Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/o-wGVcgX5vSPZEw-VhMRW0Kcna0.roa
File: o-wGVcgX5vSPZEw-VhMRW0Kcna0.roa (raw, json)
Hash identifier: WR21CVzc11Pl/nPEI9VevawCKqqGvZKxWtxaGf534/4=
Subject key identifier: A3:EC:06:55:C8:17:E6:F4:8F:64:4C:3E:56:13:11:5B:42:9C:9D:AD
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 22E5
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/o-wGVcgX5vSPZEw-VhMRW0Kcna0.roa
Signing time: Sat 07 Jun 2025 18:08:53 +0000
ROA not before: Sat 07 Jun 2025 18:08:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8933 (0x22e5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 7 18:08:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A3EC0655C817E6F48F644C3E5613115B429C9DAD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:cf:4d:9a:47:40:8b:6a:d8:71:dd:17:3b:b4:
17:b8:c2:bc:c3:06:93:68:db:32:94:0d:ca:7a:32:
23:b9:a1:90:33:10:da:b5:98:f6:5d:64:7c:29:d5:
1e:47:be:bb:74:8b:96:2d:4e:a6:fc:af:63:aa:41:
d5:4f:4d:56:20:b2:07:29:28:36:61:01:91:3c:03:
9a:63:1d:e7:7b:9a:76:c9:5c:81:75:c2:c7:10:ca:
5b:3d:3b:92:39:9c:3a:ba:fa:43:03:ed:b7:15:2c:
9a:21:fe:9f:ad:1b:29:34:11:5f:6f:a8:6d:4b:43:
34:1c:d0:fb:c0:20:7e:88:37:61:7d:c6:fd:e7:ea:
c1:a9:ef:21:44:a9:56:07:fe:1b:3a:4b:31:40:eb:
4f:96:ca:a4:f7:41:1f:d5:d2:cb:85:2b:e4:9b:da:
42:f6:7a:4f:24:4c:f2:fc:62:9e:ae:57:87:d1:e8:
49:df:a9:29:89:27:7a:05:bc:3a:b1:ff:b0:8c:8d:
38:48:0b:86:ec:5f:9e:ad:43:45:fc:1d:35:bc:14:
08:8b:f6:63:c3:72:4d:6f:35:fd:3b:fa:5a:a9:a0:
4f:4e:b4:7a:9a:ef:a6:10:86:c7:1b:9f:9b:16:56:
e1:8b:0a:be:7f:04:4f:66:a4:20:58:2b:6a:8d:63:
a6:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:EC:06:55:C8:17:E6:F4:8F:64:4C:3E:56:13:11:5B:42:9C:9D:AD
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/o-wGVcgX5vSPZEw-VhMRW0Kcna0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
94:4e:67:e9:b7:7f:8a:ec:9d:f4:e3:3f:70:83:e2:5f:1e:61:
fc:d9:bf:b2:39:1f:0f:5e:7a:eb:ed:8d:c3:96:b7:cf:58:7d:
41:15:84:14:6c:82:19:82:ec:c8:9b:d2:66:70:cb:da:7c:fc:
5c:a0:53:a9:d8:80:46:f3:a3:98:4b:49:54:7f:34:fd:82:ca:
c9:50:85:07:c3:69:db:a6:35:ee:aa:a3:2b:65:d6:3a:94:1f:
bc:b6:6a:84:8e:ee:0d:96:f5:90:c8:50:4f:ea:0f:88:0d:67:
24:88:eb:e5:f6:c1:e3:32:8a:02:8f:c2:76:d3:7c:92:3a:7c:
fa:8b:ff:d0:54:31:50:ce:9b:b6:0f:cd:68:ac:1e:a9:dc:14:
5c:45:d0:51:c2:fe:21:b3:b4:8d:6b:ef:ce:4c:4f:15:fe:96:
c9:49:8f:20:48:06:bd:8b:53:60:30:6d:c6:74:64:17:fc:79:
3b:95:05:9d:fe:8f:06:60:f0:9b:dc:a9:a4:8b:df:f3:0c:94:
4b:79:1f:b7:9d:b1:e1:2e:7f:b4:2b:14:50:96:1b:5e:e2:a7:
2a:63:c5:72:6e:4c:3a:00:3f:61:3e:18:73:e7:92:72:0f:60:
f5:ff:7f:19:af:d3:d0:09:24:b7:21:ba:34:2f:87:68:30:23:
74:97:93:e7
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIuUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDcx
ODA4NTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEEzRUMwNjU1QzgxN0U2
RjQ4RjY0NEMzRTU2MTMxMTVCNDI5QzlEQUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9z02aR0CLathx3Rc7tBe4wrzDBpNo2zKUDcp6MiO5oZAzENq1
mPZdZHwp1R5Hvrt0i5YtTqb8r2OqQdVPTVYgsgcpKDZhAZE8A5pjHed7mnbJXIF1
wscQyls9O5I5nDq6+kMD7bcVLJoh/p+tGyk0EV9vqG1LQzQc0PvAIH6IN2F9xv3n
6sGp7yFEqVYH/hs6SzFA60+WyqT3QR/V0suFK+Sb2kL2ek8kTPL8Yp6uV4fR6Enf
qSmJJ3oFvDqx/7CMjThIC4bsX56tQ0X8HTW8FAiL9mPDck1vNf07+lqpoE9OtHqa
76YQhscbn5sWVuGLCr5/BE9mpCBYK2qNY6anAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUo+wGVcgX5vSPZEw+VhMRW0Kcna0wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvby13R1ZjZ1g1dlNQ
WkV3LVZoTVJXMEtjbmEwLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAJROZ+m3f4rsnfTjP3CD4l8eYfzZ
v7I5Hw9eeuvtjcOWt89YfUEVhBRsghmC7Mib0mZwy9p8/FygU6nYgEbzo5hLSVR/
NP2CyslQhQfDadumNe6qoytl1jqUH7y2aoSO7g2W9ZDIUE/qD4gNZySI6+X2weMy
igKPwnbTfJI6fPqL/9BUMVDOm7YPzWisHqncFFxF0FHC/iGztI1r785MTxX+lslJ
jyBIBr2LU2AwbcZ0ZBf8eTuVBZ3+jwZg8JvcqaSL3/MMlEt5H7edseEuf7QrFFCW
G17ipypjxXJuTDoAP2E+GHPnknIPYPX/fxmv09AJJLchujQvh2gwI3SXk+c=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:58:37 2025 by rpki-client