Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/gsht9KRwNDgMKI008_RpUSHIr_w.roa
File: gsht9KRwNDgMKI008_RpUSHIr_w.roa (raw, json)
Hash identifier: Nnb4N3rw+6svKZPvdETqjdEJegFv6JEODtkjjcVmEdM=
Subject key identifier: 82:C8:6D:F4:A4:70:34:38:0C:28:8D:34:F3:F4:69:51:21:C8:AF:FC
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 266C
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/gsht9KRwNDgMKI008_RpUSHIr_w.roa
Signing time: Sat 14 Jun 2025 00:39:36 +0000
ROA not before: Sat 14 Jun 2025 00:39:36 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9836 (0x266c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 14 00:39:36 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=82C86DF4A47034380C288D34F3F4695121C8AFFC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:c8:32:c5:7b:f6:7f:74:4d:87:09:56:f7:5c:
b4:3c:64:26:54:ac:ce:a5:3d:ef:aa:63:f5:dc:a7:
43:92:6a:8f:9c:7b:40:57:10:a9:65:30:73:4a:e1:
da:47:5d:37:3e:32:0c:cd:06:da:64:46:e8:47:ad:
c6:12:e1:78:3b:8b:c8:a4:02:e9:26:e8:64:48:79:
cf:da:b6:42:80:e8:0f:8c:cc:86:5b:4c:3b:4d:f5:
60:97:c3:d6:ef:76:1c:e2:7f:4f:27:41:2b:eb:0e:
5e:2d:ba:29:4e:13:16:6e:05:41:88:f8:d3:59:1c:
06:0e:73:31:c6:9d:0f:8f:94:db:e5:16:b2:97:7c:
c6:48:03:b6:8d:28:68:f0:0f:d0:75:c9:61:32:9f:
f8:c7:b9:2a:c2:d3:1c:14:27:aa:17:7b:9d:02:0c:
70:8d:0e:2f:f4:45:35:49:64:aa:c6:ef:38:c2:2a:
41:e9:d0:31:74:2b:cb:24:f1:7c:d4:10:88:3a:ca:
c7:b5:a0:1e:53:2e:70:6f:ce:1a:33:ed:3a:3c:62:
40:dd:1c:31:32:39:3e:95:a9:e7:dc:36:4c:d8:7d:
ba:9a:4a:9b:9d:8f:99:49:60:24:ee:bd:8b:61:d6:
f7:37:91:b0:82:c9:56:60:f8:69:d9:55:74:5b:da:
0f:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:C8:6D:F4:A4:70:34:38:0C:28:8D:34:F3:F4:69:51:21:C8:AF:FC
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/gsht9KRwNDgMKI008_RpUSHIr_w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
30:f4:de:c0:36:2c:af:3c:3b:cc:40:32:ce:66:71:95:b0:bb:
71:0c:5b:2c:6d:e9:79:89:3b:bb:65:62:b0:db:cc:c1:cc:77:
76:da:03:55:a3:9a:75:50:fa:40:5b:ac:f5:ef:8a:4a:90:a1:
0a:91:92:ca:49:94:34:26:fa:44:85:1e:9d:aa:cd:76:de:ae:
2e:34:1c:5f:6f:25:49:9c:c9:c9:e3:22:70:c5:80:5c:af:90:
4e:1d:76:e7:b7:e4:61:49:08:65:db:2a:3e:70:47:e5:64:18:
e7:9f:c1:6f:4c:78:35:a2:8f:88:24:07:9d:61:11:a0:12:fa:
36:c3:c7:2d:fb:07:ba:55:0c:df:9a:51:fa:c8:ed:a5:0f:1c:
56:ca:4b:1a:84:73:e9:05:f7:f6:1a:bc:d4:33:7d:6f:75:d4:
ac:63:7f:0c:a0:5d:89:53:af:f8:70:c1:91:52:44:0c:d9:af:
0d:26:0b:d0:5a:df:d9:e0:7a:0a:e5:a2:2a:25:38:26:03:f5:
93:67:81:99:74:bc:b1:44:8c:76:d6:56:c0:36:c7:08:0d:bb:
d5:35:84:71:84:14:a4:9a:4a:14:45:06:4f:8e:c1:48:00:45:
2b:96:c7:31:f4:68:12:c8:96:ca:aa:54:e3:5a:4a:a9:6e:10:
f1:e1:af:96
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJmwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTQw
MDM5MzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDgyQzg2REY0QTQ3MDM0
MzgwQzI4OEQzNEYzRjQ2OTUxMjFDOEFGRkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4yDLFe/Z/dE2HCVb3XLQ8ZCZUrM6lPe+qY/Xcp0OSao+ce0BX
EKllMHNK4dpHXTc+MgzNBtpkRuhHrcYS4Xg7i8ikAukm6GRIec/atkKA6A+MzIZb
TDtN9WCXw9bvdhzif08nQSvrDl4tuilOExZuBUGI+NNZHAYOczHGnQ+PlNvlFrKX
fMZIA7aNKGjwD9B1yWEyn/jHuSrC0xwUJ6oXe50CDHCNDi/0RTVJZKrG7zjCKkHp
0DF0K8sk8XzUEIg6yse1oB5TLnBvzhoz7To8YkDdHDEyOT6VqefcNkzYfbqaSpud
j5lJYCTuvYth1vc3kbCCyVZg+GnZVXRb2g9dAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUgsht9KRwNDgMKI008/RpUSHIr/wwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvZ3NodDlLUndORGdN
S0kwMDhfUnBVU0hJcl93LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBADD03sA2LK88O8xAMs5mcZWwu3EM
Wyxt6XmJO7tlYrDbzMHMd3baA1WjmnVQ+kBbrPXvikqQoQqRkspJlDQm+kSFHp2q
zXberi40HF9vJUmcycnjInDFgFyvkE4ddue35GFJCGXbKj5wR+VkGOefwW9MeDWi
j4gkB51hEaAS+jbDxy37B7pVDN+aUfrI7aUPHFbKSxqEc+kF9/YavNQzfW911Kxj
fwygXYlTr/hwwZFSRAzZrw0mC9Ba39ngegrloiolOCYD9ZNngZl0vLFEjHbWVsA2
xwgNu9U1hHGEFKSaShRFBk+OwUgARSuWxzH0aBLIlsqqVONaSqluEPHhr5Y=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:13:37 2025 by rpki-client