Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/hauvbAdUpZS9NuiBV8V7TupZVPQ.roa
File: hauvbAdUpZS9NuiBV8V7TupZVPQ.roa (raw, json)
Hash identifier: DrHVlwQ9uvNkOJ44rfo2uboQCSMfvkCEgBfBUoCEoqA=
Subject key identifier: 85:AB:AF:6C:07:54:A5:94:BD:36:E8:81:57:C5:7B:4E:EA:59:54:F4
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 214C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/hauvbAdUpZS9NuiBV8V7TupZVPQ.roa
Signing time: Fri 20 Jun 2025 23:11:52 +0000
ROA not before: Fri 20 Jun 2025 23:11:52 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8524 (0x214c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 20 23:11:52 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=85ABAF6C0754A594BD36E88157C57B4EEA5954F4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:32:43:08:ed:8e:4b:08:ad:7d:86:32:94:71:
aa:e8:c5:e6:05:15:0f:af:68:1d:38:c2:73:bf:8e:
9d:2a:d5:60:37:3b:69:7e:b9:24:c6:e5:c8:2e:e1:
16:32:84:51:89:e5:8e:9a:d6:c2:4c:1d:83:b3:46:
e5:66:cd:b3:84:ef:a9:8d:62:ec:3f:b7:36:af:0a:
4b:cb:f4:26:80:a4:c5:ee:af:cc:11:b1:59:13:b0:
7d:ee:75:44:90:b7:9f:bf:8e:96:71:07:83:fa:2e:
1a:cb:ea:1d:76:e9:5d:0a:a2:66:77:5a:04:f8:27:
e2:ab:39:11:ee:18:6f:92:b9:b1:9d:16:c9:72:b5:
85:af:66:12:65:27:44:18:61:6d:8b:8f:2e:fa:d3:
d6:d7:dc:06:20:30:75:7d:cd:80:98:e5:b1:84:8d:
4c:60:96:d5:a2:b3:21:50:ab:db:c0:dd:de:2a:90:
be:ac:33:ae:1c:68:27:4b:d8:83:e0:7d:54:91:80:
d2:a9:5c:84:c3:1a:8e:5f:14:53:7d:dc:95:2b:ec:
4c:8d:01:46:78:ee:30:e9:97:33:fe:25:33:77:c1:
9d:96:eb:04:d8:c7:47:c9:c6:3f:d2:7e:2a:a7:d5:
3c:88:f9:e5:9f:0d:9a:bb:62:18:93:a3:fe:26:46:
5d:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:AB:AF:6C:07:54:A5:94:BD:36:E8:81:57:C5:7B:4E:EA:59:54:F4
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/hauvbAdUpZS9NuiBV8V7TupZVPQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
70:b8:04:d5:db:c5:f9:2e:57:e4:9f:26:20:b2:82:cc:a2:fd:
ef:ca:38:c9:a4:14:ea:04:04:95:d8:eb:22:82:94:09:42:ef:
3a:c0:22:84:da:34:e2:ee:14:68:3d:7f:62:0a:08:a7:4a:d3:
8a:e4:76:98:d8:32:1a:9a:30:cf:ba:ac:68:cc:53:e3:fd:7c:
3e:eb:ff:95:0a:7f:8a:1d:61:df:c8:13:bc:0f:30:16:39:7c:
b6:a2:c2:88:99:cc:19:58:3d:6d:c1:06:66:c8:38:a9:41:bd:
d9:7b:bb:ee:c5:e1:07:61:12:0b:54:18:4f:3a:6c:84:29:30:
17:4f:dd:ab:f4:07:cd:66:49:5f:57:9b:0a:de:7a:e3:11:d1:
2b:c8:e4:a9:8e:f2:1a:c3:2e:f1:c4:fd:f4:b4:6a:da:6e:db:
b8:19:0f:d3:7b:5e:74:43:f0:6d:b6:6b:e1:67:89:67:d7:57:
55:50:15:70:d8:9d:10:44:0f:cc:f7:9e:10:06:a8:87:e2:53:
18:74:d8:f8:26:39:d9:15:38:69:c6:6e:47:63:50:ab:1c:28:
c1:32:31:0d:d6:55:4b:97:b5:00:36:43:60:ba:e8:d0:9b:5d:
28:c6:df:e0:4b:82:88:de:cc:fc:c1:26:11:92:42:84:75:89:
f8:a9:bb:e3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIUwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjAy
MzExNTJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDg1QUJBRjZDMDc1NEE1
OTRCRDM2RTg4MTU3QzU3QjRFRUE1OTU0RjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDeMkMI7Y5LCK19hjKUcaroxeYFFQ+vaB04wnO/jp0q1WA3O2l+
uSTG5cgu4RYyhFGJ5Y6a1sJMHYOzRuVmzbOE76mNYuw/tzavCkvL9CaApMXur8wR
sVkTsH3udUSQt5+/jpZxB4P6LhrL6h126V0KomZ3WgT4J+KrORHuGG+SubGdFsly
tYWvZhJlJ0QYYW2Ljy7609bX3AYgMHV9zYCY5bGEjUxgltWisyFQq9vA3d4qkL6s
M64caCdL2IPgfVSRgNKpXITDGo5fFFN93JUr7EyNAUZ47jDplzP+JTN3wZ2W6wTY
x0fJxj/Sfiqn1TyI+eWfDZq7YhiTo/4mRl0nAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUhauvbAdUpZS9NuiBV8V7TupZVPQwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9oYXV2YkFkVXBaUzlOdWlC
VjhWN1R1cFpWUFEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAHC4BNXbxfkuV+SfJiCygsyi/e/KOMmkFOoE
BJXY6yKClAlC7zrAIoTaNOLuFGg9f2IKCKdK04rkdpjYMhqaMM+6rGjMU+P9fD7r
/5UKf4odYd/IE7wPMBY5fLaiwoiZzBlYPW3BBmbIOKlBvdl7u+7F4QdhEgtUGE86
bIQpMBdP3av0B81mSV9XmwreeuMR0SvI5KmO8hrDLvHE/fS0atpu27gZD9N7XnRD
8G22a+FniWfXV1VQFXDYnRBED8z3nhAGqIfiUxh02PgmOdkVOGnGbkdjUKscKMEy
MQ3WVUuXtQA2Q2C66NCbXSjG3+BLgojezPzBJhGSQoR1ifipu+M=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:36:11 2025 by rpki-client