Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/whL3nIlXk_ok6KeP62Hn2Bw73Pk.roa
File: whL3nIlXk_ok6KeP62Hn2Bw73Pk.roa (raw, json)
Hash identifier: yX1V44iKFDnvhmBNnDwfI/yexYBKHBlqWNIMp9qnwkQ=
Subject key identifier: C2:12:F7:9C:89:57:93:FA:24:E8:A7:8F:EB:61:E7:D8:1C:3B:DC:F9
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1EE0
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/whL3nIlXk_ok6KeP62Hn2Bw73Pk.roa
Signing time: Sat 31 May 2025 14:38:33 +0000
ROA not before: Sat 31 May 2025 14:38:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7904 (0x1ee0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: May 31 14:38:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C212F79C895793FA24E8A78FEB61E7D81C3BDCF9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:7d:1a:a2:b3:5f:80:71:2d:92:79:3d:f4:13:
16:3d:a8:30:d3:c3:ce:43:e7:8d:55:9d:90:1d:06:
4d:54:37:32:4b:6e:96:38:9e:ea:e9:ab:a4:c3:c3:
53:6f:02:5f:e0:74:a0:6c:41:e6:c2:3e:0e:3e:52:
b6:5d:e8:19:c0:9a:cb:92:44:84:e7:30:f8:93:c7:
10:5a:bc:3f:a5:d2:a1:a6:31:9a:64:e0:c0:4d:b2:
54:46:ff:03:35:e2:d5:f7:71:10:44:79:71:7f:74:
c0:61:d3:86:7e:09:98:b8:d8:ce:52:fb:aa:9b:3f:
3b:f4:5f:b8:81:14:c3:0d:e1:7f:54:93:08:ff:ee:
9d:3e:97:d0:b8:9d:85:f9:e4:36:0f:77:b5:ae:de:
95:f1:3f:7c:ed:56:9f:b1:cb:4f:c7:1f:14:0e:4b:
ae:f1:17:17:c6:5f:a9:13:70:73:50:fb:a8:82:21:
9d:c9:6b:57:3a:98:ba:56:b4:2d:b3:f4:f6:0e:18:
a0:0e:63:b2:71:ed:67:b8:eb:9f:8b:25:b7:af:3b:
c2:e6:51:67:3b:42:84:70:23:6d:23:93:6a:e9:bd:
98:17:99:cf:4b:11:d9:33:52:32:56:1c:52:a6:44:
d3:63:0e:12:11:69:b5:95:18:3f:7f:ae:06:92:60:
04:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:12:F7:9C:89:57:93:FA:24:E8:A7:8F:EB:61:E7:D8:1C:3B:DC:F9
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/whL3nIlXk_ok6KeP62Hn2Bw73Pk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
a8:57:d2:a1:36:3e:fd:d4:50:dc:da:27:8d:b5:94:0d:ee:77:
a9:76:95:b9:03:20:94:55:a8:76:7f:7e:0a:b3:44:50:e8:07:
1f:b8:c6:b9:47:8b:65:65:24:61:25:e0:43:4b:e2:22:e0:79:
e9:3d:a3:80:bb:5d:d4:cf:9a:4c:9a:73:13:df:68:ba:18:83:
68:bb:d2:9a:de:14:bc:13:0d:8c:20:e0:2e:bf:aa:dd:b7:ae:
84:09:bc:9b:c7:d6:2b:b8:7a:0c:bd:f2:06:a8:c0:f5:e5:59:
67:15:16:90:e9:e7:89:20:cc:62:c1:91:f9:94:67:08:ad:4c:
02:1a:cb:a2:85:b7:e6:31:7e:54:53:43:1c:a6:99:b6:94:10:
95:b2:f3:f5:5e:b0:ec:58:62:65:35:0e:52:3c:53:00:7d:1f:
f8:44:c1:80:dd:ae:ed:f0:41:c3:24:28:fa:17:b8:2e:e1:67:
70:fa:63:f2:13:ef:0e:e9:50:8c:a0:90:54:07:4d:5f:43:20:
31:c9:90:1a:87:f1:e3:fb:44:0d:02:bc:15:f6:d8:ad:16:af:
95:3a:b9:82:98:4e:cd:e0:7a:b2:ac:be:eb:7a:9d:0a:bb:35:
5d:f6:94:90:9c:b8:d5:b0:6c:b8:dd:63:ed:c0:23:16:a4:ee:
28:c4:1d:99
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICHuAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA1MzEx
NDM4MzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEMyMTJGNzlDODk1Nzkz
RkEyNEU4QTc4RkVCNjFFN0Q4MUMzQkRDRjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOfRqis1+AcS2SeT30ExY9qDDTw85D541VnZAdBk1UNzJLbpY4
nurpq6TDw1NvAl/gdKBsQebCPg4+UrZd6BnAmsuSRITnMPiTxxBavD+l0qGmMZpk
4MBNslRG/wM14tX3cRBEeXF/dMBh04Z+CZi42M5S+6qbPzv0X7iBFMMN4X9Ukwj/
7p0+l9C4nYX55DYPd7Wu3pXxP3ztVp+xy0/HHxQOS67xFxfGX6kTcHNQ+6iCIZ3J
a1c6mLpWtC2z9PYOGKAOY7Jx7We465+LJbevO8LmUWc7QoRwI20jk2rpvZgXmc9L
EdkzUjJWHFKmRNNjDhIRabWVGD9/rgaSYATnAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUwhL3nIlXk/ok6KeP62Hn2Bw73PkwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvd2hMM25JbFhrX29r
NktlUDYySG4yQnc3M1BrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAKhX0qE2Pv3UUNzaJ421lA3ud6l2
lbkDIJRVqHZ/fgqzRFDoBx+4xrlHi2VlJGEl4ENL4iLgeek9o4C7XdTPmkyacxPf
aLoYg2i70preFLwTDYwg4C6/qt23roQJvJvH1iu4egy98gaowPXlWWcVFpDp54kg
zGLBkfmUZwitTAIay6KFt+YxflRTQxymmbaUEJWy8/VesOxYYmU1DlI8UwB9H/hE
wYDdru3wQcMkKPoXuC7hZ3D6Y/IT7w7pUIygkFQHTV9DIDHJkBqH8eP7RA0CvBX2
2K0Wr5U6uYKYTs3gerKsvut6nQq7NV32lJCcuNWwbLjdY+3AIxak7ijEHZk=
-----END CERTIFICATE-----
Generated at Fri Jun 20 22:42:53 2025 by rpki-client