Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/sz9QfR4aqhxyRGck-VqmHWzslq8.roa
File: sz9QfR4aqhxyRGck-VqmHWzslq8.roa (raw, json)
Hash identifier: GA4TezA0ODCx6jNxODvI2PJccZp/kLhdUuF7v621Pec=
Subject key identifier: B3:3F:50:7D:1E:1A:AA:1C:72:44:67:24:F9:5A:A6:1D:6C:EC:96:AF
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 23E7
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/sz9QfR4aqhxyRGck-VqmHWzslq8.roa
Signing time: Mon 09 Jun 2025 13:09:00 +0000
ROA not before: Mon 09 Jun 2025 13:09:00 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9191 (0x23e7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 9 13:09:00 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B33F507D1E1AAA1C72446724F95AA61D6CEC96AF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:ca:23:74:1f:e3:c0:61:3f:75:50:07:93:01:
2e:b0:57:c9:37:db:89:82:4b:a6:ea:14:ef:87:87:
12:c8:23:14:5e:09:7d:fa:01:2d:0d:4f:85:bf:2d:
a2:ae:de:58:56:be:52:56:e7:5b:84:80:5f:6a:74:
61:69:ca:61:46:d0:34:c6:2b:1b:78:df:60:a3:bd:
c2:81:aa:fb:ad:33:d5:05:cc:84:0b:ab:bf:37:d1:
d4:65:1a:58:4b:84:dc:d9:22:f4:9d:cd:d3:b3:e1:
d9:92:33:82:3d:c2:3d:b7:f8:1f:93:5c:3a:78:37:
f1:94:18:6d:10:b8:1e:80:fd:f3:84:ee:b3:d6:34:
40:5b:03:72:7a:a0:6b:81:5b:34:b2:6f:6e:09:97:
9b:9c:1f:46:78:ad:58:0f:76:56:de:c9:61:9c:8c:
4e:aa:17:f5:d7:dd:e3:0d:54:00:5f:50:e5:4d:9d:
be:32:52:20:91:55:cb:d2:c9:d7:d3:ea:9b:64:4e:
27:7e:0f:aa:aa:8e:98:3d:41:3f:d2:6d:e6:63:29:
a8:43:a8:4c:b0:c0:5c:25:28:47:61:ca:91:ad:1d:
d4:b1:92:c2:d7:2a:92:67:29:d8:13:ca:d1:6e:84:
c0:2d:43:5e:59:17:e5:29:b4:8e:5c:79:b4:b3:89:
88:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:3F:50:7D:1E:1A:AA:1C:72:44:67:24:F9:5A:A6:1D:6C:EC:96:AF
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/sz9QfR4aqhxyRGck-VqmHWzslq8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
92:d9:3a:e3:6d:78:a4:83:00:6d:62:aa:19:29:b9:34:ae:17:
4d:55:c4:16:fd:c8:35:9c:f5:61:09:eb:c7:88:4c:89:a6:30:
9b:f5:a6:24:ff:e5:74:ab:e2:2f:e5:3f:6e:dc:89:36:1b:58:
89:b0:2d:d4:8b:05:b6:2a:25:b6:96:08:f1:87:fc:54:ed:50:
69:47:b1:21:26:e1:a3:23:ad:cd:e7:e1:d8:3f:0e:8c:a9:58:
27:18:8c:ce:43:62:ae:db:13:0a:47:51:ed:43:db:1a:3c:78:
94:03:ce:f6:72:5c:4d:3e:55:e4:37:68:22:4a:be:a8:02:fc:
e5:9a:72:9c:84:02:3e:a3:05:cd:e5:10:ba:d5:54:1a:ba:ab:
dc:70:77:46:14:26:dc:dc:6c:75:1d:8a:5d:5b:4e:c9:d1:a7:
c2:74:96:0f:54:1b:fc:c1:fb:95:9d:a2:6b:6d:2a:9d:d3:e2:
ba:07:16:27:f0:58:3a:10:57:ef:71:8f:4c:f8:fb:67:5e:b5:
84:5e:8e:e6:af:3e:98:24:01:d3:b3:13:b7:2c:16:d9:5a:b8:
b9:58:fc:02:1e:bd:15:3b:d1:14:4b:b5:ae:29:c4:a4:71:7a:
92:c4:16:5b:36:16:fc:75:a1:30:5b:0e:4c:67:ec:99:44:8b:
8e:6d:0e:a6
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICI+cwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDkx
MzA5MDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEIzM0Y1MDdEMUUxQUFB
MUM3MjQ0NjcyNEY5NUFBNjFENkNFQzk2QUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJyiN0H+PAYT91UAeTAS6wV8k324mCS6bqFO+HhxLIIxReCX36
AS0NT4W/LaKu3lhWvlJW51uEgF9qdGFpymFG0DTGKxt432CjvcKBqvutM9UFzIQL
q7830dRlGlhLhNzZIvSdzdOz4dmSM4I9wj23+B+TXDp4N/GUGG0QuB6A/fOE7rPW
NEBbA3J6oGuBWzSyb24Jl5ucH0Z4rVgPdlbeyWGcjE6qF/XX3eMNVABfUOVNnb4y
UiCRVcvSydfT6ptkTid+D6qqjpg9QT/SbeZjKahDqEywwFwlKEdhypGtHdSxksLX
KpJnKdgTytFuhMAtQ15ZF+UptI5cebSziYiLAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUsz9QfR4aqhxyRGck+VqmHWzslq8wHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvc3o5UWZSNGFxaHh5
Ukdjay1WcW1IV3pzbHE4LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAJLZOuNteKSDAG1iqhkpuTSuF01V
xBb9yDWc9WEJ68eITImmMJv1piT/5XSr4i/lP27ciTYbWImwLdSLBbYqJbaWCPGH
/FTtUGlHsSEm4aMjrc3n4dg/DoypWCcYjM5DYq7bEwpHUe1D2xo8eJQDzvZyXE0+
VeQ3aCJKvqgC/OWacpyEAj6jBc3lELrVVBq6q9xwd0YUJtzcbHUdil1bTsnRp8J0
lg9UG/zB+5WdomttKp3T4roHFifwWDoQV+9xj0z4+2detYRejuavPpgkAdOzE7cs
FtlauLlY/AIevRU70RRLta4pxKRxepLEFls2Fvx1oTBbDkxn7JlEi45tDqY=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:12:11 2025 by rpki-client