Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/dh-amTD50BgisYf_yGsanJ6aCyM.roa
File: dh-amTD50BgisYf_yGsanJ6aCyM.roa (raw, json)
Hash identifier: J9Gt/L0NGQliTP6XNu/9tM0/vGckcDSJjzybmrACjUA=
Subject key identifier: 76:1F:9A:99:30:F9:D0:18:22:B1:87:FF:C8:6B:1A:9C:9E:9A:0B:23
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2069
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/dh-amTD50BgisYf_yGsanJ6aCyM.roa
Signing time: Tue 03 Jun 2025 08:08:38 +0000
ROA not before: Tue 03 Jun 2025 08:08:38 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8297 (0x2069)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 3 08:08:38 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=761F9A9930F9D01822B187FFC86B1A9C9E9A0B23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:04:0b:25:c3:dc:b8:1a:b8:c6:7e:20:e1:5e:
46:ef:8f:4a:e2:b2:80:76:6d:3b:d4:6a:37:ef:7c:
67:28:3b:b7:62:03:2d:d2:0f:8a:56:0f:2c:86:7f:
81:4c:90:2c:8b:d4:5e:32:93:b4:09:1e:19:96:6e:
ab:7d:4c:45:1a:0b:5c:e1:ef:22:8d:b3:42:96:99:
70:a8:38:ba:5f:b6:b3:22:17:e5:4f:b6:1b:20:fd:
eb:81:6c:00:71:ab:9c:09:cd:55:3d:ba:7d:0c:48:
a6:54:ed:6d:ef:7c:21:93:6d:75:8c:c9:de:d9:cf:
80:ac:76:b4:99:de:31:fd:07:ef:10:04:07:98:29:
bd:73:b1:bf:d1:4a:a3:54:b7:03:e7:f7:42:b2:d5:
2a:ee:b7:60:3c:6a:40:29:9e:7e:7a:fe:c2:7f:b6:
b4:8d:ac:08:6a:b4:46:af:8f:76:3a:d3:18:80:e9:
7f:25:f1:51:a3:b7:e3:00:8a:3b:e5:24:b0:57:e1:
32:0d:ee:26:7a:42:42:92:48:18:1d:d4:99:0d:00:
37:26:97:cd:9c:7f:16:fe:a2:95:43:ae:96:5b:b4:
27:1e:69:b7:1b:f4:23:13:3b:ff:71:b3:c4:d0:93:
a4:7d:e9:7a:ba:5f:3c:ce:71:a1:1e:e9:4f:e0:b0:
34:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:1F:9A:99:30:F9:D0:18:22:B1:87:FF:C8:6B:1A:9C:9E:9A:0B:23
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/dh-amTD50BgisYf_yGsanJ6aCyM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
c4:31:2d:f8:14:5c:db:16:ee:18:d8:6d:97:c7:cf:5a:7c:b1:
fb:08:06:b5:1f:4c:c8:f8:46:34:31:04:70:39:58:45:28:9e:
f5:54:f0:6e:f1:d4:17:a3:59:7f:75:01:8f:2e:8c:2f:0f:68:
a0:41:39:80:27:68:c9:80:b9:8c:d7:55:4e:6a:74:61:8b:cd:
af:04:aa:c7:60:58:c6:32:81:7b:b9:c9:03:b8:62:40:30:f1:
ca:69:ba:ce:6d:55:15:90:8e:6c:f9:fb:bd:05:92:4e:dd:8a:
11:d9:6a:1c:13:6f:37:05:4c:9c:a9:d4:30:4d:dc:f8:8c:de:
53:e4:01:d2:35:e3:19:2d:6d:0e:c3:cd:87:6b:24:40:29:65:
aa:01:a8:db:26:1c:42:2d:db:e1:cb:09:e5:28:34:d3:14:87:
c6:34:c5:99:59:8d:a2:fe:dd:02:cf:5f:59:6a:e2:56:17:0f:
7f:69:90:96:8d:73:1f:3b:68:f0:6b:b3:4d:5f:b9:8b:c5:bb:
ec:91:a4:e4:da:bb:4b:e7:3c:e7:7e:26:3c:93:f0:f3:e0:ce:
94:b8:6e:a1:6f:50:4f:7b:86:ff:fb:32:10:ca:d1:33:e7:02:
3d:72:1e:5e:c0:ef:7e:bf:f7:d1:76:13:b7:ad:02:84:7b:ba:
f3:a4:09:d7
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIGkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDMw
ODA4MzhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDc2MUY5QTk5MzBGOUQw
MTgyMkIxODdGRkM4NkIxQTlDOUU5QTBCMjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDABAslw9y4GrjGfiDhXkbvj0risoB2bTvUajfvfGcoO7diAy3S
D4pWDyyGf4FMkCyL1F4yk7QJHhmWbqt9TEUaC1zh7yKNs0KWmXCoOLpftrMiF+VP
thsg/euBbABxq5wJzVU9un0MSKZU7W3vfCGTbXWMyd7Zz4CsdrSZ3jH9B+8QBAeY
Kb1zsb/RSqNUtwPn90Ky1Srut2A8akApnn56/sJ/trSNrAhqtEavj3Y60xiA6X8l
8VGjt+MAijvlJLBX4TIN7iZ6QkKSSBgd1JkNADcml82cfxb+opVDrpZbtCceabcb
9CMTO/9xs8TQk6R96Xq6XzzOcaEe6U/gsDQPAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUdh+amTD50BgisYf/yGsanJ6aCyMwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvZGgtYW1URDUwQmdp
c1lmX3lHc2FuSjZhQ3lNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAMQxLfgUXNsW7hjYbZfHz1p8sfsI
BrUfTMj4RjQxBHA5WEUonvVU8G7x1BejWX91AY8ujC8PaKBBOYAnaMmAuYzXVU5q
dGGLza8EqsdgWMYygXu5yQO4YkAw8cppus5tVRWQjmz5+70Fkk7dihHZahwTbzcF
TJyp1DBN3PiM3lPkAdI14xktbQ7DzYdrJEApZaoBqNsmHEIt2+HLCeUoNNMUh8Y0
xZlZjaL+3QLPX1lq4lYXD39pkJaNcx87aPBrs01fuYvFu+yRpOTau0vnPOd+JjyT
8PPgzpS4bqFvUE97hv/7MhDK0TPnAj1yHl7A736/99F2E7etAoR7uvOkCdc=
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:34:41 2025 by rpki-client