Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/chuympiD0IZm6leG_ActBG_dj7I.roa
File: chuympiD0IZm6leG_ActBG_dj7I.roa (raw, json)
Hash identifier: pP+ILKAbbap9NXTjdF2jB5A5rfxJuBaI4ydqIXnVtJs=
Subject key identifier: 72:1B:B2:9A:98:83:D0:86:66:EA:57:86:FC:07:2D:04:6F:DD:8F:B2
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1DDC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/chuympiD0IZm6leG_ActBG_dj7I.roa
Signing time: Sun 15 Jun 2025 21:39:59 +0000
ROA not before: Sun 15 Jun 2025 21:39:59 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7644 (0x1ddc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 15 21:39:59 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=721BB29A9883D08666EA5786FC072D046FDD8FB2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:eb:18:17:bc:49:e5:d6:9b:28:95:fc:4e:77:
5a:3d:d1:f9:41:1a:eb:58:b3:e9:9a:0f:77:cc:87:
34:e0:36:9d:75:6a:bf:cf:5a:ce:83:b8:db:9f:b4:
f9:95:c7:41:8e:07:e8:96:e6:64:fd:ca:4f:a6:0e:
3b:ae:30:f0:cc:74:19:cb:d4:af:3a:71:d0:2e:0a:
ff:a5:7f:8b:45:62:8b:d4:ee:06:be:4a:af:4c:2e:
aa:65:fb:c1:e6:bd:ee:48:36:22:12:55:24:30:90:
82:7e:39:5a:46:df:7f:a8:c0:89:14:55:de:3b:f6:
62:c3:d3:12:3b:a5:22:2c:dd:99:69:3a:1e:46:8a:
b1:df:94:48:83:95:85:fa:04:d3:2c:40:22:81:07:
9f:aa:6c:9c:5c:1e:52:36:23:04:95:16:57:5e:11:
75:69:26:b1:dd:03:80:a0:7e:bf:af:4a:de:72:73:
1b:42:76:c3:cc:dc:28:3d:a7:3d:27:ec:94:bc:a0:
4b:ba:49:65:84:8c:ba:47:f8:9a:28:9d:54:51:8a:
2e:9b:71:3c:ce:7e:0e:3f:6d:ae:19:d0:f9:a0:3d:
d6:cc:24:a6:0c:e2:d6:e2:25:23:e3:48:69:a9:fa:
48:8b:73:bb:be:b5:d0:d8:81:c9:7a:3e:c9:1d:46:
64:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:1B:B2:9A:98:83:D0:86:66:EA:57:86:FC:07:2D:04:6F:DD:8F:B2
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/chuympiD0IZm6leG_ActBG_dj7I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
68:73:c2:3a:16:60:10:41:ef:b0:72:50:39:cb:75:13:3e:86:
b5:9d:9b:6b:dd:a7:d7:43:09:5a:47:0e:56:54:2d:96:2d:af:
7f:0d:1f:a4:12:ac:99:c2:dc:bc:2d:9c:a1:f8:bc:d9:95:18:
cc:6e:d8:93:c8:2e:e7:75:6f:7f:6e:d8:1a:b2:60:81:29:1b:
af:4a:da:7e:e2:31:f7:39:ef:6f:6a:e9:12:cc:a2:bb:88:66:
0e:e4:99:f9:f1:7e:99:5c:8b:e1:03:77:e3:aa:18:28:40:2f:
a8:f7:3b:19:b2:00:af:9e:dc:d5:27:b7:2f:1c:f0:14:f9:ca:
66:ed:51:e9:0d:a2:b0:3a:41:92:ff:71:f5:88:00:fb:68:ea:
28:4b:80:42:b5:e7:d4:54:2d:92:db:af:48:7e:ad:bd:a5:5f:
f9:3a:66:ea:39:90:b3:ba:b0:f7:0e:1f:9c:28:fb:9d:76:fb:
22:bf:24:06:06:b0:09:ce:3a:6e:e2:fe:7c:25:51:63:1d:e4:
e2:ad:9e:35:20:c8:b3:46:0c:3f:57:71:72:d3:13:16:53:b9:
2f:c3:39:c9:d2:b5:80:24:41:ed:96:74:1a:bd:72:cd:97:16:
80:08:09:eb:b7:09:ea:12:26:5e:e3:06:5d:95:b8:07:fc:b2:
c9:ca:a2:53
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHdwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTUy
MTM5NTlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDcyMUJCMjlBOTg4M0Qw
ODY2NkVBNTc4NkZDMDcyRDA0NkZERDhGQjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCq6xgXvEnl1psolfxOd1o90flBGutYs+maD3fMhzTgNp11ar/P
Ws6DuNuftPmVx0GOB+iW5mT9yk+mDjuuMPDMdBnL1K86cdAuCv+lf4tFYovU7ga+
Sq9MLqpl+8Hmve5INiISVSQwkIJ+OVpG33+owIkUVd479mLD0xI7pSIs3ZlpOh5G
irHflEiDlYX6BNMsQCKBB5+qbJxcHlI2IwSVFldeEXVpJrHdA4Cgfr+vSt5ycxtC
dsPM3Cg9pz0n7JS8oEu6SWWEjLpH+JoonVRRii6bcTzOfg4/ba4Z0PmgPdbMJKYM
4tbiJSPjSGmp+kiLc7u+tdDYgcl6PskdRmT3AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUchuympiD0IZm6leG/ActBG/dj7IwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9jaHV5bXBpRDBJWm02bGVH
X0FjdEJHX2RqN0kucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAGhzwjoWYBBB77ByUDnLdRM+hrWdm2vdp9dD
CVpHDlZULZYtr38NH6QSrJnC3LwtnKH4vNmVGMxu2JPILud1b39u2BqyYIEpG69K
2n7iMfc5729q6RLMoruIZg7kmfnxfplci+EDd+OqGChAL6j3OxmyAK+e3NUnty8c
8BT5ymbtUekNorA6QZL/cfWIAPto6ihLgEK159RULZLbr0h+rb2lX/k6Zuo5kLO6
sPcOH5wo+512+yK/JAYGsAnOOm7i/nwlUWMd5OKtnjUgyLNGDD9XcXLTExZTuS/D
OcnStYAkQe2WdBq9cs2XFoAICeu3CeoSJl7jBl2VuAf8ssnKolM=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:33:57 2025 by rpki-client