Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/Md9PqUDzA0vfM-NyC7Vax1sH-WI.roa
File: Md9PqUDzA0vfM-NyC7Vax1sH-WI.roa (raw, json)
Hash identifier: xWZcEP7rZXJelNVaPYWQzpO4QmJEMDLSJB5CSXs7BWI=
Subject key identifier: 31:DF:4F:A9:40:F3:03:4B:DF:33:E3:72:0B:B5:5A:C7:5B:07:F9:62
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 3AA4
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Md9PqUDzA0vfM-NyC7Vax1sH-WI.roa
Signing time: Sun 20 Jul 2025 11:09:14 +0000
ROA not before: Sun 20 Jul 2025 11:09:14 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15012 (0x3aa4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jul 20 11:09:14 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=31DF4FA940F3034BDF33E3720BB55AC75B07F962
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:68:3e:52:4a:eb:95:58:54:8f:c4:73:01:d8:
e5:61:54:d8:7b:a5:54:6b:94:2f:5b:09:f9:91:29:
ee:c6:6f:d5:dd:9e:ba:18:1b:4b:84:86:01:37:9d:
d2:78:e6:3d:0f:a4:58:3a:03:d2:02:25:78:f7:f6:
a7:29:de:3f:00:19:03:bc:57:46:07:04:4c:dd:6c:
f3:fc:f7:ba:ae:79:22:40:e1:cf:82:36:11:6d:52:
a1:58:34:6d:25:1c:e0:f7:9d:c7:cc:d8:93:ce:72:
f7:04:38:3f:bc:2f:2a:88:8d:63:bb:36:f9:be:83:
56:8a:eb:32:f6:e0:b6:96:2c:7f:f6:f1:22:97:c0:
4c:19:ee:3e:cc:0c:ef:ee:21:ed:4d:63:90:b7:9a:
62:50:2c:c3:d7:bd:33:f0:04:b1:57:78:db:c3:8a:
4c:b4:c6:74:06:a4:46:91:e5:e9:d4:0d:13:be:7c:
d1:b6:f6:11:d1:db:ae:b9:c1:80:0e:09:d9:8b:71:
76:2c:ff:d9:b8:5f:74:81:e6:b0:82:d0:74:65:47:
7e:65:26:6b:23:2c:c4:1b:2d:bf:01:1f:c9:52:94:
67:75:e8:84:0e:1e:33:ab:fe:56:28:f7:6b:1f:86:
3a:85:8e:8f:3a:1f:0f:4c:d9:21:24:e2:ef:e0:ac:
46:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:DF:4F:A9:40:F3:03:4B:DF:33:E3:72:0B:B5:5A:C7:5B:07:F9:62
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/Md9PqUDzA0vfM-NyC7Vax1sH-WI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
64:43:01:cb:c7:4f:79:83:f5:25:fb:cf:13:da:ce:ae:7d:eb:
dd:22:8c:8d:74:7f:83:b1:4e:0f:98:35:bc:5e:8a:76:f0:67:
25:c8:5b:67:f9:2a:aa:b4:1e:8e:70:fb:59:57:3f:d0:03:c3:
23:eb:d2:db:4d:3b:76:83:81:e3:41:94:b1:4a:2c:6b:03:bf:
f9:e9:cd:ef:e0:e1:0e:20:82:87:a5:37:57:46:20:92:b2:6d:
1f:f1:06:cd:75:14:3c:a5:8e:ea:88:c6:eb:db:e6:56:3f:6e:
ba:d4:5e:12:1e:fe:e8:e5:92:29:14:d1:1b:d8:ee:01:96:e5:
fc:25:b7:08:af:fe:d8:c2:e2:8a:76:d5:28:d4:67:1b:ae:47:
ba:6f:94:ad:e4:52:2f:25:42:a2:72:5f:4b:c1:74:bc:0b:29:
7e:21:36:b8:48:02:21:cb:37:26:82:2b:05:e7:24:b0:3d:20:
06:6a:8f:fb:01:e3:c8:86:bc:d0:64:93:8c:70:dc:7c:fe:8f:
05:cc:6d:31:ef:b5:77:78:d6:97:0c:83:89:75:3d:40:0b:54:
99:33:f3:f8:0a:fd:fb:c8:9d:55:a4:ad:a4:61:4e:f4:44:bd:
9d:5e:4b:a4:af:aa:2a:c0:1a:51:16:18:33:35:97:7a:c6:5d:
c1:f8:10:33
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICOqQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA3MjAx
MTA5MTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDMxREY0RkE5NDBGMzAz
NEJERjMzRTM3MjBCQjU1QUM3NUIwN0Y5NjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6aD5SSuuVWFSPxHMB2OVhVNh7pVRrlC9bCfmRKe7Gb9XdnroY
G0uEhgE3ndJ45j0PpFg6A9ICJXj39qcp3j8AGQO8V0YHBEzdbPP897queSJA4c+C
NhFtUqFYNG0lHOD3ncfM2JPOcvcEOD+8LyqIjWO7Nvm+g1aK6zL24LaWLH/28SKX
wEwZ7j7MDO/uIe1NY5C3mmJQLMPXvTPwBLFXeNvDiky0xnQGpEaR5enUDRO+fNG2
9hHR2665wYAOCdmLcXYs/9m4X3SB5rCC0HRlR35lJmsjLMQbLb8BH8lSlGd16IQO
HjOr/lYo92sfhjqFjo86Hw9M2SEk4u/grEZNAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUMd9PqUDzA0vfM+NyC7Vax1sH+WIwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvTWQ5UHFVRHpBMHZm
TS1OeUM3VmF4MXNILVdJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAGRDAcvHT3mD9SX7zxPazq59690i
jI10f4OxTg+YNbxeinbwZyXIW2f5Kqq0Ho5w+1lXP9ADwyPr0ttNO3aDgeNBlLFK
LGsDv/npze/g4Q4ggoelN1dGIJKybR/xBs11FDyljuqIxuvb5lY/brrUXhIe/ujl
kikU0RvY7gGW5fwltwiv/tjC4op21SjUZxuuR7pvlK3kUi8lQqJyX0vBdLwLKX4h
NrhIAiHLNyaCKwXnJLA9IAZqj/sB48iGvNBkk4xw3Hz+jwXMbTHvtXd41pcMg4l1
PUALVJkz8/gK/fvInVWkraRhTvREvZ1eS6SvqirAGlEWGDM1l3rGXcH4EDM=
-----END CERTIFICATE-----
Generated at Sun Jul 20 19:06:58 2025 by rpki-client