Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/3SwITKXaAUy6YNIuI1KTBm3IKAQ.roa
File: 3SwITKXaAUy6YNIuI1KTBm3IKAQ.roa (raw, json)
Hash identifier: wAH7YUIdEBZOq33Z6SwQZQaOzZ4o5R2dH7MbgywBHR8=
Subject key identifier: DD:2C:08:4C:A5:DA:01:4C:BA:60:D2:2E:23:52:93:06:6D:C8:28:04
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1F44
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/3SwITKXaAUy6YNIuI1KTBm3IKAQ.roa
Signing time: Tue 17 Jun 2025 18:41:06 +0000
ROA not before: Tue 17 Jun 2025 18:41:06 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8004 (0x1f44)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 17 18:41:06 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=DD2C084CA5DA014CBA60D22E235293066DC82804
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:68:a0:5c:82:95:07:24:83:a8:b1:3a:64:db:
db:c0:07:8b:da:08:75:6e:2f:91:ee:21:05:c6:1e:
42:0a:ea:31:ee:9a:90:e1:9a:a3:0e:e9:57:f1:c0:
6a:84:62:75:46:76:4f:bc:01:5b:6d:c4:e1:f8:65:
44:9f:4d:d3:b3:21:4d:37:89:de:09:30:26:e6:5f:
7e:f6:3c:70:7c:1a:37:84:81:9d:e8:fe:3c:48:dc:
05:e2:19:2b:8e:63:7c:2c:96:4e:e2:72:f1:de:45:
8b:c4:11:90:29:ed:53:c7:be:cd:f3:7d:bd:94:36:
a4:30:b3:cf:19:55:d6:f7:e5:bb:43:99:f7:e5:42:
33:76:61:b1:a1:7d:5e:83:13:1d:68:a8:ff:1b:15:
36:26:35:05:92:d9:83:f8:27:07:44:2f:19:10:ca:
fb:cd:59:62:c7:d0:c2:28:ea:30:fc:f5:a2:cc:d9:
89:99:b3:3e:9a:05:da:c8:44:08:9a:66:a6:26:39:
cf:65:0a:f9:5c:03:72:0e:5e:41:95:3a:b4:94:4b:
fb:67:b8:07:4b:17:c9:4c:14:2d:92:94:9b:c8:7e:
8f:b4:24:65:a9:5a:e1:9e:15:cc:f3:fd:9d:e2:6a:
49:03:68:24:6d:03:6c:2a:2e:35:99:d8:57:ea:4e:
27:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:2C:08:4C:A5:DA:01:4C:BA:60:D2:2E:23:52:93:06:6D:C8:28:04
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/3SwITKXaAUy6YNIuI1KTBm3IKAQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
18:41:8c:06:90:99:00:6b:75:e1:12:8e:d2:e1:85:d8:cd:c8:
e0:93:34:66:b7:77:cb:6e:b7:71:0b:07:8d:f3:24:c7:49:b7:
c9:4a:18:24:49:d1:de:9d:12:30:a6:34:08:22:ec:66:50:cf:
ff:38:7b:17:4f:70:41:cd:35:79:f2:06:c1:0a:2c:68:de:7d:
f7:29:58:14:42:1e:95:a4:1e:e0:a6:47:6e:ce:e5:1e:45:bb:
9b:06:4d:3b:53:0c:1f:6e:7c:96:5c:c2:95:11:1c:6a:ee:69:
db:09:dc:4f:bd:26:a3:50:8a:85:cf:3d:45:ce:71:4f:42:13:
1e:f0:6b:de:b4:7d:e1:11:8b:bb:b7:23:3e:8c:c7:fb:d0:51:
a3:5b:ee:01:e6:cb:f4:9b:c2:33:13:57:de:88:e8:b7:be:dd:
01:3e:21:11:06:3d:4b:7a:eb:d4:03:a8:97:f0:51:3b:14:fa:
17:96:18:b4:d3:e7:c7:60:ce:de:c1:ae:9e:4a:34:59:75:e1:
6d:d1:a5:60:4f:04:9e:4a:d6:68:93:1c:e3:54:8a:cf:bb:2e:
44:82:b9:42:ce:e6:35:f7:00:cd:df:83:af:04:e0:f0:1c:84:
ae:1d:c4:d0:d7:d2:c3:f6:9f:13:64:21:dc:6d:3e:55:98:c4:
60:26:e8:65
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICH0QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTcx
ODQxMDZaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEREMkMwODRDQTVEQTAx
NENCQTYwRDIyRTIzNTI5MzA2NkRDODI4MDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDGaKBcgpUHJIOosTpk29vAB4vaCHVuL5HuIQXGHkIK6jHumpDh
mqMO6VfxwGqEYnVGdk+8AVttxOH4ZUSfTdOzIU03id4JMCbmX372PHB8GjeEgZ3o
/jxI3AXiGSuOY3wslk7icvHeRYvEEZAp7VPHvs3zfb2UNqQws88ZVdb35btDmffl
QjN2YbGhfV6DEx1oqP8bFTYmNQWS2YP4JwdELxkQyvvNWWLH0MIo6jD89aLM2YmZ
sz6aBdrIRAiaZqYmOc9lCvlcA3IOXkGVOrSUS/tnuAdLF8lMFC2SlJvIfo+0JGWp
WuGeFczz/Z3iakkDaCRtA2wqLjWZ2FfqTievAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU3SwITKXaAUy6YNIuI1KTBm3IKAQwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni8zU3dJVEtYYUFVeTZZTkl1
STFLVEJtM0lLQVEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBABhBjAaQmQBrdeESjtLhhdjNyOCTNGa3d8tu
t3ELB43zJMdJt8lKGCRJ0d6dEjCmNAgi7GZQz/84exdPcEHNNXnyBsEKLGjeffcp
WBRCHpWkHuCmR27O5R5Fu5sGTTtTDB9ufJZcwpURHGruadsJ3E+9JqNQioXPPUXO
cU9CEx7wa960feERi7u3Iz6Mx/vQUaNb7gHmy/SbwjMTV96I6Le+3QE+IREGPUt6
69QDqJfwUTsU+heWGLTT58dgzt7Brp5KNFl14W3RpWBPBJ5K1miTHONUis+7LkSC
uULO5jX3AM3fg68E4PAchK4dxNDX0sP2nxNkIdxtPlWYxGAm6GU=
-----END CERTIFICATE-----
Generated at Sun Jul 20 13:26:53 2025 by rpki-client