Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/ShV0aXBP5GGkjI-BLAWqRvGg5kc.roa
File: ShV0aXBP5GGkjI-BLAWqRvGg5kc.roa (raw, json)
Hash identifier: bBS2Bube/XtWBZGNjIVpoWbPNS47p/Mk5NgJyGKrQ14=
Subject key identifier: 4A:15:74:69:70:4F:E4:61:A4:8C:8F:81:2C:05:AA:46:F1:A0:E6:47
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2284
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ShV0aXBP5GGkjI-BLAWqRvGg5kc.roa
Signing time: Sun 22 Jun 2025 14:11:48 +0000
ROA not before: Sun 22 Jun 2025 14:11:48 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8836 (0x2284)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 22 14:11:48 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=4A157469704FE461A48C8F812C05AA46F1A0E647
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:c9:ae:79:7c:c5:82:90:04:83:8d:ca:a4:03:
c2:09:d8:62:34:20:f2:85:6d:ac:49:d0:82:28:55:
03:a6:a5:4e:8e:84:e2:41:4e:2c:c2:ae:b3:3c:12:
05:e4:89:36:dc:02:b7:fd:47:04:9f:a8:2c:c5:75:
59:33:7b:2e:ab:c4:85:69:27:23:95:31:14:bd:53:
aa:a8:23:97:db:3b:a6:73:0d:ad:af:fc:7d:bf:68:
32:b0:a4:bd:0d:3e:e5:c3:38:07:f6:37:da:ef:f0:
31:10:f7:f3:c6:f0:a3:df:eb:7d:1b:d3:51:80:7c:
35:f2:1f:cc:d9:15:6f:83:74:f1:fc:df:ed:30:41:
5f:b2:22:28:77:47:73:7b:01:15:22:e1:36:be:2a:
4d:c4:87:79:4c:aa:25:e2:97:fb:48:46:06:ff:e4:
b8:fb:67:73:8c:4c:03:c7:fb:e6:a4:b7:dc:6e:1d:
e3:73:05:43:a3:2a:a0:bb:ab:38:32:94:5b:e5:81:
6f:2c:77:ec:81:1f:34:5a:19:8c:0c:d0:d0:84:d3:
6d:b1:37:a1:03:d9:f0:d5:9e:86:57:ce:9a:97:45:
25:a2:34:80:8e:d5:6b:33:70:6f:17:8d:c6:a8:e3:
66:75:94:6f:1c:7c:66:67:13:d0:3c:2c:1c:ae:59:
ab:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:15:74:69:70:4F:E4:61:A4:8C:8F:81:2C:05:AA:46:F1:A0:E6:47
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ShV0aXBP5GGkjI-BLAWqRvGg5kc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
32:37:18:a4:43:28:9f:d2:b2:e1:de:0d:e2:61:71:46:c7:c5:
05:f0:2e:76:5d:4f:12:f8:a5:6b:cc:01:8a:f8:d0:1b:89:fc:
06:cd:63:0b:24:6e:39:23:2c:38:1c:16:17:9a:b6:56:9e:72:
fe:a2:09:ef:f2:e0:72:7e:64:35:3b:4e:00:fe:21:3c:10:d9:
15:0f:04:74:c3:b3:86:fa:54:14:d8:83:5f:4d:c8:cb:b8:76:
ca:93:ac:39:e4:c3:62:17:f6:72:c0:7f:9b:ed:73:bf:77:a6:
e5:71:93:1a:76:a7:7f:7e:b2:84:73:26:28:dc:90:24:2a:8f:
a9:d8:bc:8e:22:25:2c:ca:44:b6:8f:21:05:ce:fb:72:ef:80:
4b:5f:4e:3d:d7:3a:f9:3e:88:62:3f:54:c8:71:6b:82:4d:fd:
52:19:10:22:eb:89:b2:ae:cd:d5:ef:1b:2a:e9:94:10:db:52:
41:ba:e2:51:3f:d8:ad:28:54:34:10:d6:cd:06:49:64:32:13:
aa:9d:a9:d1:8d:dd:65:31:1f:99:ee:2a:e9:1d:e0:35:b7:66:
0d:9e:10:f5:b6:67:38:82:1e:a5:9d:44:ad:c7:6c:a4:25:fc:
22:ba:6b:5a:66:62:18:97:d8:d9:da:c7:f4:19:01:5e:3e:03:
66:7e:1d:ee
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIoQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjIx
NDExNDhaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDRBMTU3NDY5NzA0RkU0
NjFBNDhDOEY4MTJDMDVBQTQ2RjFBMEU2NDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCaya55fMWCkASDjcqkA8IJ2GI0IPKFbaxJ0IIoVQOmpU6OhOJB
TizCrrM8EgXkiTbcArf9RwSfqCzFdVkzey6rxIVpJyOVMRS9U6qoI5fbO6ZzDa2v
/H2/aDKwpL0NPuXDOAf2N9rv8DEQ9/PG8KPf630b01GAfDXyH8zZFW+DdPH83+0w
QV+yIih3R3N7ARUi4Ta+Kk3Eh3lMqiXil/tIRgb/5Lj7Z3OMTAPH++akt9xuHeNz
BUOjKqC7qzgylFvlgW8sd+yBHzRaGYwM0NCE022xN6ED2fDVnoZXzpqXRSWiNICO
1WszcG8Xjcao42Z1lG8cfGZnE9A8LByuWasPAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUShV0aXBP5GGkjI+BLAWqRvGg5kcwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9TaFYwYVhCUDVHR2tqSS1C
TEFXcVJ2R2c1a2Mucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBADI3GKRDKJ/SsuHeDeJhcUbHxQXwLnZdTxL4
pWvMAYr40BuJ/AbNYwskbjkjLDgcFheatlaecv6iCe/y4HJ+ZDU7TgD+ITwQ2RUP
BHTDs4b6VBTYg19NyMu4dsqTrDnkw2IX9nLAf5vtc793puVxkxp2p39+soRzJijc
kCQqj6nYvI4iJSzKRLaPIQXO+3LvgEtfTj3XOvk+iGI/VMhxa4JN/VIZECLribKu
zdXvGyrplBDbUkG64lE/2K0oVDQQ1s0GSWQyE6qdqdGN3WUxH5nuKukd4DW3Zg2e
EPW2ZziCHqWdRK3HbKQl/CK6a1pmYhiX2Nnax/QZAV4+A2Z+He4=
-----END CERTIFICATE-----
Generated at Sun Jul 20 19:08:54 2025 by rpki-client