Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/zaNJ_bXdtyJDxq8ZngONi93OH_M.roa
File: zaNJ_bXdtyJDxq8ZngONi93OH_M.roa (raw, json)
Hash identifier: keo6jBiGgQQ4chnF6jondQ8jkN79Ltghg7S863Dg5E0=
Subject key identifier: CD:A3:49:FD:B5:DD:B7:22:43:C6:AF:19:9E:03:8D:8B:DD:CE:1F:F3
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2633
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/zaNJ_bXdtyJDxq8ZngONi93OH_M.roa
Signing time: Fri 13 Jun 2025 15:09:14 +0000
ROA not before: Fri 13 Jun 2025 15:09:14 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9779 (0x2633)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 13 15:09:14 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CDA349FDB5DDB72243C6AF199E038D8BDDCE1FF3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:b5:dc:d4:69:54:d3:23:83:49:93:dd:ec:5b:
ac:0b:40:ce:02:db:f1:36:f6:8c:d2:ba:b4:59:c6:
e4:49:23:6c:bc:11:61:6a:36:b0:0e:36:6a:74:4d:
97:5f:8f:77:dd:12:59:98:b3:d7:a6:e7:ed:ff:ba:
af:0e:f7:5b:96:92:48:7b:1f:80:1a:f4:57:01:91:
56:f8:5e:b4:9b:8f:0f:62:b5:ce:c4:a9:b5:10:20:
d5:af:04:20:bc:c3:0d:73:35:99:ab:33:a5:8e:fd:
e1:1f:e6:7b:85:e7:6a:7c:b9:02:0b:eb:e1:e5:00:
91:ff:4e:c7:b5:3e:a3:be:7d:59:f4:08:cb:65:6e:
a1:f2:fd:84:f2:11:01:94:2a:ac:29:1c:39:b4:6d:
e7:9b:18:1a:8d:42:01:a8:b6:a4:83:99:de:1d:cd:
09:4e:61:0f:23:3c:36:8b:7b:bb:51:60:62:4c:94:
87:b1:ff:aa:a6:17:ab:65:0b:50:d8:53:85:0e:40:
78:14:38:d8:f3:ee:c2:9f:e9:ce:de:fa:a8:73:6a:
de:ad:9e:fb:5f:c0:1e:bd:da:31:ef:d4:9b:e8:56:
54:05:ad:0b:55:5f:dc:68:f2:04:cc:fe:10:19:4c:
aa:11:a5:88:ab:98:6f:89:9d:87:a3:85:dd:05:0c:
61:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:A3:49:FD:B5:DD:B7:22:43:C6:AF:19:9E:03:8D:8B:DD:CE:1F:F3
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/zaNJ_bXdtyJDxq8ZngONi93OH_M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
01:a1:3b:c6:80:02:ef:9e:e2:b7:37:cd:7f:41:60:6c:70:a4:
e1:30:c9:30:a0:50:3b:3c:12:c8:72:53:0a:cb:65:ce:c2:a2:
43:75:73:6f:14:a7:48:d5:c3:8b:8a:40:cb:90:e2:a1:f6:a5:
53:83:85:cd:cd:28:a0:51:ae:01:47:f3:54:16:e7:ab:6f:c7:
89:bf:67:98:27:9e:b0:9c:1d:76:3e:09:42:28:96:73:d5:b9:
b9:e6:97:e8:88:9b:e5:c1:69:e8:f2:1c:8b:d3:fb:79:c8:5f:
3d:f6:a0:cd:de:2b:23:4c:bc:68:ec:87:60:19:fc:af:af:9a:
aa:00:76:8d:37:33:99:fd:bd:dd:ec:a6:99:d0:96:ed:d3:c7:
09:a6:91:e7:32:82:06:8f:f1:11:28:ca:06:14:57:37:e6:1a:
be:ad:b6:49:5c:75:58:f4:03:81:ad:3b:6f:18:29:23:0c:65:
49:91:4e:14:e4:8e:32:8d:fd:49:96:a4:2b:17:34:a6:95:70:
e2:75:dc:e2:d5:48:32:7b:7d:ad:00:d6:ea:14:b6:0d:6d:88:
59:27:3c:14:ff:04:d1:21:10:e4:a9:14:e7:5e:54:a4:af:25:
53:5c:68:af:be:b8:6e:6f:a6:a1:28:a8:18:de:43:4b:4f:fe:
01:69:fd:13
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJjMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTMx
NTA5MTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENEQTM0OUZEQjVEREI3
MjI0M0M2QUYxOTlFMDM4RDhCRERDRTFGRjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDntdzUaVTTI4NJk93sW6wLQM4C2/E29ozSurRZxuRJI2y8EWFq
NrAONmp0TZdfj3fdElmYs9em5+3/uq8O91uWkkh7H4Aa9FcBkVb4XrSbjw9itc7E
qbUQINWvBCC8ww1zNZmrM6WO/eEf5nuF52p8uQIL6+HlAJH/Tse1PqO+fVn0CMtl
bqHy/YTyEQGUKqwpHDm0beebGBqNQgGotqSDmd4dzQlOYQ8jPDaLe7tRYGJMlIex
/6qmF6tlC1DYU4UOQHgUONjz7sKf6c7e+qhzat6tnvtfwB692jHv1JvoVlQFrQtV
X9xo8gTM/hAZTKoRpYirmG+JnYejhd0FDGEdAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUzaNJ/bXdtyJDxq8ZngONi93OH/MwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvemFOSl9iWGR0eUpE
eHE4Wm5nT05pOTNPSF9NLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAAGhO8aAAu+e4rc3zX9BYGxwpOEw
yTCgUDs8EshyUwrLZc7CokN1c28Up0jVw4uKQMuQ4qH2pVODhc3NKKBRrgFH81QW
56tvx4m/Z5gnnrCcHXY+CUIolnPVubnml+iIm+XBaejyHIvT+3nIXz32oM3eKyNM
vGjsh2AZ/K+vmqoAdo03M5n9vd3sppnQlu3TxwmmkecyggaP8REoygYUVzfmGr6t
tklcdVj0A4GtO28YKSMMZUmRThTkjjKN/UmWpCsXNKaVcOJ13OLVSDJ7fa0A1uoU
tg1tiFknPBT/BNEhEOSpFOdeVKSvJVNcaK++uG5vpqEoqBjeQ0tP/gFp/RM=
-----END CERTIFICATE-----
Generated at Sun Jun 22 18:30:10 2025 by rpki-client