Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/wAOkpxZaKaEoT6QBq7O9nMELomA.roa
File: wAOkpxZaKaEoT6QBq7O9nMELomA.roa (raw, json)
Hash identifier: rhhQUvlfChOeQFA4dFRPysRTeUr8mIifIvJ/MMeQb0s=
Subject key identifier: C0:03:A4:A7:16:5A:29:A1:28:4F:A4:01:AB:B3:BD:9C:C1:0B:A2:60
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2625
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/wAOkpxZaKaEoT6QBq7O9nMELomA.roa
Signing time: Fri 13 Jun 2025 12:39:19 +0000
ROA not before: Fri 13 Jun 2025 12:39:19 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9765 (0x2625)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 12:39:19 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C003A4A7165A29A1284FA401ABB3BD9CC10BA260
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:fb:78:f6:7c:4f:a2:99:ae:fa:a9:6a:d9:64:
dd:0f:4d:e8:0b:5d:bf:56:bf:b5:01:d0:d6:d5:95:
0a:f5:34:79:33:fc:e4:28:e7:f3:f2:73:a8:09:f2:
c2:a3:d4:b4:b5:fb:21:71:43:7c:87:b9:b9:a4:8c:
5a:99:a7:67:be:e8:cc:33:52:12:21:a4:49:1a:40:
9a:06:97:42:c7:67:31:6c:58:d3:dd:1e:62:9e:55:
7c:b8:63:05:60:20:7a:f3:df:33:d8:77:77:6c:67:
16:17:d2:1d:b0:c4:c1:36:d9:5f:20:ae:1c:f2:24:
ab:df:d0:42:ff:f5:40:e2:92:85:0a:2a:b6:f3:86:
39:8c:07:bd:51:2c:ab:7b:16:b7:f9:1b:16:0f:54:
88:c8:02:f4:0e:d6:b0:80:6d:f5:4b:e0:53:79:a0:
1d:3b:6a:27:32:14:6c:57:17:da:de:80:ae:89:62:
69:a8:cd:38:30:fb:30:77:df:7f:e2:46:12:84:ce:
3c:5f:7b:70:81:5f:aa:da:a0:e7:ca:74:39:4b:4c:
34:18:60:69:b0:a8:a6:f5:7d:b4:49:b6:56:04:01:
e0:c6:b4:6e:22:99:22:c1:07:f0:b3:2d:c5:9f:02:
30:fe:df:b7:b8:2a:bd:82:6e:eb:eb:a4:27:43:9f:
83:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:03:A4:A7:16:5A:29:A1:28:4F:A4:01:AB:B3:BD:9C:C1:0B:A2:60
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/wAOkpxZaKaEoT6QBq7O9nMELomA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
1f:6a:87:43:3c:8e:07:00:c9:fc:83:a5:a3:cc:e4:09:b4:99:
fd:80:9d:c9:94:44:87:54:1b:6f:61:8a:2b:42:2b:db:7a:c3:
2b:3a:73:69:9c:b2:01:73:08:c0:42:05:87:ef:40:82:12:3c:
2c:32:ba:82:9d:f5:f8:23:0f:85:06:c2:70:de:a0:30:31:12:
8e:9f:ca:64:f0:4b:35:a8:2c:99:1e:e8:a5:3f:2f:0c:27:f5:
3c:7e:39:e5:22:8e:c5:fb:4a:87:a2:86:c3:75:93:a9:9a:cb:
bb:40:2e:32:8f:57:e1:6c:64:fe:ce:fa:ac:5c:0a:47:e0:92:
58:42:d5:f1:18:1a:00:b5:a5:59:b0:0f:24:19:91:e9:f5:c5:
38:13:39:b4:8c:4f:b7:d6:05:6a:f2:09:56:ca:05:bb:29:90:
07:5e:f2:3d:23:c2:bd:b7:4c:28:b0:6d:15:ec:b1:34:94:cd:
90:06:ad:55:6d:e5:ac:c2:ed:7c:7b:86:24:07:bb:bb:9a:43:
04:36:0d:95:9c:a1:1e:4d:e4:e9:0a:fa:a4:5a:83:1f:4c:a6:
79:0b:27:3d:04:51:31:a5:27:84:30:b0:40:cb:49:e0:38:f2:
5b:2d:15:ab:cc:18:f4:f5:d2:1e:23:93:5c:28:d1:c4:67:b1:
33:42:6a:ab
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJiUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMx
MjM5MTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEMwMDNBNEE3MTY1QTI5
QTEyODRGQTQwMUFCQjNCRDlDQzEwQkEyNjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCw+3j2fE+ima76qWrZZN0PTegLXb9Wv7UB0NbVlQr1NHkz/OQo
5/Pyc6gJ8sKj1LS1+yFxQ3yHubmkjFqZp2e+6MwzUhIhpEkaQJoGl0LHZzFsWNPd
HmKeVXy4YwVgIHrz3zPYd3dsZxYX0h2wxME22V8grhzyJKvf0EL/9UDikoUKKrbz
hjmMB71RLKt7Frf5GxYPVIjIAvQO1rCAbfVL4FN5oB07aicyFGxXF9regK6JYmmo
zTgw+zB333/iRhKEzjxfe3CBX6raoOfKdDlLTDQYYGmwqKb1fbRJtlYEAeDGtG4i
mSLBB/CzLcWfAjD+37e4Kr2CbuvrpCdDn4PDAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUwAOkpxZaKaEoT6QBq7O9nMELomAwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvd0FPa3B4WmFLYUVv
VDZRQnE3TzluTUVMb21BLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAB9qh0M8jgcAyfyDpaPM5Am0mf2A
ncmURIdUG29hiitCK9t6wys6c2mcsgFzCMBCBYfvQIISPCwyuoKd9fgjD4UGwnDe
oDAxEo6fymTwSzWoLJke6KU/Lwwn9Tx+OeUijsX7SoeihsN1k6may7tALjKPV+Fs
ZP7O+qxcCkfgklhC1fEYGgC1pVmwDyQZken1xTgTObSMT7fWBWryCVbKBbspkAde
8j0jwr23TCiwbRXssTSUzZAGrVVt5azC7Xx7hiQHu7uaQwQ2DZWcoR5N5OkK+qRa
gx9MpnkLJz0EUTGlJ4QwsEDLSeA48lstFavMGPT10h4jk1wo0cRnsTNCaqs=
-----END CERTIFICATE-----
Generated at Sun Jun 22 00:08:42 2025 by rpki-client