Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3098/3GFCOsyMbZ_mnGLXM_c0_DWegdY.roa
File: 3GFCOsyMbZ_mnGLXM_c0_DWegdY.roa (raw, json)
Hash identifier: CCXKhfBPv+hM6MwEti4cGW8SxMPVMPiXfxlBJhVnNdI=
Subject key identifier: DC:61:42:3A:CC:8C:6D:9F:E6:9C:62:D7:33:F7:34:FC:35:9E:81:D6
Certificate issuer: /CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Certificate serial: 1FA7
Authority key identifier: D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/3GFCOsyMbZ_mnGLXM_c0_DWegdY.roa
Signing time: Sun 01 Jun 2025 23:38:36 +0000
ROA not before: Sun 01 Jun 2025 23:38:36 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 4812
IP address blocks: 2407:9b40::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8103 (0x1fa7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=D2AB6C9B6E165334C032D051D5FC7D1547E4E353
Validity
Not Before: Jun 1 23:38:36 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DC61423ACC8C6D9FE69C62D733F734FC359E81D6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:0d:5f:4c:1d:d3:09:f7:6d:71:25:4a:aa:2c:
5b:b2:fd:e2:e8:6e:23:cc:5c:a5:9c:24:0e:4c:9e:
1b:a8:62:a9:c8:8d:4c:95:ee:15:9b:53:68:79:cc:
90:6a:71:d8:4a:e8:cb:fa:fe:59:ea:8d:8c:36:44:
06:23:fc:86:21:4d:ea:7a:5d:2c:89:57:d1:db:4d:
42:0d:af:fd:d4:f3:26:ee:00:86:f7:13:0d:25:36:
61:ca:b0:c3:66:e6:d2:7a:25:19:0a:d3:fc:25:7e:
e0:ef:4d:16:15:2c:45:40:5e:89:db:86:5d:ce:c9:
c9:4d:be:15:f6:ac:74:8d:16:a1:e0:59:ee:b6:5d:
f2:da:c5:a4:91:38:60:bf:91:f2:1e:e5:82:dd:44:
3c:d6:12:c1:90:65:5d:8a:59:83:24:3b:4c:07:32:
38:55:07:9f:73:94:5c:1b:f1:18:5c:6a:57:2f:30:
9d:70:9e:74:dc:52:99:1d:ea:29:d7:73:af:3b:a9:
05:ad:f3:21:15:a5:d0:0e:38:59:ac:c5:b0:14:87:
ee:f2:df:f5:27:39:34:72:87:69:ea:25:dc:08:a5:
be:df:d9:80:a2:67:f5:e0:af:20:c1:00:0d:f4:3a:
3d:70:73:b2:03:ca:94:c4:f5:72:f3:7b:c3:3a:e1:
b3:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:61:42:3A:CC:8C:6D:9F:E6:9C:62:D7:33:F7:34:FC:35:9E:81:D6
X509v3 Authority Key Identifier:
keyid:D2:AB:6C:9B:6E:16:53:34:C0:32:D0:51:D5:FC:7D:15:47:E4:E3:53
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/0qtsm24WUzTAMtBR1fx9FUfk41M.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/0qtsm24WUzTAMtBR1fx9FUfk41M.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3098/3GFCOsyMbZ_mnGLXM_c0_DWegdY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2407:9b40::/32
Signature Algorithm: sha256WithRSAEncryption
75:51:35:60:be:a2:9f:21:bd:59:dd:90:00:11:69:d3:f3:4f:
6a:06:a3:7c:a1:f3:25:2d:f0:6e:03:b4:ed:80:30:0d:0a:c2:
89:3f:74:18:99:7a:63:44:73:14:e0:8b:71:18:39:cb:2a:ad:
98:7b:6b:21:62:00:64:40:3f:b4:cf:ef:96:5a:9e:b2:d7:8a:
c9:77:f7:0a:e5:5f:fb:52:32:a4:66:58:68:2d:86:73:b9:5a:
dc:92:6b:09:d5:f4:94:39:b4:b6:b3:95:6e:fe:81:27:3f:cb:
52:09:f1:39:eb:7c:ac:5c:d1:1f:5e:ff:77:6a:ed:72:4d:a7:
fe:bc:12:fb:5d:76:14:d6:3d:82:5d:bc:1a:9e:d1:37:99:34:
64:31:81:d1:be:cd:e4:8b:49:7a:88:14:6b:ae:9b:9b:a1:c9:
07:e7:6e:17:a5:dd:7e:63:cb:52:f5:81:7d:c2:4c:b8:07:37:
ca:2a:66:31:bd:10:37:83:45:c7:d4:dc:9b:42:ec:bc:08:79:
a7:9e:5d:c3:72:40:d4:da:3e:77:d7:d6:40:1e:bb:f5:35:f4:
e4:51:19:67:c7:33:8f:76:3d:ed:91:a6:40:1d:b3:db:b7:1a:
aa:a1:00:bb:76:42:60:83:df:06:b7:ba:ef:6a:cb:fb:f0:13:
a8:d2:56:ae
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICH6cwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRDJB
QjZDOUI2RTE2NTMzNEMwMzJEMDUxRDVGQzdEMTU0N0U0RTM1MzAeFw0yNTA2MDEy
MzM4MzZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERDNjE0MjNBQ0M4QzZE
OUZFNjlDNjJENzMzRjczNEZDMzU5RTgxRDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+DV9MHdMJ921xJUqqLFuy/eLobiPMXKWcJA5MnhuoYqnIjUyV
7hWbU2h5zJBqcdhK6Mv6/lnqjYw2RAYj/IYhTep6XSyJV9HbTUINr/3U8ybuAIb3
Ew0lNmHKsMNm5tJ6JRkK0/wlfuDvTRYVLEVAXonbhl3OyclNvhX2rHSNFqHgWe62
XfLaxaSROGC/kfIe5YLdRDzWEsGQZV2KWYMkO0wHMjhVB59zlFwb8RhcalcvMJ1w
nnTcUpkd6inXc687qQWt8yEVpdAOOFmsxbAUh+7y3/UnOTRyh2nqJdwIpb7f2YCi
Z/XgryDBAA30Oj1wc7IDypTE9XLze8M64bPJAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQU3GFCOsyMbZ/mnGLXM/c0/DWegdYwHwYDVR0jBBgwFoAU0qtsm24WUzTAMtBR
1fx9FUfk41MwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzA5
OC8wcXRzbTI0V1V6VEFNdEJSMWZ4OUZVZms0MU0uY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzBxdHNtMjRXVXpUQU10QlIxZng5RlVmazQxTS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMwOTgvM0dGQ09zeU1iWl9t
bkdMWE1fYzBfRFdlZ2RZLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQHm0AwDQYJKoZIhvcNAQELBQADggEBAHVRNWC+op8hvVndkAARadPzT2oG
o3yh8yUt8G4DtO2AMA0Kwok/dBiZemNEcxTgi3EYOcsqrZh7ayFiAGRAP7TP75Za
nrLXisl39wrlX/tSMqRmWGgthnO5WtySawnV9JQ5tLazlW7+gSc/y1IJ8TnrfKxc
0R9e/3dq7XJNp/68EvtddhTWPYJdvBqe0TeZNGQxgdG+zeSLSXqIFGuum5uhyQfn
bhel3X5jy1L1gX3CTLgHN8oqZjG9EDeDRcfU3JtC7LwIeaeeXcNyQNTaPnfX1kAe
u/U19ORRGWfHM492Pe2RpkAds9u3GqqhALt2QmCD3wa3uu9qy/vwE6jSVq4=
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:35:42 2025 by rpki-client