Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/ONGVX9Swat8XcKW9Tl_8_FALm70.roa
File: ONGVX9Swat8XcKW9Tl_8_FALm70.roa (raw, json)
Hash identifier: TBUgscBvJLsMJ6h+JcmdzfbNY9LTqqHqz0CWfvbQzso=
Subject key identifier: 38:D1:95:5F:D4:B0:6A:DF:17:70:A5:BD:4E:5F:FC:FC:50:0B:9B:BD
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1E28
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ONGVX9Swat8XcKW9Tl_8_FALm70.roa
Signing time: Mon 16 Jun 2025 07:09:59 +0000
ROA not before: Mon 16 Jun 2025 07:09:59 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7720 (0x1e28)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 16 07:09:59 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=38D1955FD4B06ADF1770A5BD4E5FFCFC500B9BBD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:37:c8:50:54:4b:44:2b:37:da:21:7a:a7:b5:
5a:da:7d:5b:78:45:b6:e7:d2:75:fc:a7:00:cb:d2:
52:24:64:45:2e:f8:3e:63:a4:08:63:3e:b0:bd:2b:
31:1f:40:54:71:8a:2c:ba:31:f6:60:7a:cd:40:8a:
0a:67:bf:1d:c2:b1:5b:a7:8a:85:9a:4a:1a:a5:01:
c5:e3:88:67:4f:89:66:9c:8e:42:e5:27:41:a6:fa:
db:7b:f1:4c:00:cb:35:ea:1d:3d:6d:3f:51:4c:e1:
75:69:af:76:46:a3:b4:10:e4:26:c4:4a:e4:06:b8:
73:b1:95:e6:fa:f6:31:42:59:69:3f:b8:c1:2b:d6:
9b:5c:7e:c4:62:94:a9:de:d5:a5:7e:80:1a:fa:be:
83:b0:46:7f:d9:61:ed:b2:f1:71:ad:09:ce:52:c1:
d0:1d:3f:d8:6c:dd:79:1e:5c:36:99:8f:c5:91:cb:
b7:17:27:a5:ae:5b:50:48:76:78:37:31:2f:bf:77:
a0:8c:dc:4e:85:08:2a:78:7f:43:dd:ad:49:ec:bf:
2f:c0:93:de:52:15:ec:d5:a1:ac:df:12:1f:39:83:
97:92:42:08:3f:eb:ee:82:3d:07:db:65:6b:9c:99:
a8:17:86:0e:96:98:a8:41:ff:34:4a:35:4a:1a:8e:
9a:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:D1:95:5F:D4:B0:6A:DF:17:70:A5:BD:4E:5F:FC:FC:50:0B:9B:BD
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ONGVX9Swat8XcKW9Tl_8_FALm70.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
99:d2:27:6d:a2:16:4c:91:bc:bf:4a:e6:7a:ac:1d:d7:d8:19:
98:bf:88:6d:2e:ff:f8:7a:c3:b4:4a:ad:b5:22:d8:41:a9:b3:
5c:3f:d8:99:85:49:5b:2c:33:bc:7d:c8:e3:c7:ac:a5:4e:ec:
2b:20:f3:d8:17:94:ff:e9:6e:70:1a:e7:9a:8d:b3:a0:f5:a5:
0e:c3:c5:3e:c4:62:83:48:24:49:81:bb:c2:b5:ab:2b:6c:af:
ee:8c:1e:21:16:c2:63:ac:43:87:0a:8c:39:41:39:05:9b:6e:
90:db:db:f2:5b:03:27:c4:84:ce:8f:f3:6a:47:9b:48:45:f7:
ec:a9:fe:0d:d1:15:4a:e6:81:dc:60:33:6a:23:8d:8b:73:ec:
6f:eb:70:a2:eb:49:51:51:ae:9b:83:ec:0c:83:ed:21:ef:5b:
fe:b8:7d:bf:55:49:cf:22:02:78:c8:26:70:ec:4e:50:58:58:
be:58:b6:0e:c3:12:63:6e:86:8f:9f:96:b2:69:df:b8:fb:84:
fd:cc:60:50:25:7d:85:45:8b:cb:48:e6:7d:6c:34:44:5d:d9:
95:b5:92:55:91:30:49:c5:b2:15:83:18:54:93:c7:f6:cb:d1:
23:51:3d:e7:42:11:99:cc:55:41:05:58:6b:80:41:61:5c:42:
af:0b:05:b5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHigwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTYw
NzA5NTlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDM4RDE5NTVGRDRCMDZB
REYxNzcwQTVCRDRFNUZGQ0ZDNTAwQjlCQkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDaN8hQVEtEKzfaIXqntVrafVt4Rbbn0nX8pwDL0lIkZEUu+D5j
pAhjPrC9KzEfQFRxiiy6MfZges1Aigpnvx3CsVunioWaShqlAcXjiGdPiWacjkLl
J0Gm+tt78UwAyzXqHT1tP1FM4XVpr3ZGo7QQ5CbESuQGuHOxleb69jFCWWk/uMEr
1ptcfsRilKne1aV+gBr6voOwRn/ZYe2y8XGtCc5SwdAdP9hs3XkeXDaZj8WRy7cX
J6WuW1BIdng3MS+/d6CM3E6FCCp4f0PdrUnsvy/Ak95SFezVoazfEh85g5eSQgg/
6+6CPQfbZWucmagXhg6WmKhB/zRKNUoajppVAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUONGVX9Swat8XcKW9Tl/8/FALm70wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9PTkdWWDlTd2F0OFhjS1c5
VGxfOF9GQUxtNzAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAJnSJ22iFkyRvL9K5nqsHdfYGZi/iG0u//h6
w7RKrbUi2EGps1w/2JmFSVssM7x9yOPHrKVO7Csg89gXlP/pbnAa55qNs6D1pQ7D
xT7EYoNIJEmBu8K1qytsr+6MHiEWwmOsQ4cKjDlBOQWbbpDb2/JbAyfEhM6P82pH
m0hF9+yp/g3RFUrmgdxgM2ojjYtz7G/rcKLrSVFRrpuD7AyD7SHvW/64fb9VSc8i
AnjIJnDsTlBYWL5Ytg7DEmNuho+flrJp37j7hP3MYFAlfYVFi8tI5n1sNERd2ZW1
klWRMEnFshWDGFSTx/bL0SNRPedCEZnMVUEFWGuAQWFcQq8LBbU=
-----END CERTIFICATE-----
Generated at Sun Jul 20 19:05:23 2025 by rpki-client