Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/hHD3OTZ2klEvvp5Qy92X1NMIbtA.roa
File: hHD3OTZ2klEvvp5Qy92X1NMIbtA.roa (raw, json)
Hash identifier: T5hfrhKNg+WhRi64Qz1LrqXeEkUz+DiZYbh2uCiuLQU=
Subject key identifier: 84:70:F7:39:36:76:92:51:2F:BE:9E:50:CB:DD:97:D4:D3:08:6E:D0
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1EAC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/hHD3OTZ2klEvvp5Qy92X1NMIbtA.roa
Signing time: Mon 16 Jun 2025 23:40:02 +0000
ROA not before: Mon 16 Jun 2025 23:40:02 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7852 (0x1eac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 16 23:40:02 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=8470F739367692512FBE9E50CBDD97D4D3086ED0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:4f:68:db:13:bb:93:0b:cc:ae:f2:e6:93:ef:
d6:c7:ff:0f:59:2d:46:61:8c:9f:36:89:ae:d1:65:
f9:53:29:83:29:ac:23:28:ec:17:b0:63:21:b8:7c:
fa:4f:6a:85:9c:cb:62:92:b9:4a:d5:c4:cd:25:13:
d8:2e:b9:51:cf:73:0d:65:03:66:9e:fb:14:a4:c8:
5a:04:6b:2d:ca:1a:16:14:1c:f1:42:fa:c6:5a:24:
0b:6f:e4:2c:74:e7:48:77:9e:96:b3:a5:88:09:b5:
c5:62:5c:e7:82:19:1f:23:a9:8a:f7:2e:db:97:f9:
80:b4:ee:d0:2d:0d:41:f9:34:7b:f3:f1:8a:85:db:
fa:73:07:59:b8:8f:48:bd:85:90:ce:a4:c8:07:b0:
a6:bc:aa:9c:96:9a:bb:20:dd:ad:bc:a1:b8:96:07:
4e:c9:74:db:c2:c5:a3:1d:c4:f6:7f:a7:3c:09:87:
bb:a5:77:64:1a:32:aa:63:d5:ce:39:db:f3:ae:d1:
b4:4e:f8:79:84:f9:28:f0:ef:dc:73:53:9b:a2:85:
ea:21:cd:83:77:85:38:a0:00:d1:8f:13:db:96:44:
49:29:db:24:69:f6:db:12:b4:8d:74:24:a5:38:41:
f4:b3:af:02:30:f9:a0:35:2e:0d:1f:b0:14:f9:54:
4e:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:70:F7:39:36:76:92:51:2F:BE:9E:50:CB:DD:97:D4:D3:08:6E:D0
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/hHD3OTZ2klEvvp5Qy92X1NMIbtA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6b:a0:9f:37:9e:b1:b8:ab:6f:c9:da:69:82:68:63:32:69:a8:
b5:f4:dd:da:c7:ee:9e:a6:7a:b8:61:d9:52:be:28:b8:49:85:
98:e0:a5:06:e2:ed:a8:94:6a:38:79:a8:f6:00:e6:24:be:57:
2e:10:43:97:a3:b0:d8:5a:c2:76:7a:ec:c4:81:c4:c7:0d:40:
e1:1a:ed:15:ef:28:b8:1d:b2:31:f9:d6:b7:d0:63:7e:de:e8:
5f:56:0c:85:93:3e:07:eb:24:64:33:15:e5:17:34:e3:09:44:
8d:63:5f:43:b2:b9:e5:bd:be:65:29:a8:54:fe:3b:7c:f9:b7:
9d:2c:89:e7:eb:7e:c0:5e:fc:8c:88:2d:dd:69:cc:42:9d:78:
a1:35:41:04:35:e7:05:06:94:bf:c1:7d:06:7c:9d:52:b1:a2:
1f:00:9e:60:24:31:34:a6:2e:d0:fb:18:b5:c0:8d:99:15:4d:
84:1b:81:9a:0a:43:cc:4a:ae:fb:bc:2a:ce:f3:fa:b1:55:60:
e0:2b:40:b7:4c:98:c1:ff:c2:f1:08:56:45:c6:cd:17:76:45:
a4:19:cb:32:d3:12:9e:44:2d:b4:33:bc:16:b6:98:ee:7b:40:
94:57:b4:33:bd:80:3b:0d:1d:bf:73:2f:c3:51:2a:69:f2:c6:
89:ae:45:bf
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHqwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTYy
MzQwMDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDg0NzBGNzM5MzY3Njky
NTEyRkJFOUU1MENCREQ5N0Q0RDMwODZFRDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/T2jbE7uTC8yu8uaT79bH/w9ZLUZhjJ82ia7RZflTKYMprCMo
7BewYyG4fPpPaoWcy2KSuUrVxM0lE9guuVHPcw1lA2ae+xSkyFoEay3KGhYUHPFC
+sZaJAtv5Cx050h3npazpYgJtcViXOeCGR8jqYr3LtuX+YC07tAtDUH5NHvz8YqF
2/pzB1m4j0i9hZDOpMgHsKa8qpyWmrsg3a28obiWB07JdNvCxaMdxPZ/pzwJh7ul
d2QaMqpj1c452/Ou0bRO+HmE+Sjw79xzU5uiheohzYN3hTigANGPE9uWREkp2yRp
9tsStI10JKU4QfSzrwIw+aA1Lg0fsBT5VE5XAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUhHD3OTZ2klEvvp5Qy92X1NMIbtAwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9oSEQzT1RaMmtsRXZ2cDVR
eTkyWDFOTUlidEEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAGugnzeesbirb8naaYJoYzJpqLX03drH7p6m
erhh2VK+KLhJhZjgpQbi7aiUajh5qPYA5iS+Vy4QQ5ejsNhawnZ67MSBxMcNQOEa
7RXvKLgdsjH51rfQY37e6F9WDIWTPgfrJGQzFeUXNOMJRI1jX0OyueW9vmUpqFT+
O3z5t50siefrfsBe/IyILd1pzEKdeKE1QQQ15wUGlL/BfQZ8nVKxoh8AnmAkMTSm
LtD7GLXAjZkVTYQbgZoKQ8xKrvu8Ks7z+rFVYOArQLdMmMH/wvEIVkXGzRd2RaQZ
yzLTEp5ELbQzvBa2mO57QJRXtDO9gDsNHb9zL8NRKmnyxomuRb8=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:43 2025 by rpki-client