Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/g3C9FJ_2_NJj8IcIifuTeQkQmjY.roa
File: g3C9FJ_2_NJj8IcIifuTeQkQmjY.roa (raw, json)
Hash identifier: lT026fX8KnghJ7L1NgKPTRTxrMxsrzI0kGveuq4X7hA=
Subject key identifier: 83:70:BD:14:9F:F6:FC:D2:63:F0:87:08:89:FB:93:79:09:10:9A:36
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1C44
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/g3C9FJ_2_NJj8IcIifuTeQkQmjY.roa
Signing time: Mon 26 May 2025 23:08:08 +0000
ROA not before: Mon 26 May 2025 23:08:08 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7236 (0x1c44)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 26 23:08:08 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=8370BD149FF6FCD263F0870889FB937909109A36
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:4f:d2:22:b9:cc:d6:46:35:87:ef:cf:96:1e:
1d:e6:e0:9a:79:8c:96:97:74:d5:9b:ff:a6:3b:d1:
9a:1b:66:c7:8f:e2:12:f0:ab:f5:da:16:ef:d7:9d:
e0:96:ad:e8:cc:91:05:c2:39:88:71:b5:e9:12:cd:
55:7d:91:7f:9d:ca:10:80:89:e0:56:4a:fb:6f:22:
3d:06:8c:cb:f3:82:83:4c:95:79:4c:6a:31:cf:e6:
5d:06:71:01:0d:9c:a6:50:43:f5:ad:3e:cc:89:9f:
35:99:14:a2:ec:33:16:b2:42:17:ae:fd:cf:58:f4:
90:2e:ef:fe:05:7a:76:fd:95:ee:05:97:ba:c1:01:
6c:04:e8:a8:06:ca:c1:77:dc:5b:90:77:29:99:c3:
cf:61:91:a2:c0:4c:5f:a6:e9:87:e2:12:28:5a:b1:
35:7d:c6:c9:5e:e1:fe:b4:31:48:78:4c:5c:10:91:
e0:a2:3a:15:99:13:d3:86:14:bc:c7:1f:41:d2:e0:
32:13:81:f0:55:4b:cd:62:30:c3:79:f3:3d:e4:81:
8b:8e:53:5a:f5:8e:4f:8b:7b:76:20:98:59:3c:b1:
0e:0c:1f:72:bd:e9:1f:4d:c9:2b:20:4f:8e:f5:7e:
a0:35:e3:49:d8:a4:41:2f:f4:67:c5:02:0d:66:3c:
77:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:70:BD:14:9F:F6:FC:D2:63:F0:87:08:89:FB:93:79:09:10:9A:36
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/g3C9FJ_2_NJj8IcIifuTeQkQmjY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
48:09:9e:3f:3c:68:a3:7d:28:0d:f9:7d:f7:1e:ed:dd:6c:5c:
ee:38:d4:49:3a:93:d6:70:c0:1e:df:48:69:f5:4b:a0:52:b4:
1b:68:c1:92:6c:1c:c8:4a:e1:b8:c5:c4:3f:fb:80:28:e3:f8:
d3:f5:88:2e:3c:81:31:e4:5e:c7:a3:94:32:bc:8f:2a:ee:f1:
c8:21:b5:5f:b1:a5:7c:49:c2:21:2c:33:e7:9d:ad:fb:75:9a:
71:d0:fd:90:99:77:da:52:42:63:46:70:66:5f:80:fa:da:20:
90:54:90:0a:e0:e4:5f:e1:05:d6:01:cb:43:01:de:f4:92:e9:
51:c1:37:f8:95:9f:f6:f6:1b:78:e7:e4:d4:b3:7a:23:2b:60:
fe:d0:de:1f:8d:b8:59:8b:66:c5:ae:a5:1d:7e:0a:da:b0:af:
58:ca:cd:a8:60:5f:91:c7:75:6e:2a:7d:44:49:ae:0b:13:c1:
b1:94:83:41:d0:74:16:5a:97:a0:4a:75:f3:fb:24:6c:c6:b8:
ce:6c:c7:d8:d3:f6:d1:bb:4f:be:c2:9f:a8:6d:d5:c9:27:12:
cc:02:15:29:0c:6f:95:98:2d:7a:7f:b9:ea:d0:9c:e8:97:ff:
ea:65:6e:0c:10:cf:b9:6d:ee:70:d3:9b:8b:22:2d:fa:26:44:
16:05:d3:b1
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHEQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MjYy
MzA4MDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDgzNzBCRDE0OUZGNkZD
RDI2M0YwODcwODg5RkI5Mzc5MDkxMDlBMzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKT9IiuczWRjWH78+WHh3m4Jp5jJaXdNWb/6Y70ZobZseP4hLw
q/XaFu/XneCWrejMkQXCOYhxtekSzVV9kX+dyhCAieBWSvtvIj0GjMvzgoNMlXlM
ajHP5l0GcQENnKZQQ/WtPsyJnzWZFKLsMxayQheu/c9Y9JAu7/4Fenb9le4Fl7rB
AWwE6KgGysF33FuQdymZw89hkaLATF+m6YfiEihasTV9xsle4f60MUh4TFwQkeCi
OhWZE9OGFLzHH0HS4DITgfBVS81iMMN58z3kgYuOU1r1jk+Le3YgmFk8sQ4MH3K9
6R9NySsgT471fqA140nYpEEv9GfFAg1mPHexAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUg3C9FJ/2/NJj8IcIifuTeQkQmjYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvZzNDOUZKXzJfTkpq
OEljSWlmdVRlUWtRbWpZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAEgJnj88aKN9KA35ffce7d1sXO44
1Ek6k9ZwwB7fSGn1S6BStBtowZJsHMhK4bjFxD/7gCjj+NP1iC48gTHkXsejlDK8
jyru8cghtV+xpXxJwiEsM+edrft1mnHQ/ZCZd9pSQmNGcGZfgPraIJBUkArg5F/h
BdYBy0MB3vSS6VHBN/iVn/b2G3jn5NSzeiMrYP7Q3h+NuFmLZsWupR1+Ctqwr1jK
zahgX5HHdW4qfURJrgsTwbGUg0HQdBZal6BKdfP7JGzGuM5sx9jT9tG7T77Cn6ht
1cknEswCFSkMb5WYLXp/uerQnOiX/+plbgwQz7lt7nDTm4siLfomRBYF07E=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:37:45 2025 by rpki-client