Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/OjhPRLxxHL6B4NmlFGpi8rIBQOI.roa
File: OjhPRLxxHL6B4NmlFGpi8rIBQOI.roa (raw, json)
Hash identifier: rNQZldKk61WDob8M9OLt0hc44fdS5v8ozxYajY6hprA=
Subject key identifier: 3A:38:4F:44:BC:71:1C:BE:81:E0:D9:A5:14:6A:62:F2:B2:01:40:E2
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 2300
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/OjhPRLxxHL6B4NmlFGpi8rIBQOI.roa
Signing time: Sat 07 Jun 2025 22:38:54 +0000
ROA not before: Sat 07 Jun 2025 22:38:54 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 146845
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8960 (0x2300)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 7 22:38:54 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3A384F44BC711CBE81E0D9A5146A62F2B20140E2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:ad:cc:2d:3a:8b:20:93:a5:f0:7c:89:ed:01:
3f:2d:56:ae:02:1a:7c:6d:fd:5e:50:28:a3:27:ac:
c5:6d:b0:6a:a6:f7:fb:f7:03:b6:47:fe:99:a2:f6:
6f:2e:cd:dc:ed:9b:95:a8:98:c8:f7:42:e7:73:61:
55:30:63:9e:58:cf:8f:d7:54:75:6e:c6:30:0f:2c:
c9:8a:f7:c0:65:3a:61:c6:fb:da:a0:88:20:e5:f1:
52:e6:af:6a:99:85:30:13:83:f1:d7:ee:26:21:85:
5b:6c:7e:99:09:77:91:0a:14:6c:7c:ab:f1:12:f4:
a3:8a:18:a3:17:b8:92:af:f3:89:35:c2:e9:37:8a:
b0:49:c9:8c:95:45:c3:0d:23:59:9c:65:41:b4:d7:
51:08:de:7c:13:71:4f:80:f3:96:48:a1:4b:00:85:
c8:87:ce:ed:fa:2d:ab:16:84:15:9d:9a:be:96:bb:
a1:8e:b8:7d:e2:8a:26:dd:2e:46:e0:34:a6:59:c2:
f4:85:53:dc:12:24:73:5e:a7:b8:aa:84:fd:93:e6:
63:36:a6:e3:b5:9f:57:d4:7d:5f:8b:6c:33:c6:bf:
36:91:12:b9:63:77:b3:40:0c:f7:cd:5e:8f:df:18:
d9:7a:67:c9:48:59:1d:ef:4a:35:db:ba:65:88:35:
87:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:38:4F:44:BC:71:1C:BE:81:E0:D9:A5:14:6A:62:F2:B2:01:40:E2
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/OjhPRLxxHL6B4NmlFGpi8rIBQOI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
3a:ae:20:86:b1:9f:85:e3:46:56:34:75:91:02:de:47:2b:89:
ba:ec:d3:62:ae:e7:95:d8:05:ed:c6:fd:fa:15:a2:e3:74:ef:
a4:a4:2e:cd:ec:bb:82:2e:fb:71:76:33:87:a2:6c:77:32:ea:
e2:f5:36:5c:19:d5:ed:14:92:89:b7:b5:c5:7f:5e:9a:b7:c3:
d4:c3:11:df:b5:5c:b5:d4:bf:d5:89:40:08:30:04:d4:9f:5f:
96:4e:13:64:82:a3:d0:aa:0c:ca:89:79:eb:f0:fd:7f:92:30:
00:5b:5a:e0:4e:34:86:eb:d9:04:6b:70:2b:a2:eb:50:39:ae:
a2:d0:1f:1f:77:87:92:ea:84:54:55:ab:28:c0:ed:7e:d9:dc:
7b:d4:48:c8:72:af:be:06:06:51:92:84:db:e0:ba:19:8c:5f:
9e:9e:59:2a:d4:b4:6e:81:08:97:f8:4c:a9:4a:b1:95:96:9d:
bc:0d:6d:31:6a:e6:fa:cd:82:e6:72:80:ce:37:c0:52:62:5c:
57:a0:d0:85:19:51:87:cf:39:bd:9b:1f:bf:1d:c0:80:8d:bc:
97:7e:37:94:37:62:38:d6:e2:e7:6c:4e:3d:d0:fe:d2:35:ad:
e9:cb:78:e9:dc:af:80:c4:84:3f:8f:74:8a:53:4a:4f:97:b8:
ee:6c:69:0d
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICIwAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDcy
MjM4NTRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNBMzg0RjQ0QkM3MTFD
QkU4MUUwRDlBNTE0NkE2MkYyQjIwMTQwRTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQClrcwtOosgk6XwfIntAT8tVq4CGnxt/V5QKKMnrMVtsGqm9/v3
A7ZH/pmi9m8uzdztm5WomMj3QudzYVUwY55Yz4/XVHVuxjAPLMmK98BlOmHG+9qg
iCDl8VLmr2qZhTATg/HX7iYhhVtsfpkJd5EKFGx8q/ES9KOKGKMXuJKv84k1wuk3
irBJyYyVRcMNI1mcZUG011EI3nwTcU+A85ZIoUsAhciHzu36LasWhBWdmr6Wu6GO
uH3iiibdLkbgNKZZwvSFU9wSJHNep7iqhP2T5mM2puO1n1fUfV+LbDPGvzaRErlj
d7NADPfNXo/fGNl6Z8lIWR3vSjXbumWINYdHAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUOjhPRLxxHL6B4NmlFGpi8rIBQOIwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvT2poUFJMeHhITDZC
NE5tbEZHcGk4cklCUU9JLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBADquIIaxn4XjRlY0dZEC3kcribrs
02Ku55XYBe3G/foVouN076SkLs3su4Iu+3F2M4eibHcy6uL1NlwZ1e0Ukom3tcV/
Xpq3w9TDEd+1XLXUv9WJQAgwBNSfX5ZOE2SCo9CqDMqJeevw/X+SMABbWuBONIbr
2QRrcCui61A5rqLQHx93h5LqhFRVqyjA7X7Z3HvUSMhyr74GBlGShNvguhmMX56e
WSrUtG6BCJf4TKlKsZWWnbwNbTFq5vrNguZygM43wFJiXFeg0IUZUYfPOb2bH78d
wICNvJd+N5Q3YjjW4udsTj3Q/tI1renLeOncr4DEhD+PdIpTSk+XuO5saQ0=
-----END CERTIFICATE-----
Generated at Fri Jun 13 08:59:47 2025 by rpki-client