Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/_VeLHAHi3_l8k8yF_4t9Ya8Xy4Y.roa
File: _VeLHAHi3_l8k8yF_4t9Ya8Xy4Y.roa (raw, json)
Hash identifier: APxtLVqf34K31fzupNhqhKgjXDLp1vTX4sdh/afxGaw=
Subject key identifier: FD:57:8B:1C:01:E2:DF:F9:7C:93:CC:85:FF:8B:7D:61:AF:17:CB:86
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2004
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/_VeLHAHi3_l8k8yF_4t9Ya8Xy4Y.roa
Signing time: Wed 18 Jun 2025 20:58:58 +0000
ROA not before: Wed 18 Jun 2025 20:58:58 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8196 (0x2004)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 18 20:58:58 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=FD578B1C01E2DFF97C93CC85FF8B7D61AF17CB86
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:64:fd:b5:75:00:94:b5:21:be:cf:a9:a6:1d:
fe:3a:30:90:6a:0a:74:b3:45:ff:b8:4e:01:c6:dc:
8a:5b:de:1f:13:97:cf:75:ee:66:87:bf:c9:88:4f:
29:19:3f:a4:e8:03:65:d9:30:2b:25:34:34:55:73:
84:c8:9d:84:2e:8c:b3:a8:b0:f2:a6:c4:1b:06:50:
62:c6:e3:db:96:ef:53:4e:59:e2:c1:00:e5:19:e0:
29:8d:4a:fd:43:17:22:bf:01:9e:63:b5:e6:10:0a:
78:cb:ad:17:be:7f:0c:80:29:6d:4c:1f:e1:5e:99:
67:45:7f:1e:98:c3:b2:30:e7:a8:a1:8c:aa:f9:19:
04:ee:e6:57:89:f0:3a:ac:52:98:14:48:ea:f9:30:
8d:3e:cc:21:bd:09:4f:22:a6:68:b3:40:2b:b8:1d:
21:04:37:7b:5e:52:b9:02:18:01:6b:b4:2b:3d:3a:
3f:89:1d:00:67:f5:85:e2:a1:10:3c:d6:03:4f:07:
78:99:9e:3c:05:c5:15:12:ab:50:36:b7:78:ea:36:
9d:e5:4b:31:f8:bb:61:e8:f6:0e:a0:64:fb:24:d3:
5d:7b:50:3a:88:c1:f5:fd:a1:0a:a4:79:98:d1:07:
ee:5d:c9:ef:8b:5e:f0:db:44:ee:49:9e:1c:0d:51:
40:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:57:8B:1C:01:E2:DF:F9:7C:93:CC:85:FF:8B:7D:61:AF:17:CB:86
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/_VeLHAHi3_l8k8yF_4t9Ya8Xy4Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8c:82:55:17:c5:85:c6:2f:31:8f:20:ab:72:d9:b0:d2:cf:4a:
e0:50:81:9a:85:21:9f:d6:18:af:10:8e:82:80:e1:58:43:16:
04:a5:79:a4:88:df:21:24:5b:79:48:eb:27:bb:f8:02:62:58:
cc:ac:78:9a:e3:b3:95:25:c9:dc:74:cd:73:4a:40:60:b0:e7:
33:22:42:0b:b9:33:7b:c9:2c:26:66:2f:54:31:37:f2:2c:07:
c0:1b:d7:c3:19:0d:1f:8a:33:44:24:2b:c3:ae:25:a2:1b:ef:
b8:51:6d:00:9a:bf:77:6f:8f:4e:76:da:d9:09:14:e9:79:51:
4f:f2:5b:f0:75:66:4f:e6:07:8e:82:4f:7a:86:a6:99:f6:11:
b9:a5:b5:30:6e:d3:f2:69:0c:9c:68:89:34:d5:c1:05:35:56:
45:66:b8:d6:d1:5d:e3:f9:9b:33:be:26:af:4a:02:6f:b9:e0:
29:d4:e0:0f:9f:38:ec:0e:ef:4a:58:0a:67:1d:2b:08:f7:1e:
5f:ca:8f:9e:f6:0c:4a:aa:3f:38:bc:1e:db:72:d5:3b:34:0a:
53:38:91:a9:98:99:72:f5:8d:d6:8a:21:d4:39:1d:c4:86:d4:
7e:e2:92:9a:fa:a2:75:cd:f2:fc:35:95:82:aa:d6:59:c0:99:
39:ff:7e:75
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIAQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTgy
MDU4NThaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEZENTc4QjFDMDFFMkRG
Rjk3QzkzQ0M4NUZGOEI3RDYxQUYxN0NCODYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCnZP21dQCUtSG+z6mmHf46MJBqCnSzRf+4TgHG3Ipb3h8Tl891
7maHv8mITykZP6ToA2XZMCslNDRVc4TInYQujLOosPKmxBsGUGLG49uW71NOWeLB
AOUZ4CmNSv1DFyK/AZ5jteYQCnjLrRe+fwyAKW1MH+FemWdFfx6Yw7Iw56ihjKr5
GQTu5leJ8DqsUpgUSOr5MI0+zCG9CU8ipmizQCu4HSEEN3teUrkCGAFrtCs9Oj+J
HQBn9YXioRA81gNPB3iZnjwFxRUSq1A2t3jqNp3lSzH4u2Ho9g6gZPsk0117UDqI
wfX9oQqkeZjRB+5dye+LXvDbRO5JnhwNUUDRAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU/VeLHAHi3/l8k8yF/4t9Ya8Xy4YwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9fVmVMSEFIaTNfbDhrOHlG
XzR0OVlhOFh5NFkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIyCVRfFhcYvMY8gq3LZsNLPSuBQgZqFIZ/W
GK8QjoKA4VhDFgSleaSI3yEkW3lI6ye7+AJiWMyseJrjs5Ulydx0zXNKQGCw5zMi
Qgu5M3vJLCZmL1QxN/IsB8Ab18MZDR+KM0QkK8OuJaIb77hRbQCav3dvj0522tkJ
FOl5UU/yW/B1Zk/mB46CT3qGppn2EbmltTBu0/JpDJxoiTTVwQU1VkVmuNbRXeP5
mzO+Jq9KAm+54CnU4A+fOOwO70pYCmcdKwj3Hl/Kj572DEqqPzi8Htty1Ts0ClM4
kamYmXL1jdaKIdQ5HcSG1H7ikpr6onXN8vw1lYKq1lnAmTn/fnU=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:49:28 2025 by rpki-client