Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/Hm2pifq-pIFUxnS2HWZsf49-I0w.roa
File: Hm2pifq-pIFUxnS2HWZsf49-I0w.roa (raw, json)
Hash identifier: cnNthSY+a8C4b7TQx1mM+CKx5lMA/CPqQp39BuN57ms=
Subject key identifier: 1E:6D:A9:89:FA:BE:A4:81:54:C6:74:B6:1D:66:6C:7F:8F:7E:23:4C
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 21FC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Hm2pifq-pIFUxnS2HWZsf49-I0w.roa
Signing time: Sat 21 Jun 2025 21:11:47 +0000
ROA not before: Sat 21 Jun 2025 21:11:47 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8700 (0x21fc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 21 21:11:47 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=1E6DA989FABEA48154C674B61D666C7F8F7E234C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:05:bd:a4:5d:ac:2b:57:8a:d4:5a:61:66:84:
70:c7:3c:2e:e0:8d:21:0c:45:d3:45:ac:51:74:83:
ba:ad:d9:e6:a2:6b:d9:31:43:dd:cf:57:e4:d4:20:
5f:d8:e2:89:ca:fe:89:10:99:22:58:ae:b0:a6:4c:
96:9c:92:ab:ad:e9:d7:c1:ca:6f:07:1a:b5:fe:85:
1a:f4:72:50:b5:40:ed:79:f7:90:a9:91:cc:a0:cc:
46:74:6a:f9:38:ff:29:f2:68:38:b2:76:67:c1:65:
3d:b2:17:15:5a:b0:57:8b:e9:e4:13:61:6f:43:18:
f1:21:1e:2e:10:b3:a7:66:c0:bb:aa:37:7b:c6:d3:
d6:d9:ad:23:c8:81:c5:f2:68:b4:07:6c:68:16:1f:
dd:dd:40:7a:37:8b:54:4c:7b:ae:92:c4:57:5d:70:
ee:71:55:62:7f:48:d8:e2:8e:bd:42:7e:51:a4:3d:
6c:1c:ff:f4:f9:7b:61:93:55:7a:07:46:d7:41:78:
34:a4:d9:ab:8a:ae:80:ad:38:14:2b:a8:81:10:28:
65:14:34:02:13:da:a8:a3:26:5f:a7:11:cc:24:2c:
38:84:cd:7d:05:41:1b:24:23:69:34:c5:53:23:4f:
93:aa:47:87:76:f8:b6:39:a1:2c:ff:38:30:b8:20:
b0:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:6D:A9:89:FA:BE:A4:81:54:C6:74:B6:1D:66:6C:7F:8F:7E:23:4C
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Hm2pifq-pIFUxnS2HWZsf49-I0w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
16:2a:81:9f:c8:cf:a0:93:6c:41:f3:46:58:80:6f:1e:98:a0:
9e:3f:34:a8:83:8e:6e:74:6d:aa:eb:15:a2:9a:99:19:dc:a1:
4b:21:78:70:99:2e:20:4e:de:26:da:09:7b:1f:b6:80:11:87:
b6:31:07:6a:96:10:62:5c:a8:d4:02:35:e0:52:cf:03:6b:ae:
71:c6:74:31:10:26:66:64:a9:7a:0d:8e:1f:27:96:6f:e1:53:
d5:21:a3:c8:16:23:25:9f:b7:da:f3:2f:b5:a1:24:76:21:fc:
ae:18:b3:9b:5b:f7:a9:c7:bf:79:f4:2b:47:6f:27:e2:fd:c1:
8e:c8:36:35:50:1d:cd:f4:21:9e:ee:02:2a:5c:76:17:8f:9b:
b5:77:77:01:f6:b9:a0:57:fb:64:d0:2e:65:0b:19:af:f4:10:
6a:ea:2b:13:13:80:55:c6:f2:a3:15:65:ab:94:8a:fb:48:b7:
d4:d0:7c:de:0d:df:51:85:7c:c2:a4:7e:a3:10:bb:39:7f:88:
cf:a4:7c:15:e5:32:3d:c3:6d:5a:8f:3a:84:87:46:bb:3a:33:
77:83:ec:d2:20:5a:e7:b4:48:15:29:ad:94:ff:b6:61:3c:64:
95:92:dd:bc:7f:0f:09:7b:7d:a1:af:d7:dd:86:b7:05:23:c4:
a4:5b:6c:4e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIfwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjEy
MTExNDdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDFFNkRBOTg5RkFCRUE0
ODE1NEM2NzRCNjFENjY2QzdGOEY3RTIzNEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDBb2kXawrV4rUWmFmhHDHPC7gjSEMRdNFrFF0g7qt2eaia9kx
Q93PV+TUIF/Y4onK/okQmSJYrrCmTJackqut6dfBym8HGrX+hRr0clC1QO1595Cp
kcygzEZ0avk4/ynyaDiydmfBZT2yFxVasFeL6eQTYW9DGPEhHi4Qs6dmwLuqN3vG
09bZrSPIgcXyaLQHbGgWH93dQHo3i1RMe66SxFddcO5xVWJ/SNjijr1CflGkPWwc
//T5e2GTVXoHRtdBeDSk2auKroCtOBQrqIEQKGUUNAIT2qijJl+nEcwkLDiEzX0F
QRskI2k0xVMjT5OqR4d2+LY5oSz/ODC4ILBhAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUHm2pifq+pIFUxnS2HWZsf49+I0wwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9IbTJwaWZxLXBJRlV4blMy
SFdac2Y0OS1JMHcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBABYqgZ/Iz6CTbEHzRliAbx6YoJ4/NKiDjm50
barrFaKamRncoUsheHCZLiBO3ibaCXsftoARh7YxB2qWEGJcqNQCNeBSzwNrrnHG
dDEQJmZkqXoNjh8nlm/hU9Uho8gWIyWft9rzL7WhJHYh/K4Ys5tb96nHv3n0K0dv
J+L9wY7INjVQHc30IZ7uAipcdhePm7V3dwH2uaBX+2TQLmULGa/0EGrqKxMTgFXG
8qMVZauUivtIt9TQfN4N31GFfMKkfqMQuzl/iM+kfBXlMj3DbVqPOoSHRrs6M3eD
7NIgWue0SBUprZT/tmE8ZJWS3bx/Dwl7faGv192GtwUjxKRbbE4=
-----END CERTIFICATE-----
Generated at Sun Jul 20 19:08:42 2025 by rpki-client