Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/doFfnngNzPyGnHvPuCUmNTIjSoY.roa
File:                     doFfnngNzPyGnHvPuCUmNTIjSoY.roa (raw, json)
Hash identifier:          11ckV7Bb64TUVhJh7NabfNqoKnuW9H+6YWUHbhTWziU=
Subject key identifier:   76:81:5F:9E:78:0D:CC:FC:86:9C:7B:CF:B8:25:26:35:32:23:4A:86
Certificate issuer:       /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial:       22CC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/doFfnngNzPyGnHvPuCUmNTIjSoY.roa
Signing time:             Sun 22 Jun 2025 23:11:57 +0000
ROA not before:           Sun 22 Jun 2025 23:11:57 +0000
ROA not after:            Thu 09 Apr 2026 06:33:21 +0000
asID:                     9391
IP address blocks:        125.169.0.0/16 maxlen: 16
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8908 (0x22cc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
        Validity
            Not Before: Jun 22 23:11:57 2025 GMT
            Not After : Apr  9 06:33:21 2026 GMT
        Subject: CN=76815F9E780DCCFC869C7BCFB825263532234A86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:e1:84:08:65:f2:7e:1e:1a:72:e9:5b:5e:5d:
                    b8:bd:67:ee:60:0c:9c:e9:12:d5:99:7e:13:96:08:
                    df:b7:6c:a4:66:ee:be:e7:5b:15:ec:1c:26:13:55:
                    d4:c9:88:c7:33:d1:8c:bf:36:b4:02:b5:b2:7d:c0:
                    c8:c9:c1:46:1a:3d:31:0c:4f:12:ff:e1:66:de:23:
                    0d:7d:5a:f1:b7:89:28:13:dd:74:a5:b5:c2:b0:c4:
                    3d:fd:e2:3a:8a:a0:04:93:b6:63:7a:8d:94:38:91:
                    52:3d:25:03:d8:01:ba:33:18:f3:25:79:a1:b9:bb:
                    ce:4f:e2:04:f1:69:fa:d0:86:8c:32:73:96:a0:61:
                    ed:58:cb:03:20:29:36:60:89:49:a5:b6:a3:17:89:
                    11:0a:60:b1:6a:4c:80:92:ae:2b:51:57:c5:4f:d5:
                    e4:7b:a5:6b:90:66:0e:de:ae:85:c4:9d:02:53:7a:
                    bd:14:8e:80:85:33:8e:17:07:5c:c9:c3:e0:aa:9f:
                    39:18:51:59:4e:c5:31:39:97:87:25:46:f1:1a:51:
                    7c:c8:d5:3b:5f:4c:16:6e:af:e9:37:e1:4e:de:61:
                    64:e8:16:10:b5:6f:26:83:15:dd:cc:a7:59:1d:a8:
                    d9:d7:2c:47:e8:39:81:ff:82:8e:6b:ac:e7:7e:be:
                    ad:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:81:5F:9E:78:0D:CC:FC:86:9C:7B:CF:B8:25:26:35:32:23:4A:86
            X509v3 Authority Key Identifier:
                keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/doFfnngNzPyGnHvPuCUmNTIjSoY.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  125.169.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         83:a2:79:14:e3:fe:64:9c:cf:1a:6b:b8:b6:b3:1c:84:fe:2d:
         5c:f1:4a:10:fa:25:7b:43:59:a9:6e:b7:67:ad:83:92:99:a2:
         12:f2:16:cb:fb:41:f1:0e:f2:fc:58:b8:a1:7b:7a:b9:14:c3:
         fe:ec:ca:f9:d0:42:30:67:7b:25:88:90:f3:a4:47:2d:3f:65:
         d3:9f:8b:61:49:83:74:b1:d8:52:dd:d6:e2:4f:4c:53:49:46:
         08:ee:0a:3e:b9:c6:be:81:45:56:b8:13:4a:d6:1a:71:ab:02:
         ca:b3:d5:56:1f:a7:f5:db:ff:06:2c:67:04:ab:c2:ec:c5:ac:
         55:16:01:06:85:9d:41:1f:30:bc:97:bd:03:7f:3f:a0:af:11:
         4f:7a:f4:da:97:ea:7c:32:60:0a:05:c8:c8:80:63:12:66:ac:
         6e:be:87:b1:53:af:d4:ea:59:24:58:f0:20:a9:e6:c9:47:f6:
         2d:cf:19:29:89:34:a7:e7:b1:a6:e1:52:39:36:ad:d4:88:8e:
         a6:df:b9:11:09:bb:49:6d:70:b5:3a:88:0d:7d:f6:3c:ee:31:
         b7:18:33:33:5f:2c:6e:58:ad:81:d0:22:a0:8d:1a:6b:0a:47:
         44:b1:72:18:c4:cf:5d:ae:52:bb:8a:bb:ec:a4:83:ca:95:f8:
         9b:6a:85:47
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIswwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjIy
MzExNTdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDc2ODE1RjlFNzgwREND
RkM4NjlDN0JDRkI4MjUyNjM1MzIyMzRBODYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDj4YQIZfJ+Hhpy6VteXbi9Z+5gDJzpEtWZfhOWCN+3bKRm7r7n
WxXsHCYTVdTJiMcz0Yy/NrQCtbJ9wMjJwUYaPTEMTxL/4WbeIw19WvG3iSgT3XSl
tcKwxD394jqKoASTtmN6jZQ4kVI9JQPYAbozGPMleaG5u85P4gTxafrQhowyc5ag
Ye1YywMgKTZgiUmltqMXiREKYLFqTICSritRV8VP1eR7pWuQZg7eroXEnQJTer0U
joCFM44XB1zJw+CqnzkYUVlOxTE5l4clRvEaUXzI1TtfTBZur+k34U7eYWToFhC1
byaDFd3Mp1kdqNnXLEfoOYH/go5rrOd+vq17AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUdoFfnngNzPyGnHvPuCUmNTIjSoYwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9kb0Zmbm5nTnpQeUduSHZQ
dUNVbU5USWpTb1kucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIOieRTj/mSczxpruLazHIT+LVzxShD6JXtD
Walut2etg5KZohLyFsv7QfEO8vxYuKF7erkUw/7syvnQQjBneyWIkPOkRy0/ZdOf
i2FJg3Sx2FLd1uJPTFNJRgjuCj65xr6BRVa4E0rWGnGrAsqz1VYfp/Xb/wYsZwSr
wuzFrFUWAQaFnUEfMLyXvQN/P6CvEU969NqX6nwyYAoFyMiAYxJmrG6+h7FTr9Tq
WSRY8CCp5slH9i3PGSmJNKfnsabhUjk2rdSIjqbfuREJu0ltcLU6iA199jzuMbcY
MzNfLG5YrYHQIqCNGmsKR0SxchjEz12uUruKu+ykg8qV+JtqhUc=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:33 2025 by rpki-client