Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/zecFjx77yI-buJs72ui3-droYdU.roa
File: zecFjx77yI-buJs72ui3-droYdU.roa (raw, json)
Hash identifier: GtLa9T3ssqCFdV4X8U0UVHbpZg412/r4LXwFFhSj2zA=
Subject key identifier: CD:E7:05:8F:1E:FB:C8:8F:9B:B8:9B:3B:DA:E8:B7:F9:DA:E8:61:D5
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2679
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/zecFjx77yI-buJs72ui3-droYdU.roa
Signing time: Sat 14 Jun 2025 02:39:17 +0000
ROA not before: Sat 14 Jun 2025 02:39:17 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9849 (0x2679)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 14 02:39:17 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=CDE7058F1EFBC88F9BB89B3BDAE8B7F9DAE861D5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:02:65:97:12:32:c6:22:b2:84:49:7e:be:40:
5b:ed:6f:da:6a:2c:b4:16:12:78:e9:24:e4:05:77:
03:c3:6d:60:7a:5d:a6:1d:cf:c1:92:f7:e7:37:27:
19:ed:50:d5:ff:d9:7d:e9:df:bf:47:8c:b1:73:a5:
0d:53:ae:dd:24:d9:18:8c:ba:d2:1b:6a:90:ca:22:
1f:0a:dd:6d:fc:f5:01:de:e2:30:4d:16:9e:c7:97:
ce:8f:74:a8:da:1f:af:5b:97:86:71:fb:ee:bb:75:
9b:69:16:38:ed:82:a8:73:ff:c2:48:eb:75:ff:60:
11:ce:1a:bf:ee:e9:68:dd:49:9c:ad:ca:8c:63:0a:
ce:63:cb:fc:20:ee:e9:25:54:2c:d3:23:2c:7f:5c:
1a:ec:d8:bf:26:4f:57:f0:67:06:64:1a:d3:ab:b1:
64:45:f7:d3:19:26:91:a8:d7:f6:a8:aa:f3:64:20:
95:d7:51:5a:28:23:7a:2e:56:c0:65:81:a3:ad:99:
54:11:f0:4b:4e:3d:fd:d8:84:1d:4c:12:89:20:ed:
98:08:f7:da:7d:38:75:72:bf:07:32:83:8e:b7:e1:
56:99:cb:a6:9b:44:18:82:2d:f2:5e:00:24:ee:ea:
bb:90:81:7d:c5:4b:74:9b:1a:da:eb:81:02:b4:95:
8d:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:E7:05:8F:1E:FB:C8:8F:9B:B8:9B:3B:DA:E8:B7:F9:DA:E8:61:D5
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/zecFjx77yI-buJs72ui3-droYdU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
21:7a:0a:ce:98:2f:a4:34:0e:9f:6d:e6:b4:35:e9:ca:b8:76:
7d:df:1a:3a:2b:29:2e:b9:aa:5d:68:09:fe:41:22:a2:38:2a:
e6:ba:a9:17:2e:58:51:f9:e2:30:0c:d2:af:81:db:90:4d:ae:
df:12:5b:9b:34:cd:3f:94:23:3a:a2:66:cc:eb:70:ce:f4:95:
1b:e6:0c:12:87:86:6b:aa:9c:c7:67:7b:c1:e0:27:d0:9b:40:
ca:c8:ed:b5:8a:6d:5e:3e:2d:be:c1:7b:27:40:68:45:e0:fe:
5a:02:86:ec:90:c9:20:a7:87:6b:48:45:29:38:9e:ba:24:c4:
f1:9e:02:52:e9:65:0b:0c:a4:7e:d5:64:aa:5d:d5:61:4f:e3:
bb:6c:1c:a2:7f:30:58:07:81:91:07:a9:85:ad:5e:87:ff:66:
55:22:23:71:10:40:2c:15:b8:41:57:ef:37:76:3c:7f:96:91:
46:69:cb:b8:06:d3:a1:e2:03:5b:c8:59:f9:ca:88:1c:3d:c3:
45:6f:e2:34:cd:c0:91:c6:3e:dc:5b:fb:f3:14:63:e6:6c:6a:
28:d2:2d:f8:6d:f8:91:b3:37:fc:41:3f:5f:0e:57:69:d3:77:
50:9c:c7:2a:d0:09:6b:f4:b9:43:5d:85:9c:71:32:a2:cf:6f:
39:d1:50:40
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICJnkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MTQw
MjM5MTdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKENERTcwNThGMUVGQkM4
OEY5QkI4OUIzQkRBRThCN0Y5REFFODYxRDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDWAmWXEjLGIrKESX6+QFvtb9pqLLQWEnjpJOQFdwPDbWB6XaYd
z8GS9+c3JxntUNX/2X3p379HjLFzpQ1Trt0k2RiMutIbapDKIh8K3W389QHe4jBN
Fp7Hl86PdKjaH69bl4Zx++67dZtpFjjtgqhz/8JI63X/YBHOGr/u6WjdSZytyoxj
Cs5jy/wg7uklVCzTIyx/XBrs2L8mT1fwZwZkGtOrsWRF99MZJpGo1/aoqvNkIJXX
UVooI3ouVsBlgaOtmVQR8EtOPf3YhB1MEokg7ZgI99p9OHVyvwcyg4634VaZy6ab
RBiCLfJeACTu6ruQgX3FS3SbGtrrgQK0lY1RAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUzecFjx77yI+buJs72ui3+droYdUwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvemVjRmp4Nzd5SS1i
dUpzNzJ1aTMtZHJvWWRVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBACF6Cs6YL6Q0Dp9t5rQ16cq4dn3f
GjorKS65ql1oCf5BIqI4Kua6qRcuWFH54jAM0q+B25BNrt8SW5s0zT+UIzqiZszr
cM70lRvmDBKHhmuqnMdne8HgJ9CbQMrI7bWKbV4+Lb7BeydAaEXg/loChuyQySCn
h2tIRSk4nrokxPGeAlLpZQsMpH7VZKpd1WFP47tsHKJ/MFgHgZEHqYWtXof/ZlUi
I3EQQCwVuEFX7zd2PH+WkUZpy7gG06HiA1vIWfnKiBw9w0Vv4jTNwJHGPtxb+/MU
Y+ZsaijSLfht+JGzN/xBP18OV2nTd1CcxyrQCWv0uUNdhZxxMqLPbznRUEA=
-----END CERTIFICATE-----
Generated at Sun Jun 22 06:09:18 2025 by rpki-client