Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/s0G_jXgjdY4ndlyEGyH3oDB3MHI.roa
File: s0G_jXgjdY4ndlyEGyH3oDB3MHI.roa (raw, json)
Hash identifier: 8sN4veRMfYqG+o0sZl4rn41fJlziJxJRYi/D/N0+LPs=
Subject key identifier: B3:41:BF:8D:78:23:75:8E:27:76:5C:84:1B:21:F7:A0:30:77:30:72
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 310B
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/s0G_jXgjdY4ndlyEGyH3oDB3MHI.roa
Signing time: Thu 03 Jul 2025 09:11:48 +0000
ROA not before: Thu 03 Jul 2025 09:11:48 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12555 (0x310b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jul 3 09:11:48 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=B341BF8D7823758E27765C841B21F7A030773072
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:55:13:26:fd:0a:b0:da:91:ef:c0:8e:af:db:
17:5b:49:b9:af:22:14:39:7e:fa:b7:d1:65:b6:51:
84:8d:1f:99:c5:48:88:d0:77:5a:28:b4:8d:aa:5f:
f9:99:a0:98:bf:a0:25:22:aa:d0:5e:38:6d:1d:40:
25:3b:6c:dd:04:7e:59:00:83:0c:89:d6:6a:1a:01:
e4:d9:e6:24:ef:90:bd:32:f3:05:82:8d:62:fe:7d:
07:72:6a:fa:ba:ae:1f:0e:e6:d6:f1:93:21:3c:3e:
33:53:a0:fd:a2:41:a7:fc:54:4b:e4:ab:4c:59:98:
ab:d8:9b:38:37:8b:d5:98:53:08:a1:7d:5c:0e:5a:
d5:5e:c1:a9:c8:57:75:f7:5f:81:e8:09:46:ab:3b:
a0:70:2f:16:ce:0c:5c:ba:ee:37:a0:a4:64:64:dd:
43:ae:1b:cd:0d:4e:72:b5:c8:1b:8a:67:c9:e0:d2:
9a:bf:37:aa:c3:c2:26:4c:ae:86:e0:f3:b3:a2:c7:
2e:23:1b:40:12:a7:f0:5b:79:8a:f4:58:ad:5a:6b:
53:42:77:9a:97:a2:a5:1b:12:3f:8e:30:d3:e3:08:
da:7a:05:46:fd:14:91:d8:05:a5:2a:79:0b:24:a3:
0c:70:92:8f:a2:49:69:3b:44:0c:88:e9:1a:78:64:
89:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:41:BF:8D:78:23:75:8E:27:76:5C:84:1B:21:F7:A0:30:77:30:72
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/s0G_jXgjdY4ndlyEGyH3oDB3MHI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
18:1e:9e:71:4d:e4:a7:eb:77:09:2c:8d:9f:69:d6:bf:f2:92:
27:cd:e7:50:b0:c3:1f:0f:dc:0f:bf:84:97:7c:6d:78:82:49:
91:d9:65:9e:e2:51:c6:15:5d:0e:8e:63:d1:83:80:11:b0:e0:
45:36:ce:b2:40:d9:a6:af:f6:6c:45:ce:a6:d2:b1:10:69:2c:
9e:7e:ec:a2:c1:fe:e1:9f:00:30:e2:78:59:1a:6d:84:85:eb:
21:d0:fa:87:7f:67:66:2e:77:c3:c8:f7:31:b8:e0:94:ea:5c:
2f:46:60:75:38:79:52:b5:ad:2c:b0:74:fc:b3:e9:d9:a0:c4:
03:56:49:3b:4f:d3:81:d3:08:95:d4:4b:c2:d5:b1:44:bd:5f:
89:a3:cf:0e:23:d7:f4:37:1e:97:8b:97:b5:97:d6:37:13:92:
c7:4a:6d:c7:2a:0c:76:99:12:b9:55:a9:6a:63:78:7e:f1:94:
98:36:9f:b9:97:23:a5:67:c4:5b:35:a2:19:d6:ea:b5:f3:b2:
64:15:be:c9:9f:6a:14:8c:d4:c6:0f:48:f5:76:29:30:62:71:
e2:ab:19:69:39:0f:a1:79:af:fd:40:1a:58:36:a5:6d:ba:ef:
7e:48:1a:e0:09:2b:1f:8b:9f:e4:0f:bb:fa:73:80:10:46:f4:
f5:51:03:5c
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICMQswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA3MDMw
OTExNDhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEIzNDFCRjhENzgyMzc1
OEUyNzc2NUM4NDFCMjFGN0EwMzA3NzMwNzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQClVRMm/Qqw2pHvwI6v2xdbSbmvIhQ5fvq30WW2UYSNH5nFSIjQ
d1ootI2qX/mZoJi/oCUiqtBeOG0dQCU7bN0EflkAgwyJ1moaAeTZ5iTvkL0y8wWC
jWL+fQdyavq6rh8O5tbxkyE8PjNToP2iQaf8VEvkq0xZmKvYmzg3i9WYUwihfVwO
WtVewanIV3X3X4HoCUarO6BwLxbODFy67jegpGRk3UOuG80NTnK1yBuKZ8ng0pq/
N6rDwiZMrobg87Oixy4jG0ASp/BbeYr0WK1aa1NCd5qXoqUbEj+OMNPjCNp6BUb9
FJHYBaUqeQskowxwko+iSWk7RAyI6Rp4ZIl5AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUs0G/jXgjdY4ndlyEGyH3oDB3MHIwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvczBHX2pYZ2pkWTRu
ZGx5RUd5SDNvREIzTUhJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBABgennFN5KfrdwksjZ9p1r/ykifN
51Cwwx8P3A+/hJd8bXiCSZHZZZ7iUcYVXQ6OY9GDgBGw4EU2zrJA2aav9mxFzqbS
sRBpLJ5+7KLB/uGfADDieFkabYSF6yHQ+od/Z2Yud8PI9zG44JTqXC9GYHU4eVK1
rSywdPyz6dmgxANWSTtP04HTCJXUS8LVsUS9X4mjzw4j1/Q3HpeLl7WX1jcTksdK
bccqDHaZErlVqWpjeH7xlJg2n7mXI6VnxFs1ohnW6rXzsmQVvsmfahSM1MYPSPV2
KTBiceKrGWk5D6F5r/1AGlg2pW26735IGuAJKx+Ln+QPu/pzgBBG9PVRA1w=
-----END CERTIFICATE-----
Generated at Fri Jul 4 01:26:39 2025 by rpki-client