Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/zcCe97DU-J2Q9hUCSVl9FaPI15o.roa
File: zcCe97DU-J2Q9hUCSVl9FaPI15o.roa (raw, json)
Hash identifier: RiAlpj7ZXGzZjcq5ABUejOwryZA+FFdIDSsAM/u+ptY=
Subject key identifier: CD:C0:9E:F7:B0:D4:F8:9D:90:F6:15:02:49:59:7D:15:A3:C8:D7:9A
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2673
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/zcCe97DU-J2Q9hUCSVl9FaPI15o.roa
Signing time: Sat 14 Jun 2025 01:39:18 +0000
ROA not before: Sat 14 Jun 2025 01:39:18 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9843 (0x2673)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 14 01:39:18 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CDC09EF7B0D4F89D90F6150249597D15A3C8D79A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:90:7d:ca:84:cd:e4:c5:8d:79:45:27:12:20:
19:51:9d:20:02:66:3f:48:8a:21:c9:f6:86:10:9b:
54:8a:c4:ea:b4:2c:de:08:fe:60:b0:60:f5:5f:45:
2a:f6:2a:71:73:2b:5c:e5:34:0e:89:5f:7f:f4:73:
ec:20:02:14:6c:53:23:dc:01:48:df:d0:81:9f:fc:
d6:0d:51:7b:70:19:fc:f7:ee:80:cd:3f:d3:cb:d2:
47:ca:46:89:71:7e:61:76:7a:55:09:af:55:bd:9e:
7c:ca:46:14:e7:d7:9e:5d:86:9c:77:9d:42:25:04:
27:54:d4:03:b6:a2:1f:ac:44:f7:e4:4d:4d:98:11:
b6:a0:92:06:58:e2:1f:80:cc:9d:d9:ca:33:b6:9b:
22:92:46:50:03:2a:3a:f1:23:35:5d:2c:da:ee:cb:
71:79:a5:73:a7:66:e4:ae:c6:d5:b0:16:3f:a0:d5:
50:98:83:02:44:be:90:8f:d3:27:02:83:fd:83:86:
7f:13:57:70:14:fa:9e:b6:dc:f2:34:88:70:c7:ca:
5b:30:80:d8:78:b8:b3:2e:8e:76:2b:09:28:fb:55:
aa:10:f8:f7:93:3d:49:16:1d:5e:7d:64:a9:8c:4d:
31:94:ad:94:bb:63:e4:cb:9d:93:04:67:f6:eb:a3:
9d:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:C0:9E:F7:B0:D4:F8:9D:90:F6:15:02:49:59:7D:15:A3:C8:D7:9A
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/zcCe97DU-J2Q9hUCSVl9FaPI15o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
08:3a:2f:d2:33:4c:9f:e3:de:3e:ed:2f:a4:d6:48:40:29:d1:
c4:16:32:d2:b7:e1:45:06:13:17:82:79:ca:5d:d5:88:7a:56:
28:7c:aa:72:60:8b:74:2d:8f:e9:34:d3:22:98:15:8c:8d:9c:
12:32:a0:d3:f6:5d:c8:e4:de:2c:3d:2c:f9:1a:06:b9:c8:de:
4a:c7:ff:9f:ab:91:a4:16:01:60:c5:28:ee:9e:4c:36:0b:74:
17:7e:e0:25:3b:e5:60:b9:26:b9:68:ad:01:e7:1e:db:af:94:
59:64:d4:58:b1:e9:d0:81:a0:f4:92:e0:02:3e:c2:64:40:e4:
43:62:30:7a:8b:db:67:1d:d4:4f:41:d0:c4:43:36:fc:15:8f:
38:15:de:9a:99:45:40:2c:7d:5b:9d:39:a5:de:02:f6:f8:9b:
68:5c:b8:32:f5:7f:78:0a:dd:aa:81:41:85:90:65:bf:9c:07:
0a:c2:9f:3c:26:ea:04:61:a6:8c:19:c3:8a:f8:75:54:51:28:
1f:d8:11:c4:85:93:e9:8a:f6:89:68:ab:9d:b8:f1:df:18:4c:
55:42:a7:7d:df:08:93:19:c9:dd:c1:38:5c:0d:91:87:56:a9:
b7:48:07:76:e3:69:ca:93:94:f7:00:12:c9:1f:8e:d3:b9:66:
40:b9:a3:64
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJnMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTQw
MTM5MThaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENEQzA5RUY3QjBENEY4
OUQ5MEY2MTUwMjQ5NTk3RDE1QTNDOEQ3OUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDgkH3KhM3kxY15RScSIBlRnSACZj9IiiHJ9oYQm1SKxOq0LN4I
/mCwYPVfRSr2KnFzK1zlNA6JX3/0c+wgAhRsUyPcAUjf0IGf/NYNUXtwGfz37oDN
P9PL0kfKRolxfmF2elUJr1W9nnzKRhTn155dhpx3nUIlBCdU1AO2oh+sRPfkTU2Y
EbagkgZY4h+AzJ3ZyjO2myKSRlADKjrxIzVdLNruy3F5pXOnZuSuxtWwFj+g1VCY
gwJEvpCP0ycCg/2Dhn8TV3AU+p623PI0iHDHylswgNh4uLMujnYrCSj7VaoQ+PeT
PUkWHV59ZKmMTTGUrZS7Y+TLnZMEZ/bro51jAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUzcCe97DU+J2Q9hUCSVl9FaPI15owHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvemNDZTk3RFUtSjJR
OWhVQ1NWbDlGYVBJMTVvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAAg6L9IzTJ/j3j7tL6TWSEAp0cQW
MtK34UUGExeCecpd1Yh6Vih8qnJgi3Qtj+k00yKYFYyNnBIyoNP2Xcjk3iw9LPka
BrnI3krH/5+rkaQWAWDFKO6eTDYLdBd+4CU75WC5JrlorQHnHtuvlFlk1Fix6dCB
oPSS4AI+wmRA5ENiMHqL22cd1E9B0MRDNvwVjzgV3pqZRUAsfVudOaXeAvb4m2hc
uDL1f3gK3aqBQYWQZb+cBwrCnzwm6gRhpowZw4r4dVRRKB/YEcSFk+mK9oloq524
8d8YTFVCp33fCJMZyd3BOFwNkYdWqbdIB3bjacqTlPcAEskfjtO5ZkC5o2Q=
-----END CERTIFICATE-----
Generated at Sat Jun 21 06:42:44 2025 by rpki-client