Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/r4zDN86AOyYJO5G98wH3oRxXJCM.roa
File: r4zDN86AOyYJO5G98wH3oRxXJCM.roa (raw, json)
Hash identifier: a4KF/doWIWoV7ahCpnMTieuC9FGQALUa7yBhHyKEY7g=
Subject key identifier: AF:8C:C3:37:CE:80:3B:26:09:3B:91:BD:F3:01:F7:A1:1C:57:24:23
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 22EE
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/r4zDN86AOyYJO5G98wH3oRxXJCM.roa
Signing time: Sat 07 Jun 2025 19:38:53 +0000
ROA not before: Sat 07 Jun 2025 19:38:53 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8942 (0x22ee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 7 19:38:53 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=AF8CC337CE803B26093B91BDF301F7A11C572423
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:07:d9:f9:31:9c:53:93:01:1c:6c:04:d8:8a:
54:7c:8a:84:b3:24:e4:42:69:56:58:9b:83:fa:57:
a0:79:25:75:9a:1e:e5:d9:b4:e6:3d:ef:45:bf:b8:
30:d9:e8:47:05:ee:ca:89:a7:74:63:6e:b3:95:a5:
39:f3:ef:39:d8:fe:e5:af:ed:8c:45:9e:dc:c0:2d:
5d:f5:fe:58:aa:2f:4b:ee:08:c5:e7:80:eb:24:3d:
fc:50:59:1a:5e:c8:a5:cd:6c:c6:39:46:e5:75:cb:
af:62:9a:43:fc:8c:1f:bf:1b:3b:c8:cb:ca:ea:79:
e6:6c:01:2e:cf:e3:7e:8c:b1:3e:b9:19:68:06:2b:
e6:66:0f:11:2f:40:3a:8a:36:20:28:c1:7f:48:6b:
16:87:75:6b:8a:0a:c3:32:6f:72:a1:25:c0:7c:11:
0e:92:ea:d5:01:48:95:3a:a7:6a:7a:70:9b:7f:39:
dc:74:51:d1:aa:eb:44:85:66:c5:72:55:c2:31:65:
05:3f:22:d8:53:6d:f1:cc:e6:7f:bb:41:b8:87:59:
d4:d8:f6:71:5c:20:3a:57:0a:60:d4:82:59:a9:09:
53:34:7a:7f:d5:32:67:4b:48:33:fe:23:db:c5:6b:
d9:01:2d:86:25:3c:59:8a:c5:72:30:08:d6:ce:69:
5b:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:8C:C3:37:CE:80:3B:26:09:3B:91:BD:F3:01:F7:A1:1C:57:24:23
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/r4zDN86AOyYJO5G98wH3oRxXJCM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
16:8e:d8:77:a8:42:8f:56:1f:e3:bc:a9:28:27:9f:fe:64:a6:
21:34:c2:4e:ca:1f:25:d8:91:49:79:59:fa:c4:51:ae:ab:06:
ca:84:ca:f9:97:ec:2a:4e:95:6b:d1:a0:f4:8e:81:20:d4:ae:
f1:48:78:fb:6e:51:1c:80:f7:b3:c8:a4:f6:98:51:1f:23:71:
4b:b7:54:7c:a5:9d:a5:49:00:a0:9e:4f:13:6a:9f:ae:af:45:
ab:7f:40:cf:d2:e1:1c:59:7a:a4:39:46:57:0e:59:be:8c:7d:
8d:21:b4:55:c8:83:93:80:75:dc:e8:b4:71:e5:00:4a:8a:bc:
b0:78:fb:18:6e:17:2d:ab:c6:8b:e6:2c:0d:b4:79:9b:94:fb:
ae:bb:bc:0f:3b:6a:c9:49:9d:43:36:7b:ff:70:fb:c6:a0:c0:
89:9f:01:f6:1f:f2:fa:3a:d2:5c:2d:12:43:23:e2:f1:3f:fa:
cb:8b:b6:d4:e8:b9:bb:72:a9:f4:3d:9b:75:c9:43:6c:e0:54:
66:d2:94:97:6f:e0:f0:4a:3d:b0:fd:76:f3:e9:7e:5e:c0:c4:
3d:95:81:b3:ce:97:5f:5e:75:cb:06:70:a2:be:ca:11:a9:ed:
8f:a8:b4:f7:3d:b5:20:fa:70:df:73:42:92:88:3a:4d:bc:ca:
4c:94:41:18
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIu4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDcx
OTM4NTNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFGOENDMzM3Q0U4MDNC
MjYwOTNCOTFCREYzMDFGN0ExMUM1NzI0MjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD0B9n5MZxTkwEcbATYilR8ioSzJORCaVZYm4P6V6B5JXWaHuXZ
tOY970W/uDDZ6EcF7sqJp3RjbrOVpTnz7znY/uWv7YxFntzALV31/liqL0vuCMXn
gOskPfxQWRpeyKXNbMY5RuV1y69imkP8jB+/GzvIy8rqeeZsAS7P436MsT65GWgG
K+ZmDxEvQDqKNiAowX9IaxaHdWuKCsMyb3KhJcB8EQ6S6tUBSJU6p2p6cJt/Odx0
UdGq60SFZsVyVcIxZQU/IthTbfHM5n+7QbiHWdTY9nFcIDpXCmDUglmpCVM0en/V
MmdLSDP+I9vFa9kBLYYlPFmKxXIwCNbOaVs3AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUr4zDN86AOyYJO5G98wH3oRxXJCMwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvcjR6RE44NkFPeVlK
TzVHOTh3SDNvUnhYSkNNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABaO2HeoQo9WH+O8qSgnn/5kpiE0
wk7KHyXYkUl5WfrEUa6rBsqEyvmX7CpOlWvRoPSOgSDUrvFIePtuURyA97PIpPaY
UR8jcUu3VHylnaVJAKCeTxNqn66vRat/QM/S4RxZeqQ5RlcOWb6MfY0htFXIg5OA
ddzotHHlAEqKvLB4+xhuFy2rxovmLA20eZuU+667vA87aslJnUM2e/9w+8agwImf
AfYf8vo60lwtEkMj4vE/+suLttToubtyqfQ9m3XJQ2zgVGbSlJdv4PBKPbD9dvPp
fl7AxD2VgbPOl19edcsGcKK+yhGp7Y+otPc9tSD6cN9zQpKIOk28ykyUQRg=
-----END CERTIFICATE-----
Generated at Sun Jun 15 09:26:47 2025 by rpki-client