Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/1zSZHJ88k8PGcsNSOBDMZFXj8lM.roa
File: 1zSZHJ88k8PGcsNSOBDMZFXj8lM.roa (raw, json)
Hash identifier: hYCTONiExATSQMOdxUeL/Sqo9Yi3PPbHd1hfadHShLs=
Subject key identifier: D7:34:99:1C:9F:3C:93:C3:C6:72:C3:52:38:10:CC:64:55:E3:F2:53
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 3AA3
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/1zSZHJ88k8PGcsNSOBDMZFXj8lM.roa
Signing time: Sun 20 Jul 2025 11:09:14 +0000
ROA not before: Sun 20 Jul 2025 11:09:14 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15011 (0x3aa3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jul 20 11:09:14 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D734991C9F3C93C3C672C3523810CC6455E3F253
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:33:e6:85:fc:a5:f6:ce:05:39:72:e9:f6:ff:
2f:26:a0:e5:8d:5b:eb:f5:5f:0b:1f:11:d3:b0:c1:
e0:2d:a3:38:7a:ff:52:c6:ba:58:d9:10:47:30:de:
e3:ed:92:0c:06:db:4b:a0:4b:3c:07:5d:25:ee:de:
30:aa:01:37:a3:c5:e8:7d:33:20:a3:25:48:21:b4:
3a:e1:b2:e8:f9:4c:6d:6b:70:37:ca:2a:97:0b:90:
7f:97:cb:49:7e:6d:21:0c:2d:5c:32:d5:43:92:05:
22:26:42:a1:ff:10:eb:a4:40:a1:a8:ff:c2:02:68:
4a:1c:06:bd:73:c4:a8:82:09:fd:02:38:50:69:de:
04:90:c4:6d:4b:be:9e:11:f2:89:04:48:ac:d7:73:
7e:f9:6c:3c:d7:d7:45:21:52:28:b1:23:b6:0b:16:
91:3e:8f:55:ee:7a:19:65:1d:9f:86:a0:d2:fe:21:
14:23:68:e6:7a:b2:4f:e0:f0:71:50:8d:32:5a:5b:
2b:b0:57:1c:de:f1:17:d4:62:40:33:b3:ec:e4:10:
0e:5d:93:80:ec:dc:b0:29:cc:80:f3:1b:82:13:6e:
2a:e0:30:dd:9f:fe:84:0d:fb:75:d0:b8:44:51:ec:
51:61:c4:4b:7a:f7:8e:a9:5c:5d:20:65:4f:56:56:
23:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:34:99:1C:9F:3C:93:C3:C6:72:C3:52:38:10:CC:64:55:E3:F2:53
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/1zSZHJ88k8PGcsNSOBDMZFXj8lM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
ae:48:93:d0:76:d1:e7:d4:74:16:98:78:68:81:d4:4f:ef:6c:
2f:49:43:48:e0:fa:c3:68:3d:56:d7:ca:e8:38:ff:99:8e:88:
ba:34:a5:54:fc:98:d0:0c:16:10:5c:1e:6c:5e:7f:7c:1d:a5:
29:ca:0b:60:e4:45:58:2d:22:ee:c5:e1:ca:2d:91:9d:12:80:
84:4d:16:5a:61:18:de:a3:ac:a3:c9:5d:7c:5d:6d:05:a5:7e:
1c:a6:4b:90:61:d5:28:6a:03:c3:d0:7b:e7:b9:29:02:ed:f6:
6d:a6:22:00:ab:a1:54:bf:14:d8:e9:92:24:2f:c4:30:d9:f4:
07:2a:0a:e5:6a:d3:fc:50:c8:32:1a:98:5f:76:d3:2e:24:6c:
9e:32:52:6e:d9:8a:0a:56:85:5a:47:3f:5a:83:f6:12:b6:ae:
8a:b9:c6:9b:a1:e5:e4:74:a8:90:e3:f5:38:b2:9d:d3:ed:31:
b5:f0:bb:18:53:0a:4c:3e:fd:c2:f5:51:a0:97:8a:59:51:1a:
68:5b:3e:2d:ad:b3:92:4f:e1:bf:7d:9e:40:74:d1:69:87:fb:
ba:6d:4c:df:f6:3f:59:df:20:6b:a7:0e:48:ab:57:65:cb:8e:
2c:39:c2:e9:24:cc:ac:af:c4:0f:45:50:c3:6d:3b:58:b6:2f:
9e:f8:10:be
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICOqMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA3MjAx
MTA5MTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQ3MzQ5OTFDOUYzQzkz
QzNDNjcyQzM1MjM4MTBDQzY0NTVFM0YyNTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSM+aF/KX2zgU5cun2/y8moOWNW+v1XwsfEdOwweAtozh6/1LG
uljZEEcw3uPtkgwG20ugSzwHXSXu3jCqATejxeh9MyCjJUghtDrhsuj5TG1rcDfK
KpcLkH+Xy0l+bSEMLVwy1UOSBSImQqH/EOukQKGo/8ICaEocBr1zxKiCCf0COFBp
3gSQxG1Lvp4R8okESKzXc375bDzX10UhUiixI7YLFpE+j1XuehllHZ+GoNL+IRQj
aOZ6sk/g8HFQjTJaWyuwVxze8RfUYkAzs+zkEA5dk4Ds3LApzIDzG4ITbirgMN2f
/oQN+3XQuERR7FFhxEt6946pXF0gZU9WViPvAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU1zSZHJ88k8PGcsNSOBDMZFXj8lMwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvMXpTWkhKODhrOFBH
Y3NOU09CRE1aRlhqOGxNLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAK5Ik9B20efUdBaYeGiB1E/vbC9J
Q0jg+sNoPVbXyug4/5mOiLo0pVT8mNAMFhBcHmxef3wdpSnKC2DkRVgtIu7F4cot
kZ0SgIRNFlphGN6jrKPJXXxdbQWlfhymS5Bh1ShqA8PQe+e5KQLt9m2mIgCroVS/
FNjpkiQvxDDZ9AcqCuVq0/xQyDIamF920y4kbJ4yUm7ZigpWhVpHP1qD9hK2roq5
xpuh5eR0qJDj9TiyndPtMbXwuxhTCkw+/cL1UaCXillRGmhbPi2ts5JP4b99nkB0
0WmH+7ptTN/2P1nfIGunDkirV2XLjiw5wukkzKyvxA9FUMNtO1i2L574EL4=
-----END CERTIFICATE-----
Generated at Sun Jul 20 23:11:58 2025 by rpki-client