:55:
c4:74:26:af:a7:01:54:45:b8:03:68:bf:a8:1d:9e:
31:e3:4f:b7:7f:d8:40:80:72:21:a4:a9:02:44:08:
41:df:01:b6:58:72:2a:a8:bc:64:0a:eb:ce:31:36:
7b:69:66:57:fa:39:d2:9e:eb:9d:11:6e:be:45:3a:
1a:7c:14:b2:7c:47:9b:c6:41:9c:d4:0c:ae:c0:ac:
2d:6d:e2:1c:2a:b0:5c:37:32:39:47:af:92:c5:08:
ff:01:b8:2a:ac:b1:b6:ba:9c:bc:23:19:0d:5e:5a:
f7:1c:bd:fd:cc:3a:2b:97:1a:67:bd:45:68:14:a8:
eb:8e:8b:dd:23:58:84:f1:f0:96:5a:8d:5f:7f:fb:
c1:eb:d2:e7:52:6e:3a:43:b7:00:51:97:66:83:5c:
b3:00:7b:07:4e:62:3c:f2:75:fe:3a:78:02:62:95:
c5:a9:64:e6:b5:5b:ae:34:d4:5e:1e:4b:89:92:cf:
4d:27:70:39:5f:36:4c:22:de:e6:de:df:bd:f0:3f:
e1:d3:80:e0:1e:dd:42:60:36:89:88:90:2a:d7:f1:
66:34:f6:27:b4:be:f3:30:3f:1a:e9:0d:f7:6e:55:
77:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:EA:3D:20:C0:34:82:69:23:60:00:F0:6C:1C:B0:9B:8E:E5:4B:D5
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/deo9IMA0gmkjYADwbBywm47lS9U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
03:42:a0:55:45:0f:1b:ff:20:4b:7d:04:ce:0f:fc:f6:98:b0:
02:aa:fc:f0:d8:81:2f:0d:4f:49:b0:ee:ab:ee:35:4a:3d:0d:
d0:75:47:a7:04:87:e8:8e:19:0f:cd:26:5b:ea:37:e9:47:de:
aa:a7:9e:1e:0a:07:7a:99:b8:e8:57:2f:fd:49:6d:50:ae:81:
16:19:7e:01:05:06:0d:71:91:6b:f4:46:35:40:85:8e:41:38:
e5:6a:c7:0c:d8:86:7b:46:31:d6:c1:0e:89:3d:36:c3:18:ce:
d0:7d:13:8f:71:91:da:af:e2:c0:e0:ed:8a:3b:72:03:e4:26:
3d:8c:ae:c1:14:b2:26:f8:83:ca:31:f6:d2:2b:11:18:a0:50:
53:47:99:92:a9:9a:1d:15:3a:82:a5:20:55:e5:aa:e2:b8:a0:
62:34:c3:e5:36:da:8e:bf:96:3b:ac:fd:1d:70:a6:01:8b:76:
68:f5:51:9c:4f:95:79:f9:58:91:ed:bf:76:c9:92:3d:2f:f9:
15:8b:d4:02:c3:8f:7f:0a:60:69:03:10:36:4b:4e:38:05:de:
a9:89:92:21:58:06:4c:1b:e5:c6:fc:03:11:a3:3d:01:86:f6:
ea:38:88:a0:08:f3:01:2a:36:39:48:71:29:31:eb:51:8b:d0:
21:14:7a:b5
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJAYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDkx
ODA5MDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDc1RUEzRDIwQzAzNDgy
NjkyMzYwMDBGMDZDMUNCMDlCOEVFNTRCRDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCse8x11MeKVmBO3oetgjLVZDyANWmQvEt74vK4VcR0Jq+nAVRF
uANov6gdnjHjT7d/2ECAciGkqQJECEHfAbZYciqovGQK684xNntpZlf6OdKe650R
br5FOhp8FLJ8R5vGQZzUDK7ArC1t4hwqsFw3MjlHr5LFCP8BuCqssba6nLwjGQ1e
Wvccvf3MOiuXGme9RWgUqOuOi90jWITx8JZajV9/+8Hr0udSbjpDtwBRl2aDXLMA
ewdOYjzydf46eAJilcWpZOa1W6401F4eS4mSz00ncDlfNkwi3ube373wP+HTgOAe
3UJgNomIkCrX8WY09ie0vvMwPxrpDfduVXfbAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUdeo9IMA0gmkjYADwbBywm47lS9UwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvZGVvOUlNQTBnbWtq
WUFEd2JCeXdtNDdsUzlVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAANCoFVFDxv/IEt9BM4P/PaYsAKq
/PDYgS8NT0mw7qvuNUo9DdB1R6cEh+iOGQ/NJlvqN+lH3qqnnh4KB3qZuOhXL/1J
bVCugRYZfgEFBg1xkWv0RjVAhY5BOOVqxwzYhntGMdbBDok9NsMYztB9E49xkdqv
4sDg7Yo7cgPkJj2MrsEUsib4g8ox9tIrERigUFNHmZKpmh0VOoKlIFXlquK4oGI0
w+U22o6/ljus/R1wpgGLdmj1UZxPlXn5WJHtv3bJkj0v+RWL1ALDj38KYGkDEDZL
TjgF3qmJkiFYBkwb5cb8AxGjPQGG9uo4iKAI8wEqNjlIcSkx61GL0CEUerU=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:34:14 2025 by rpki-client