Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/w0n_fK4j4rTIp7f7Am2q95xsH9s.roa
File: w0n_fK4j4rTIp7f7Am2q95xsH9s.roa (raw, json)
Hash identifier: 2qb0mGPxIUf0TYbhDSoJXFCpx5tWM8mbQ5IXSVAEboU=
Subject key identifier: C3:49:FF:7C:AE:23:E2:B4:C8:A7:B7:FB:02:6D:AA:F7:9C:6C:1F:DB
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 263C
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/w0n_fK4j4rTIp7f7Am2q95xsH9s.roa
Signing time: Fri 13 Jun 2025 16:39:14 +0000
ROA not before: Fri 13 Jun 2025 16:39:14 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9788 (0x263c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 16:39:14 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C349FF7CAE23E2B4C8A7B7FB026DAAF79C6C1FDB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:9e:09:6b:32:6f:f8:d3:69:54:78:e6:66:f3:
ec:b3:64:a6:b4:2a:99:e4:fa:16:d9:ef:2e:f7:43:
d2:75:56:9a:1c:7a:ff:b1:86:6e:1c:48:25:df:e2:
61:b5:fa:0a:f3:39:60:ac:51:38:29:7b:42:78:95:
9e:f1:f1:82:44:79:3b:df:51:f9:67:0c:a8:13:b5:
ad:4a:e7:d2:3c:21:3e:c3:ec:07:ee:93:29:57:fc:
00:15:ff:4d:ec:af:c3:5a:3e:54:c8:d7:60:e9:a7:
ba:95:2c:a7:ec:30:c9:f7:5f:42:fc:83:3e:62:02:
70:70:3b:e2:bb:18:9c:1f:f3:14:a6:fc:77:21:b2:
5b:28:f2:8c:8e:cf:94:0a:31:62:29:88:a0:fb:22:
5e:13:7d:9b:5a:7e:0e:74:d6:d9:5d:2f:03:c9:41:
e6:8c:87:16:6e:fc:76:3d:c9:32:19:59:e6:42:54:
fe:6d:a1:12:b3:d0:44:ca:a1:9a:e9:d9:cb:63:a4:
30:03:fc:10:a4:a4:ba:99:20:84:ab:e0:64:cd:e0:
33:92:75:25:37:13:d1:a0:fa:83:20:c5:d8:ab:40:
57:b8:b9:c7:56:23:ce:32:58:46:80:48:1c:71:90:
9d:32:8a:85:d5:21:bb:6b:39:a2:77:6b:6f:4d:43:
59:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:49:FF:7C:AE:23:E2:B4:C8:A7:B7:FB:02:6D:AA:F7:9C:6C:1F:DB
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/w0n_fK4j4rTIp7f7Am2q95xsH9s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
9d:fa:4c:cf:cb:90:11:8c:cc:10:02:6f:fa:71:1e:c5:34:74:
cb:3f:ec:97:73:03:ee:8e:55:8f:a5:dc:ae:56:a1:fd:de:d3:
6f:30:05:e5:48:38:d8:ba:ff:4a:b5:09:27:e0:f8:9d:3e:39:
88:16:4c:53:f9:13:65:32:2a:35:9e:77:ad:17:1d:cd:23:50:
a2:2c:dc:50:c3:76:af:1e:04:5e:98:01:03:2e:e1:83:33:a7:
10:bb:22:1e:81:52:da:7e:fc:58:ff:19:13:75:fd:04:7e:e1:
88:4d:a3:75:00:fb:8e:ab:ae:ea:91:cf:8d:ed:d0:93:bd:35:
28:76:79:2c:da:88:91:a3:77:80:4b:6b:ed:51:3c:f3:13:c5:
47:0d:35:7b:80:bf:6b:fe:58:b3:97:df:cc:fe:61:f2:a6:88:
89:26:cf:4a:11:b5:31:97:c8:99:d5:39:ff:e2:02:12:bb:93:
03:cb:57:97:51:02:8d:11:1d:47:91:c5:e4:57:01:fa:d6:84:
83:ac:ee:ae:96:db:c0:31:9c:73:54:7c:70:25:5a:7f:72:43:
90:16:39:1c:25:f0:b0:a5:4c:c2:50:55:2f:89:b8:f6:6b:34:
84:a7:4b:bc:0a:6d:88:06:1c:5f:86:67:13:c1:cc:49:fd:a4:
a5:07:67:80
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJjwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMx
NjM5MTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEMzNDlGRjdDQUUyM0Uy
QjRDOEE3QjdGQjAyNkRBQUY3OUM2QzFGREIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4nglrMm/402lUeOZm8+yzZKa0Kpnk+hbZ7y73Q9J1Vpocev+x
hm4cSCXf4mG1+grzOWCsUTgpe0J4lZ7x8YJEeTvfUflnDKgTta1K59I8IT7D7Afu
kylX/AAV/03sr8NaPlTI12Dpp7qVLKfsMMn3X0L8gz5iAnBwO+K7GJwf8xSm/Hch
slso8oyOz5QKMWIpiKD7Il4TfZtafg501tldLwPJQeaMhxZu/HY9yTIZWeZCVP5t
oRKz0ETKoZrp2ctjpDAD/BCkpLqZIISr4GTN4DOSdSU3E9Gg+oMgxdirQFe4ucdW
I84yWEaASBxxkJ0yioXVIbtrOaJ3a29NQ1mDAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUw0n/fK4j4rTIp7f7Am2q95xsH9swHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvdzBuX2ZLNGo0clRJ
cDdmN0FtMnE5NXhzSDlzLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAJ36TM/LkBGMzBACb/pxHsU0dMs/
7JdzA+6OVY+l3K5Wof3e028wBeVIONi6/0q1CSfg+J0+OYgWTFP5E2UyKjWed60X
Hc0jUKIs3FDDdq8eBF6YAQMu4YMzpxC7Ih6BUtp+/Fj/GRN1/QR+4YhNo3UA+46r
ruqRz43t0JO9NSh2eSzaiJGjd4BLa+1RPPMTxUcNNXuAv2v+WLOX38z+YfKmiIkm
z0oRtTGXyJnVOf/iAhK7kwPLV5dRAo0RHUeRxeRXAfrWhIOs7q6W28AxnHNUfHAl
Wn9yQ5AWORwl8LClTMJQVS+JuPZrNISnS7wKbYgGHF+GZxPBzEn9pKUHZ4A=
-----END CERTIFICATE-----
Generated at Fri Jun 20 11:46:19 2025 by rpki-client