Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/rnzHMR3DqH2Fwh4Ir1HUyQQaeaY.roa
File: rnzHMR3DqH2Fwh4Ir1HUyQQaeaY.roa (raw, json)
Hash identifier: zrZgcyUdKQ7S3qlCuXLZp5sL5ZCpMEC16RjIB69TqRE=
Subject key identifier: AE:7C:C7:31:1D:C3:A8:7D:85:C2:1E:08:AF:51:D4:C9:04:1A:79:A6
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1F1D
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/rnzHMR3DqH2Fwh4Ir1HUyQQaeaY.roa
Signing time: Sun 01 Jun 2025 00:38:32 +0000
ROA not before: Sun 01 Jun 2025 00:38:32 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7965 (0x1f1d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 1 00:38:32 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=AE7CC7311DC3A87D85C21E08AF51D4C9041A79A6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:b9:ca:53:cc:5a:0e:03:39:96:85:95:11:45:
8f:de:86:3c:3a:a3:a5:8d:2c:5f:09:98:03:a8:3c:
fc:59:d5:4f:a8:f0:d9:0c:26:53:1e:e9:77:97:d8:
8f:f1:f2:a0:df:76:33:83:68:a2:1f:e8:36:63:ff:
b8:23:a8:92:f6:85:07:6e:44:f8:27:6d:e1:1a:62:
9b:5a:ee:89:5a:92:74:d5:89:65:66:2a:f6:c9:03:
7a:43:c7:23:70:6e:2d:a6:84:7a:d0:8b:7d:7f:12:
08:f4:b0:65:37:0d:73:bd:4e:89:8f:05:fb:1e:d3:
46:dc:f5:df:43:4a:8c:c3:67:23:28:9f:31:38:dd:
da:b8:31:8c:d0:cf:a2:30:32:cb:d1:a2:d5:dc:47:
81:49:95:02:76:0a:b5:55:2b:df:ba:f5:0c:33:99:
23:fd:b9:4c:f3:a9:6f:4c:d3:cd:06:be:3c:d8:aa:
4e:15:39:d3:58:b9:65:07:a1:34:f0:8b:4f:f3:52:
67:96:5e:74:6b:fb:e7:5f:19:38:8f:34:06:b5:6d:
17:b6:e4:cf:bb:42:15:b0:0d:3f:c8:b0:10:e4:c4:
4e:f6:aa:84:e3:c6:6d:9c:6e:fa:8b:9f:c3:eb:68:
ef:f7:98:0d:e5:d2:dd:21:99:c4:fc:1c:de:d0:2f:
50:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:7C:C7:31:1D:C3:A8:7D:85:C2:1E:08:AF:51:D4:C9:04:1A:79:A6
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/rnzHMR3DqH2Fwh4Ir1HUyQQaeaY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
a6:3f:b7:4d:e2:78:e7:77:bc:09:cb:a2:8c:49:b6:3b:fd:2d:
95:f0:d4:9d:2b:fa:c3:48:a8:c2:61:ef:6e:e0:a3:6f:1a:77:
bc:93:71:1d:41:b6:3d:72:3c:8c:44:5b:e0:15:32:60:85:45:
79:19:56:02:9c:13:09:a4:cf:16:fd:d3:34:3a:b2:58:21:a2:
da:16:e7:5a:4d:4f:a8:e0:b6:2d:2b:aa:89:61:7b:4f:61:8d:
56:ae:04:5f:9d:9d:ee:c7:eb:1f:14:51:0b:43:1a:46:24:e0:
ee:fe:03:35:7a:16:b4:52:82:0f:8d:95:6c:e3:3f:02:b0:b7:
e0:1a:06:e6:a1:c1:41:f6:05:fa:81:b1:c5:5f:ed:0c:db:7c:
84:c9:e5:6e:14:8a:66:0b:e1:8a:19:2d:6a:c2:5c:d9:4d:bf:
de:c9:4a:3b:c8:ae:14:92:64:03:28:2a:da:c0:f3:84:32:2b:
d3:6f:b2:e1:f7:8f:4b:91:52:1f:92:55:92:8a:d2:54:1b:4f:
f9:15:a7:2d:24:23:47:6f:9e:36:b0:ac:5b:5e:ed:af:ed:17:
68:ba:e1:41:a7:08:d1:da:d4:82:e0:dd:0d:53:7d:6b:b8:03:
4c:d4:85:bb:e9:34:e9:aa:80:53:62:7a:f9:d6:51:19:9c:4c:
b5:db:4b:4e
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHx0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDEw
MDM4MzJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEFFN0NDNzMxMURDM0E4
N0Q4NUMyMUUwOEFGNTFENEM5MDQxQTc5QTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwucpTzFoOAzmWhZURRY/ehjw6o6WNLF8JmAOoPPxZ1U+o8NkM
JlMe6XeX2I/x8qDfdjODaKIf6DZj/7gjqJL2hQduRPgnbeEaYpta7olaknTViWVm
KvbJA3pDxyNwbi2mhHrQi31/Egj0sGU3DXO9TomPBfse00bc9d9DSozDZyMonzE4
3dq4MYzQz6IwMsvRotXcR4FJlQJ2CrVVK9+69QwzmSP9uUzzqW9M080GvjzYqk4V
OdNYuWUHoTTwi0/zUmeWXnRr++dfGTiPNAa1bRe25M+7QhWwDT/IsBDkxE72qoTj
xm2cbvqLn8PraO/3mA3l0t0hmcT8HN7QL1D7AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUrnzHMR3DqH2Fwh4Ir1HUyQQaeaYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvcm56SE1SM0RxSDJG
d2g0SXIxSFV5UVFhZWFZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAKY/t03ieOd3vAnLooxJtjv9LZXw
1J0r+sNIqMJh727go28ad7yTcR1Btj1yPIxEW+AVMmCFRXkZVgKcEwmkzxb90zQ6
slghotoW51pNT6jgti0rqolhe09hjVauBF+dne7H6x8UUQtDGkYk4O7+AzV6FrRS
gg+NlWzjPwKwt+AaBuahwUH2BfqBscVf7QzbfITJ5W4UimYL4YoZLWrCXNlNv97J
SjvIrhSSZAMoKtrA84QyK9NvsuH3j0uRUh+SVZKK0lQbT/kVpy0kI0dvnjawrFte
7a/tF2i64UGnCNHa1ILg3Q1TfWu4A0zUhbvpNOmqgFNievnWURmcTLXbS04=
-----END CERTIFICATE-----
Generated at Sat Jun 21 13:58:04 2025 by rpki-client