Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/5Oq8wkjT0s-TKK_4X0YhiLVvOyM.roa
File: 5Oq8wkjT0s-TKK_4X0YhiLVvOyM.roa (raw, json)
Hash identifier: Jb3TS+oslRQEbo9eJCZ/02Qq9PAsjK3+PGIOIszeGNQ=
Subject key identifier: E4:EA:BC:C2:48:D3:D2:CF:93:28:AF:F8:5F:46:21:88:B5:6F:3B:23
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2174
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/5Oq8wkjT0s-TKK_4X0YhiLVvOyM.roa
Signing time: Sat 21 Jun 2025 04:11:51 +0000
ROA not before: Sat 21 Jun 2025 04:11:51 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8564 (0x2174)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 21 04:11:51 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=E4EABCC248D3D2CF9328AFF85F462188B56F3B23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:46:a3:8c:03:fe:39:da:f6:52:81:7e:19:a3:
18:c1:c1:39:f4:eb:7b:fc:7d:93:ef:40:6f:ae:91:
9e:51:3a:e2:79:ab:70:76:19:72:e6:85:47:5e:6e:
32:f0:dd:01:cc:b5:ad:31:ba:e9:c7:1f:7f:f6:0c:
d7:b2:37:a3:fc:05:c0:e1:86:3c:62:2f:2f:62:16:
8a:d6:f1:fc:57:d4:65:79:e3:41:cb:de:f4:59:1d:
17:76:b1:20:c1:2d:7d:3e:b9:e3:98:a3:c8:a1:c1:
24:78:09:97:d8:d5:e1:7b:9d:67:16:4a:46:bc:a7:
46:41:ac:f0:1f:2b:a0:e9:51:66:b9:68:80:19:88:
87:0d:bb:13:46:95:88:ca:7b:da:d1:51:35:bd:ff:
49:87:6c:c7:68:8c:f5:70:56:0b:8a:8d:78:da:43:
5b:01:df:8e:15:f9:7c:75:9c:4e:8e:60:40:7c:7a:
a6:06:fa:4f:42:8e:91:c0:af:2b:e4:97:73:fc:22:
b3:d6:f0:2c:b0:59:83:1b:66:60:13:fb:88:ca:0d:
7e:31:35:8f:b3:55:de:00:cf:ae:e5:d8:d0:df:d8:
b5:78:5d:bf:a5:21:2f:f2:1a:c5:1a:87:b4:15:76:
64:74:55:ae:79:54:45:8a:f4:8e:ec:6a:ab:85:6c:
33:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:EA:BC:C2:48:D3:D2:CF:93:28:AF:F8:5F:46:21:88:B5:6F:3B:23
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/5Oq8wkjT0s-TKK_4X0YhiLVvOyM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9f:49:55:c8:dd:24:00:c2:be:91:49:20:fc:c7:7e:fa:ee:91:
e5:4c:3a:11:dc:dc:08:4f:11:61:5d:93:a8:c2:6a:a1:e1:ee:
62:55:20:76:84:83:cd:ce:f9:21:3e:a9:7e:bf:cf:ba:dc:f9:
d2:4e:fd:bd:41:c8:e6:8f:92:d1:b2:73:20:0a:91:07:b4:33:
86:5b:a9:3a:51:ac:19:0c:f8:1f:93:ef:7f:37:7d:42:e6:64:
c2:56:03:ca:6c:b9:b6:b1:0d:34:db:e3:8e:1b:02:86:91:0a:
68:a0:18:1a:16:35:2a:04:ea:91:a2:cf:ed:28:86:87:4d:ed:
64:b8:4d:eb:7a:33:de:5b:42:30:c5:e5:10:0b:b1:01:c3:76:
10:8b:0d:76:53:6d:0c:33:21:e2:ce:fc:83:67:14:0e:60:7a:
89:fd:db:d7:dd:e8:b5:07:aa:e3:4a:51:6d:87:39:23:ab:e2:
45:e8:5f:b1:8d:f2:11:06:95:15:d3:ca:e4:c5:c0:0b:88:c7:
37:3c:cf:37:33:2a:a3:21:d0:f4:92:91:8f:95:45:72:20:49:
46:00:d9:62:24:37:96:62:e7:0e:6b:af:b5:85:ee:66:a4:49:
3a:17:79:d2:6e:38:68:75:ed:32:c1:21:e9:ec:a2:62:06:25:
4c:10:91:d1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIXQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjEw
NDExNTFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEU0RUFCQ0MyNDhEM0Qy
Q0Y5MzI4QUZGODVGNDYyMTg4QjU2RjNCMjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbRqOMA/452vZSgX4ZoxjBwTn063v8fZPvQG+ukZ5ROuJ5q3B2
GXLmhUdebjLw3QHMta0xuunHH3/2DNeyN6P8BcDhhjxiLy9iForW8fxX1GV540HL
3vRZHRd2sSDBLX0+ueOYo8ihwSR4CZfY1eF7nWcWSka8p0ZBrPAfK6DpUWa5aIAZ
iIcNuxNGlYjKe9rRUTW9/0mHbMdojPVwVguKjXjaQ1sB344V+Xx1nE6OYEB8eqYG
+k9CjpHAryvkl3P8IrPW8CywWYMbZmAT+4jKDX4xNY+zVd4Az67l2NDf2LV4Xb+l
IS/yGsUah7QVdmR0Va55VEWK9I7saquFbDP3AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU5Oq8wkjT0s+TKK/4X0YhiLVvOyMwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni81T3E4d2tqVDBzLVRLS180
WDBZaGlMVnZPeU0ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAJ9JVcjdJADCvpFJIPzHfvrukeVMOhHc3AhP
EWFdk6jCaqHh7mJVIHaEg83O+SE+qX6/z7rc+dJO/b1ByOaPktGycyAKkQe0M4Zb
qTpRrBkM+B+T7383fULmZMJWA8psubaxDTTb444bAoaRCmigGBoWNSoE6pGiz+0o
hodN7WS4Tet6M95bQjDF5RALsQHDdhCLDXZTbQwzIeLO/INnFA5geon929fd6LUH
quNKUW2HOSOr4kXoX7GN8hEGlRXTyuTFwAuIxzc8zzczKqMh0PSSkY+VRXIgSUYA
2WIkN5Zi5w5rr7WF7makSToXedJuOGh17TLBIensomIGJUwQkdE=
-----END CERTIFICATE-----
Generated at Sun Jul 20 23:34:57 2025 by rpki-client