Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/foGaGuqgJ3UuDlPBmoQeljRWA9o.roa
File: foGaGuqgJ3UuDlPBmoQeljRWA9o.roa (raw, json)
Hash identifier: +6qECiy+olLrKTd4yJcZnZmYB8khbGSYTLu1ODrtrGU=
Subject key identifier: 7E:81:9A:1A:EA:A0:27:75:2E:0E:53:C1:9A:84:1E:96:34:56:03:DA
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2068
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/foGaGuqgJ3UuDlPBmoQeljRWA9o.roa
Signing time: Thu 19 Jun 2025 13:39:18 +0000
ROA not before: Thu 19 Jun 2025 13:39:18 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8296 (0x2068)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 19 13:39:18 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=7E819A1AEAA027752E0E53C19A841E96345603DA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:66:5e:2f:1c:c0:26:71:66:2a:c9:f5:36:da:
b4:33:e1:c9:b2:4b:d1:66:61:bb:3b:42:77:55:53:
36:14:08:e1:ec:01:f7:64:af:d4:3b:04:7d:f8:6b:
7e:43:64:05:c4:ec:1a:43:21:25:f8:da:35:4f:5c:
dd:e2:ec:72:43:97:cf:dd:c5:5f:9f:7a:13:d3:70:
11:9d:e5:5f:e0:9e:ef:fc:6f:82:d9:38:5b:10:47:
ac:e2:f9:b0:2b:04:8c:66:b1:15:6c:88:75:0b:7e:
49:1c:3f:83:35:4c:b9:2e:55:f8:13:c2:57:76:83:
39:f8:a5:56:f3:58:bd:47:12:bc:b8:c5:08:b5:e1:
e7:41:e0:72:2f:d1:b2:55:69:74:13:2d:a9:7c:c9:
17:a9:a2:46:eb:d0:98:d5:49:21:1f:a8:86:f5:e9:
db:01:85:c1:5b:78:ae:f8:9f:00:7c:0e:f0:75:16:
f5:41:52:b1:c9:44:ea:53:83:10:1c:0a:19:d8:71:
b9:5b:57:3e:66:b2:75:ab:58:51:35:9b:f0:72:48:
92:a5:f3:2b:35:10:95:d1:d1:7f:7d:9c:5d:f8:ae:
75:79:68:12:01:d9:c8:dc:6c:8d:a2:dc:b3:c0:e0:
b1:b3:b2:3f:62:15:4b:07:05:76:e0:19:06:d1:66:
73:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:81:9A:1A:EA:A0:27:75:2E:0E:53:C1:9A:84:1E:96:34:56:03:DA
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/foGaGuqgJ3UuDlPBmoQeljRWA9o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
45:3c:eb:e2:04:74:d3:f0:b9:cd:16:f9:46:08:a2:a6:8f:d5:
25:43:e5:e0:da:ff:e0:3b:ec:0a:15:b2:ed:1a:8d:e3:60:91:
29:5e:df:77:b6:f0:0a:21:90:84:cb:84:07:20:59:b3:4e:0d:
d7:ba:22:4a:ce:ed:b8:be:4c:ce:dd:29:6b:29:5f:c7:1e:a0:
cb:ff:61:2e:e6:00:04:a4:9e:d8:51:2f:34:ff:8b:96:e4:9d:
0f:91:fd:33:c7:d5:e0:31:bc:35:95:87:61:73:cf:6b:26:59:
4c:b2:f9:7f:a5:1e:24:bd:7f:3f:78:9b:d0:0e:5b:70:c4:64:
1a:45:04:11:4e:f4:24:a0:c5:4d:e6:b4:5b:5f:e0:58:48:c6:
05:37:f8:26:44:14:ba:4b:64:78:d1:9c:12:59:e2:74:1d:7f:
d3:ac:7b:86:2d:25:92:26:64:4f:1b:89:a2:8e:57:43:cd:8d:
4d:c0:1f:20:e5:a8:d2:8b:d3:af:a4:b2:60:e5:f4:cf:63:68:
b2:40:af:a3:ff:dc:cc:85:15:6f:66:22:61:e1:2b:8e:c4:09:
a5:cc:3e:03:30:08:62:75:26:97:f9:ec:11:ef:6a:4c:cb:3a:
dc:e1:97:46:08:de:4c:3c:27:a9:05:df:45:2a:2f:e5:d4:f4:
ac:4f:96:bc
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIGgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTkx
MzM5MThaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDdFODE5QTFBRUFBMDI3
NzUyRTBFNTNDMTlBODQxRTk2MzQ1NjAzREEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDZl4vHMAmcWYqyfU22rQz4cmyS9FmYbs7QndVUzYUCOHsAfdk
r9Q7BH34a35DZAXE7BpDISX42jVPXN3i7HJDl8/dxV+fehPTcBGd5V/gnu/8b4LZ
OFsQR6zi+bArBIxmsRVsiHULfkkcP4M1TLkuVfgTwld2gzn4pVbzWL1HEry4xQi1
4edB4HIv0bJVaXQTLal8yRepokbr0JjVSSEfqIb16dsBhcFbeK74nwB8DvB1FvVB
UrHJROpTgxAcChnYcblbVz5msnWrWFE1m/BySJKl8ys1EJXR0X99nF34rnV5aBIB
2cjcbI2i3LPA4LGzsj9iFUsHBXbgGQbRZnNXAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUfoGaGuqgJ3UuDlPBmoQeljRWA9owHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9mb0dhR3VxZ0ozVXVEbFBC
bW9RZWxqUldBOW8ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAEU86+IEdNPwuc0W+UYIoqaP1SVD5eDa/+A7
7AoVsu0ajeNgkSle33e28AohkITLhAcgWbNODde6IkrO7bi+TM7dKWspX8ceoMv/
YS7mAASknthRLzT/i5bknQ+R/TPH1eAxvDWVh2Fzz2smWUyy+X+lHiS9fz94m9AO
W3DEZBpFBBFO9CSgxU3mtFtf4FhIxgU3+CZEFLpLZHjRnBJZ4nQdf9Ose4YtJZIm
ZE8biaKOV0PNjU3AHyDlqNKL06+ksmDl9M9jaLJAr6P/3MyFFW9mImHhK47ECaXM
PgMwCGJ1Jpf57BHvakzLOtzhl0YI3kw8J6kF30UqL+XU9KxPlrw=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:47:38 2025 by rpki-client