Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/m0H0IMohH3V1A_Nu3CgTZGJZfjs.roa
File: m0H0IMohH3V1A_Nu3CgTZGJZfjs.roa (raw, json)
Hash identifier: quXbM9XjK/0K3bPsEiC3f8jbYnSrX78ZICxGdtQ9+gQ=
Subject key identifier: 9B:41:F4:20:CA:21:1F:75:75:03:F3:6E:DC:28:13:64:62:59:7E:3B
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1EFE
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/m0H0IMohH3V1A_Nu3CgTZGJZfjs.roa
Signing time: Sat 31 May 2025 19:38:36 +0000
ROA not before: Sat 31 May 2025 19:38:36 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7934 (0x1efe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 31 19:38:36 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=9B41F420CA211F757503F36EDC28136462597E3B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:94:84:e3:14:20:ce:4d:ef:b8:4a:f2:e0:79:
2c:53:25:ca:78:17:7d:c3:f3:49:dd:45:50:f4:56:
0a:6e:70:0b:c2:ce:12:29:88:c2:a9:ac:fa:b5:40:
87:b6:bd:00:f4:b3:fc:90:a2:35:87:6d:6e:03:c3:
ee:69:fd:fc:b9:25:02:88:0b:11:e8:ba:1b:50:a6:
08:8e:e8:e5:78:2e:95:27:a8:72:52:9e:03:b0:87:
e1:1d:34:6c:e5:a0:29:22:f8:e9:f9:13:69:40:77:
4f:49:3b:2b:e2:03:ed:b2:cf:02:4c:06:a1:f0:ff:
b4:8e:bd:2f:03:a0:f0:4e:19:ff:ae:90:5d:c9:4f:
ba:31:26:9f:33:27:d2:5f:88:f7:c5:eb:ee:54:b7:
be:f6:78:97:43:fd:e0:fc:4c:ee:96:f2:89:14:74:
02:c0:e8:b3:5c:8a:3e:f0:b7:0d:4d:c6:03:25:01:
44:ec:62:27:e6:5c:8e:ed:d8:c8:22:c1:e8:8b:98:
59:a3:51:aa:dc:10:ce:b8:04:40:40:9b:74:68:13:
39:4c:bd:2e:19:bf:9e:a0:14:9d:8a:ec:62:69:12:
71:10:af:6d:da:9c:a5:e9:13:d6:3e:17:7b:a7:fb:
98:82:41:2b:a5:49:eb:88:d2:13:62:29:1e:1d:4f:
6d:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:41:F4:20:CA:21:1F:75:75:03:F3:6E:DC:28:13:64:62:59:7E:3B
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/m0H0IMohH3V1A_Nu3CgTZGJZfjs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
2b:a8:88:88:90:7d:f2:1d:33:9c:da:55:09:ea:10:64:31:4f:
43:e9:ba:be:01:a6:2c:dc:92:e6:a5:d7:b9:db:29:13:71:52:
4a:f0:a4:c6:58:d0:61:08:15:cc:cd:7f:bb:16:19:85:98:ca:
39:f8:df:df:61:9c:ca:f6:7f:34:17:4d:4f:03:9b:8d:0c:34:
dc:13:08:74:bb:09:d6:b3:0c:cc:90:76:9b:ed:f2:4a:40:05:
84:c1:66:54:a4:15:7c:60:e3:53:27:82:4e:5d:65:fe:d1:90:
3b:1b:fc:80:74:7c:c7:22:26:88:df:d6:f5:c9:6e:43:05:66:
c0:bf:e0:54:16:b1:dc:1c:28:72:50:c3:ac:de:d6:c5:26:81:
29:93:03:c7:26:f2:d8:ee:66:16:f8:6c:0a:2a:f3:97:d3:71:
26:49:6b:23:86:a4:ab:62:d5:37:70:fc:24:50:bc:a5:28:9f:
5b:11:18:4e:97:0f:03:10:b2:1a:11:a9:5e:3d:05:b0:71:fd:
e4:1f:43:8b:1a:31:02:93:f3:16:e8:9d:04:07:85:e0:da:d4:
67:54:2c:79:74:32:a2:26:2a:9f:d9:6f:ab:71:60:70:a4:ff:
15:70:06:9a:0b:bd:2c:c7:cd:bb:8e:22:a0:a0:a2:08:cb:0d:
3a:6d:b8:f0
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHv4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MzEx
OTM4MzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDlCNDFGNDIwQ0EyMTFG
NzU3NTAzRjM2RURDMjgxMzY0NjI1OTdFM0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAlITjFCDOTe+4SvLgeSxTJcp4F33D80ndRVD0VgpucAvCzhIp
iMKprPq1QIe2vQD0s/yQojWHbW4Dw+5p/fy5JQKICxHouhtQpgiO6OV4LpUnqHJS
ngOwh+EdNGzloCki+On5E2lAd09JOyviA+2yzwJMBqHw/7SOvS8DoPBOGf+ukF3J
T7oxJp8zJ9JfiPfF6+5Ut772eJdD/eD8TO6W8okUdALA6LNcij7wtw1NxgMlAUTs
YifmXI7t2MgiweiLmFmjUarcEM64BEBAm3RoEzlMvS4Zv56gFJ2K7GJpEnEQr23a
nKXpE9Y+F3un+5iCQSulSeuI0hNiKR4dT21PAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUm0H0IMohH3V1A/Nu3CgTZGJZfjswHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvbTBIMElNb2hIM1Yx
QV9OdTNDZ1RaR0paZmpzLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBACuoiIiQffIdM5zaVQnqEGQxT0Pp
ur4Bpizckual17nbKRNxUkrwpMZY0GEIFczNf7sWGYWYyjn4399hnMr2fzQXTU8D
m40MNNwTCHS7CdazDMyQdpvt8kpABYTBZlSkFXxg41Mngk5dZf7RkDsb/IB0fMci
Jojf1vXJbkMFZsC/4FQWsdwcKHJQw6ze1sUmgSmTA8cm8tjuZhb4bAoq85fTcSZJ
ayOGpKti1Tdw/CRQvKUon1sRGE6XDwMQshoRqV49BbBx/eQfQ4saMQKT8xbonQQH
heDa1GdULHl0MqImKp/Zb6txYHCk/xVwBpoLvSzHzbuOIqCgogjLDTptuPA=
-----END CERTIFICATE-----
Generated at Sun Jun 15 09:17:30 2025 by rpki-client