Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/HkmFSvf_WSilDZYqyVxLOH3HGuU.roa
File: HkmFSvf_WSilDZYqyVxLOH3HGuU.roa (raw, json)
Hash identifier: zZm5ALT8gypTxnqlrjLbIsI4HWgz5/CNALC2rsW6UOc=
Subject key identifier: 1E:49:85:4A:F7:FF:59:28:A5:0D:96:2A:C9:5C:4B:38:7D:C7:1A:E5
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0DCC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/HkmFSvf_WSilDZYqyVxLOH3HGuU.roa
Signing time: Sun 25 May 2025 11:38:55 +0000
ROA not before: Sun 25 May 2025 11:38:55 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3532 (0xdcc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 25 11:38:55 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=1E49854AF7FF5928A50D962AC95C4B387DC71AE5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:c6:3e:f2:1b:1e:a2:9b:6f:91:62:e6:a3:e4:
30:b1:7b:20:b8:89:c2:38:39:d5:ae:02:37:c7:16:
27:1c:b3:0a:eb:85:75:76:4f:00:bb:60:dc:fd:fa:
ea:ca:72:1b:4e:a7:ef:1a:40:35:7c:9c:cf:94:e9:
ca:49:bd:ff:b9:0c:63:13:07:b3:9b:dd:c6:cf:5c:
bc:b1:99:a1:b4:21:1f:f9:97:23:44:58:8b:54:38:
6b:f5:49:9c:07:d7:ad:ef:4a:a3:85:cb:da:ab:11:
2c:4c:29:b0:55:c8:08:f2:c2:90:c4:bb:58:f9:e8:
fa:45:33:3d:c5:62:b7:8b:f4:7f:c3:b8:af:38:c6:
7b:f3:2b:c5:92:5c:be:2d:ec:6c:af:37:b4:50:b2:
e4:00:75:66:ed:7c:c3:55:ac:77:d4:39:f1:d2:28:
28:5f:a2:b9:99:1a:cc:4e:27:b2:b8:9f:b5:38:b1:
15:c8:3d:b9:d9:12:1b:7c:8d:74:8a:cf:36:0c:88:
6c:89:db:2e:f0:c1:e4:56:f7:a2:33:dc:8a:e9:ac:
4f:d7:1e:09:49:c3:23:af:7c:21:39:30:c1:bc:06:
07:91:e6:b8:69:61:8a:4d:7c:19:cc:6d:19:60:63:
81:51:a4:f9:85:47:89:fd:dd:fa:e2:b9:48:83:a1:
be:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:49:85:4A:F7:FF:59:28:A5:0D:96:2A:C9:5C:4B:38:7D:C7:1A:E5
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/HkmFSvf_WSilDZYqyVxLOH3HGuU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5f:ec:29:32:f4:9e:3a:ad:8b:bc:09:7b:5e:af:e3:80:b3:23:
65:5f:34:9d:87:d5:9a:34:aa:b3:80:77:f0:82:05:50:41:3f:
61:2a:b6:6f:ec:2c:3b:2d:5a:19:0d:84:ad:b5:de:f7:49:63:
9c:2a:ba:af:1d:cd:0f:c8:2f:07:77:d5:0c:5b:29:bc:f5:6f:
46:19:d4:81:da:09:af:10:d6:42:be:39:22:ec:ec:55:f0:4f:
33:05:6e:16:48:01:48:29:e7:45:2b:ec:e6:ca:8a:ad:1c:07:
fa:7f:3a:05:90:e3:78:d4:49:a1:b0:45:64:e2:3d:49:6a:f7:
a1:25:72:24:4a:5e:88:3c:43:5a:ba:da:b2:c8:07:3c:90:2f:
0d:9b:31:1c:3f:64:82:be:f3:54:1a:c4:ea:cd:9e:66:ff:25:
bd:40:d4:74:ef:82:44:8f:bb:43:39:28:df:30:89:ff:d6:54:
e8:4d:1d:77:fd:1f:7d:70:5e:3d:c2:a0:f7:78:62:ea:c3:a2:
c7:bb:68:46:1a:25:70:99:c2:15:d6:97:56:b9:3a:5f:61:04:
2e:35:17:82:b4:46:a5:d3:96:8c:90:bf:84:70:0c:70:3b:f6:
5d:01:3e:11:04:a1:bb:91:a3:67:ea:f7:cc:7e:0a:76:f6:68:
50:c8:a1:70
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDcwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjUx
MTM4NTVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDFFNDk4NTRBRjdGRjU5
MjhBNTBEOTYyQUM5NUM0QjM4N0RDNzFBRTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDlxj7yGx6im2+RYuaj5DCxeyC4icI4OdWuAjfHFiccswrrhXV2
TwC7YNz9+urKchtOp+8aQDV8nM+U6cpJvf+5DGMTB7Ob3cbPXLyxmaG0IR/5lyNE
WItUOGv1SZwH163vSqOFy9qrESxMKbBVyAjywpDEu1j56PpFMz3FYreL9H/DuK84
xnvzK8WSXL4t7GyvN7RQsuQAdWbtfMNVrHfUOfHSKChformZGsxOJ7K4n7U4sRXI
PbnZEht8jXSKzzYMiGyJ2y7wweRW96Iz3IrprE/XHglJwyOvfCE5MMG8BgeR5rhp
YYpNfBnMbRlgY4FRpPmFR4n93friuUiDob4nAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUHkmFSvf/WSilDZYqyVxLOH3HGuUwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9Ia21GU3ZmX1dTaWxEWllx
eVZ4TE9IM0hHdVUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAF/sKTL0njqti7wJe16v44CzI2VfNJ2H1Zo0
qrOAd/CCBVBBP2Eqtm/sLDstWhkNhK213vdJY5wquq8dzQ/ILwd31QxbKbz1b0YZ
1IHaCa8Q1kK+OSLs7FXwTzMFbhZIAUgp50Ur7ObKiq0cB/p/OgWQ43jUSaGwRWTi
PUlq96ElciRKXog8Q1q62rLIBzyQLw2bMRw/ZIK+81QaxOrNnmb/Jb1A1HTvgkSP
u0M5KN8wif/WVOhNHXf9H31wXj3CoPd4YurDose7aEYaJXCZwhXWl1a5Ol9hBC41
F4K0RqXTloyQv4RwDHA79l0BPhEEobuRo2fq98x+Cnb2aFDIoXA=
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:09:48 2025 by rpki-client