Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/fkO8DZgB6FwMqveKdERAYHLkhjA.roa
File: fkO8DZgB6FwMqveKdERAYHLkhjA.roa (raw, json)
Hash identifier: sDeq12JGW6lKVTCZLHkOylRPDQGupA9pmrhyUKnpyY8=
Subject key identifier: 7E:43:BC:0D:98:01:E8:5C:0C:AA:F7:8A:74:44:40:60:72:E4:86:30
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2024
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/fkO8DZgB6FwMqveKdERAYHLkhjA.roa
Signing time: Thu 19 Jun 2025 02:36:16 +0000
ROA not before: Thu 19 Jun 2025 02:36:16 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8228 (0x2024)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 19 02:36:16 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=7E43BC0D9801E85C0CAAF78A7444406072E48630
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:e8:8c:d7:c5:84:29:1a:67:53:da:3e:8e:95:
cd:dd:ed:eb:50:c4:fa:d0:7b:53:79:1c:b5:9f:8c:
a2:9e:20:aa:05:ec:48:24:fc:68:27:ef:26:88:4a:
6a:bb:9d:23:24:bd:e5:9e:f4:ee:00:d4:63:fb:c3:
07:1d:c1:00:2c:ca:e9:a1:6a:66:e5:ba:48:32:4d:
96:1a:47:fc:77:ac:2e:b4:75:ca:02:51:0b:fc:91:
d5:cd:99:31:d5:44:b4:6f:bc:8b:03:f9:a1:95:2d:
04:a3:d0:44:ea:b5:48:80:37:13:b5:2d:6d:1a:67:
3d:16:9c:46:44:4e:40:77:3c:c0:c3:15:55:11:d2:
88:9a:be:42:70:7d:69:17:fd:01:d0:9a:a2:2a:7c:
df:3a:2c:09:7a:fe:fe:93:3e:51:05:d5:b5:ae:1b:
2f:e3:03:9a:aa:eb:9c:af:fa:9e:5c:b8:78:ff:a5:
e8:32:3e:43:af:9b:0d:49:8b:d3:07:54:2d:46:e0:
05:0c:c8:3e:5b:af:34:3f:a5:23:5f:86:da:22:92:
b6:34:92:b2:31:dd:8e:62:3c:42:5b:73:f8:c2:69:
fb:7f:9e:5e:2f:4f:94:b6:33:c5:5d:8a:0f:13:6c:
e3:34:6e:aa:d9:73:bd:92:59:09:dc:63:a8:93:37:
c9:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:43:BC:0D:98:01:E8:5C:0C:AA:F7:8A:74:44:40:60:72:E4:86:30
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/fkO8DZgB6FwMqveKdERAYHLkhjA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2e:d0:6d:1d:0d:31:60:18:b4:db:5d:87:64:d2:fe:b2:71:56:
1d:9d:5b:f1:c8:8f:27:b8:f7:d8:af:e7:e4:8a:79:14:2b:5f:
bf:17:c4:53:42:ae:f0:d9:19:d5:69:23:f8:fd:63:49:cb:02:
fb:3c:ab:30:ea:bd:c7:e4:35:73:19:93:6a:6a:da:75:fa:51:
92:c5:0b:c9:95:30:ea:3d:59:71:49:4d:69:ad:5d:c5:e7:de:
fc:36:c3:a0:dc:25:56:97:24:b2:d2:34:c2:ec:98:98:1d:0b:
9e:52:ef:58:ca:9a:6f:28:bb:f2:7d:de:a5:03:ee:6b:42:0a:
da:5b:ed:80:68:92:a1:ac:b6:70:3d:5e:be:d9:e8:cc:94:b3:
39:c7:ae:3f:db:d7:e0:20:d4:b6:0a:d8:92:9c:f6:05:f8:ea:
2a:48:63:dd:bb:2f:c1:b2:b5:c0:db:3c:05:d0:2b:9d:03:15:
0e:34:dc:6a:f1:25:96:65:b5:7e:24:85:0d:ac:c1:f8:4f:f9:
e1:fc:f9:8b:94:b6:7f:c8:d3:03:7f:3d:73:5c:52:7f:03:63:
53:b3:a3:db:31:c2:60:01:3c:cd:7a:b1:2b:d6:7c:f1:57:ee:
a5:03:2f:f5:50:3c:3b:94:f4:11:f2:3c:0e:5e:91:bf:98:92:
db:7f:88:10
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICICQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTkw
MjM2MTZaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDdFNDNCQzBEOTgwMUU4
NUMwQ0FBRjc4QTc0NDQ0MDYwNzJFNDg2MzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDU6IzXxYQpGmdT2j6Olc3d7etQxPrQe1N5HLWfjKKeIKoF7Egk
/Ggn7yaISmq7nSMkveWe9O4A1GP7wwcdwQAsyumhamblukgyTZYaR/x3rC60dcoC
UQv8kdXNmTHVRLRvvIsD+aGVLQSj0ETqtUiANxO1LW0aZz0WnEZETkB3PMDDFVUR
0oiavkJwfWkX/QHQmqIqfN86LAl6/v6TPlEF1bWuGy/jA5qq65yv+p5cuHj/pegy
PkOvmw1Ji9MHVC1G4AUMyD5brzQ/pSNfhtoikrY0krIx3Y5iPEJbc/jCaft/nl4v
T5S2M8Vdig8TbOM0bqrZc72SWQncY6iTN8l1AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUfkO8DZgB6FwMqveKdERAYHLkhjAwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9ma084RFpnQjZGd01xdmVL
ZEVSQVlITGtoakEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAC7QbR0NMWAYtNtdh2TS/rJxVh2dW/HIjye4
99iv5+SKeRQrX78XxFNCrvDZGdVpI/j9Y0nLAvs8qzDqvcfkNXMZk2pq2nX6UZLF
C8mVMOo9WXFJTWmtXcXn3vw2w6DcJVaXJLLSNMLsmJgdC55S71jKmm8ou/J93qUD
7mtCCtpb7YBokqGstnA9Xr7Z6MyUsznHrj/b1+Ag1LYK2JKc9gX46ipIY927L8Gy
tcDbPAXQK50DFQ403GrxJZZltX4khQ2swfhP+eH8+YuUtn/I0wN/PXNcUn8DY1Oz
o9sxwmABPM16sSvWfPFX7qUDL/VQPDuU9BHyPA5ekb+Yktt/iBA=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:30 2025 by rpki-client