Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/sqgTxnw936jz84deQzF2XyvYs7o.roa
File: sqgTxnw936jz84deQzF2XyvYs7o.roa (raw, json)
Hash identifier: pjOEFqILl/B5TkLeWqMGj9zSTD4PsmSDg22DE3KaXTQ=
Subject key identifier: B2:A8:13:C6:7C:3D:DF:A8:F3:F3:87:5E:43:31:76:5F:2B:D8:B3:BA
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1F82
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/sqgTxnw936jz84deQzF2XyvYs7o.roa
Signing time: Sun 01 Jun 2025 17:38:33 +0000
ROA not before: Sun 01 Jun 2025 17:38:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8066 (0x1f82)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 1 17:38:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B2A813C67C3DDFA8F3F3875E4331765F2BD8B3BA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:f3:c7:f4:9c:e5:81:86:c2:5f:74:f7:80:fa:
32:8a:81:4d:db:1b:a9:43:c6:ef:ac:db:a7:ab:f0:
a7:00:85:55:84:1f:b4:67:bb:fc:78:60:f6:34:41:
93:75:db:50:62:ba:2c:5b:84:d7:8e:b9:29:de:d6:
df:5a:89:c0:51:8a:13:20:93:4e:35:07:7f:85:ea:
72:1e:46:d2:79:7b:19:27:97:53:56:ad:23:31:c2:
83:a6:83:da:94:4e:a5:b3:02:f7:f1:69:fc:fd:5a:
82:4c:52:c1:74:95:ef:79:6d:30:9c:c6:ca:c3:40:
ca:69:43:4b:a6:57:7d:73:dd:ec:e5:6d:1c:73:e4:
a0:cc:a8:6e:f0:04:62:04:6e:93:1a:15:5e:50:9f:
a3:61:c7:8b:6c:c6:12:41:26:2c:c1:ee:6a:1f:28:
71:a3:98:1d:6c:62:7e:ee:30:7b:5f:d3:ae:9f:88:
63:87:79:13:b8:b5:2b:64:45:ed:03:9a:e8:3a:bf:
ea:5d:a1:f9:34:2b:8b:95:c6:33:1c:0c:3e:be:82:
b2:8f:f3:a2:6d:91:75:c6:04:71:79:42:3f:55:14:
45:30:ce:06:5f:90:77:8b:9d:54:c6:c6:be:77:77:
13:34:d4:3d:fb:66:21:68:a9:00:e9:2c:a3:49:38:
d3:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:A8:13:C6:7C:3D:DF:A8:F3:F3:87:5E:43:31:76:5F:2B:D8:B3:BA
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/sqgTxnw936jz84deQzF2XyvYs7o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
bb:b8:9d:12:41:76:17:1c:ac:40:da:32:1e:65:7b:18:8b:8c:
b3:2b:3c:9c:1c:9a:20:26:05:b4:67:5d:e6:bd:13:4d:53:86:
d8:96:62:f9:c3:f1:76:51:ee:0d:76:af:ce:b9:0c:28:54:13:
17:7e:30:87:c1:65:af:3d:b6:0f:bf:58:1b:ab:9b:b2:6b:78:
ee:52:e2:64:79:69:c3:94:25:7c:82:e1:0d:99:5b:5e:75:63:
a1:49:15:20:3c:87:4b:c6:da:bb:af:a3:80:67:b2:63:c5:66:
6b:74:a9:21:e9:69:51:e2:c8:33:d1:80:7c:59:db:b1:da:c4:
fa:9a:70:d3:8e:9d:3d:20:e3:e3:28:15:a4:69:9c:e0:52:3a:
82:31:94:fd:58:b9:5e:05:c3:fe:0d:c9:dc:96:ae:64:57:90:
13:ba:63:37:f5:87:b7:60:68:83:33:d5:7d:45:56:2d:9a:9f:
f5:17:a1:ff:0a:15:41:be:85:91:6a:a3:53:3d:f1:47:aa:e6:
11:36:57:12:c1:8f:ab:50:cb:0d:2f:67:26:cf:53:7a:0a:70:
6b:59:ec:2e:a7:fe:6f:0a:c3:38:17:ce:2b:f2:bf:e4:11:d0:
4d:f5:49:34:93:ae:63:ad:35:ba:40:eb:40:e3:8c:62:0d:33:
b2:48:54:a8
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICH4IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDEx
NzM4MzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEIyQTgxM0M2N0MzRERG
QThGM0YzODc1RTQzMzE3NjVGMkJEOEIzQkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCv88f0nOWBhsJfdPeA+jKKgU3bG6lDxu+s26er8KcAhVWEH7Rn
u/x4YPY0QZN121BiuixbhNeOuSne1t9aicBRihMgk041B3+F6nIeRtJ5exknl1NW
rSMxwoOmg9qUTqWzAvfxafz9WoJMUsF0le95bTCcxsrDQMppQ0umV31z3ezlbRxz
5KDMqG7wBGIEbpMaFV5Qn6Nhx4tsxhJBJizB7mofKHGjmB1sYn7uMHtf066fiGOH
eRO4tStkRe0Dmug6v+pdofk0K4uVxjMcDD6+grKP86JtkXXGBHF5Qj9VFEUwzgZf
kHeLnVTGxr53dxM01D37ZiFoqQDpLKNJONO1AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUsqgTxnw936jz84deQzF2XyvYs7owHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvc3FnVHhudzkzNmp6
ODRkZVF6RjJYeXZZczdvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBALu4nRJBdhccrEDaMh5lexiLjLMr
PJwcmiAmBbRnXea9E01ThtiWYvnD8XZR7g12r865DChUExd+MIfBZa89tg+/WBur
m7JreO5S4mR5acOUJXyC4Q2ZW151Y6FJFSA8h0vG2ruvo4BnsmPFZmt0qSHpaVHi
yDPRgHxZ27HaxPqacNOOnT0g4+MoFaRpnOBSOoIxlP1YuV4Fw/4NydyWrmRXkBO6
Yzf1h7dgaIMz1X1FVi2an/UXof8KFUG+hZFqo1M98Ueq5hE2VxLBj6tQyw0vZybP
U3oKcGtZ7C6n/m8KwzgXzivyv+QR0E31STSTrmOtNbpA60DjjGINM7JIVKg=
-----END CERTIFICATE-----
Generated at Sun Jun 22 16:44:21 2025 by rpki-client