Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/hvgqyB18QJYLmaJkwD3s4dLHkRo.roa
File: hvgqyB18QJYLmaJkwD3s4dLHkRo.roa (raw, json)
Hash identifier: 9YMqlNRDoaT+Axkldny0CMgAcX3tH2XJsA269nk2e0Q=
Subject key identifier: 86:F8:2A:C8:1D:7C:40:96:0B:99:A2:64:C0:3D:EC:E1:D2:C7:91:1A
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2424
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/hvgqyB18QJYLmaJkwD3s4dLHkRo.roa
Signing time: Tue 24 Jun 2025 18:12:11 +0000
ROA not before: Tue 24 Jun 2025 18:12:11 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9252 (0x2424)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 24 18:12:11 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=86F82AC81D7C40960B99A264C03DECE1D2C7911A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:7d:9f:2d:15:5f:23:a0:bf:3d:1f:59:51:1f:
cd:75:da:0e:4c:6a:43:bf:0a:79:7f:8c:da:39:27:
18:a4:c9:43:4d:da:61:62:8e:4e:a9:d8:cc:ad:fb:
f4:1c:23:90:61:fc:95:3b:ec:a2:46:5f:8c:0e:44:
4c:a1:53:1f:cc:59:8c:9f:8a:ad:4c:26:28:81:64:
0e:c8:8d:ca:e5:66:fa:39:91:20:f7:4f:22:53:4e:
f4:ac:89:ca:40:d9:42:01:ad:90:1e:dc:72:f3:c6:
e3:26:72:97:98:19:e5:5b:40:94:51:1b:12:52:4d:
a4:84:57:8b:52:50:75:00:dc:b1:19:b7:22:6e:e2:
04:bb:a6:f2:dc:fc:a8:dd:44:29:83:4a:43:b8:ea:
dc:69:cf:95:de:60:7c:d6:31:c0:29:b5:e6:8d:0d:
84:09:4b:69:38:f3:e0:65:ae:7e:70:85:34:5d:97:
fa:0f:2f:9e:dd:dd:ee:b6:2f:2c:e7:f3:b6:5b:4d:
d0:ab:70:8f:77:3c:09:c6:3b:2f:7b:82:31:f6:81:
b0:2f:19:13:fe:a2:6e:82:93:56:9d:53:d5:50:2d:
0e:c6:29:c5:3f:0a:26:1e:cb:22:ab:31:3f:4a:ad:
0a:00:f0:25:d9:03:52:98:a2:4e:07:d3:98:5a:1f:
15:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:F8:2A:C8:1D:7C:40:96:0B:99:A2:64:C0:3D:EC:E1:D2:C7:91:1A
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/hvgqyB18QJYLmaJkwD3s4dLHkRo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
04:11:81:89:e8:1b:1a:44:b8:03:6c:b2:1d:29:0b:da:89:0d:
ce:af:33:79:66:95:f9:70:51:3c:31:79:8f:b8:fe:24:47:83:
69:6d:34:96:0a:a5:9e:37:80:9e:09:d0:d5:2e:ab:56:a6:61:
e0:bf:92:48:41:2e:cd:09:93:71:eb:ac:01:f5:cd:40:77:a2:
59:dd:2b:7e:2c:6d:c6:d4:43:76:8b:f9:94:5f:ad:a0:4c:3d:
ce:f2:b8:99:9a:cb:89:e3:67:68:5c:76:54:4e:aa:b1:6a:57:
ae:3e:8f:f3:e7:4a:f3:45:11:09:09:d7:60:63:79:0f:98:ce:
6e:65:19:b4:6d:9c:36:2b:2b:5f:0d:5f:89:8a:57:6e:ef:8d:
9d:b0:a9:48:1c:ea:90:25:45:80:94:eb:b8:3b:a4:cd:65:fa:
6f:08:35:77:25:e0:b1:1f:f2:b7:1d:ec:69:b7:fb:13:50:a6:
16:59:35:25:2c:5f:da:a3:fb:1d:20:0d:0f:9a:ab:3e:c4:45:
8f:0e:74:68:d8:09:e6:0e:57:bd:71:f9:2f:2d:30:51:e9:83:
87:c9:c4:2a:c5:44:8d:c6:84:41:c1:44:d3:ea:8c:4c:0a:e6:
4d:2a:e9:14:50:02:4e:4a:23:54:03:3c:bf:b3:9c:28:9f:ea:
87:b9:40:27
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICJCQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjQx
ODEyMTFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDg2RjgyQUM4MUQ3QzQw
OTYwQjk5QTI2NEMwM0RFQ0UxRDJDNzkxMUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxfZ8tFV8joL89H1lRH8112g5MakO/Cnl/jNo5JxikyUNN2mFi
jk6p2Myt+/QcI5Bh/JU77KJGX4wOREyhUx/MWYyfiq1MJiiBZA7IjcrlZvo5kSD3
TyJTTvSsicpA2UIBrZAe3HLzxuMmcpeYGeVbQJRRGxJSTaSEV4tSUHUA3LEZtyJu
4gS7pvLc/KjdRCmDSkO46txpz5XeYHzWMcApteaNDYQJS2k48+Blrn5whTRdl/oP
L57d3e62Lyzn87ZbTdCrcI93PAnGOy97gjH2gbAvGRP+om6Ck1adU9VQLQ7GKcU/
CiYeyyKrMT9KrQoA8CXZA1KYok4H05haHxVLAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUhvgqyB18QJYLmaJkwD3s4dLHkRowHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9odmdxeUIxOFFKWUxtYUpr
d0QzczRkTEhrUm8ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAAQRgYnoGxpEuANssh0pC9qJDc6vM3lmlflw
UTwxeY+4/iRHg2ltNJYKpZ43gJ4J0NUuq1amYeC/kkhBLs0Jk3HrrAH1zUB3olnd
K34sbcbUQ3aL+ZRfraBMPc7yuJmay4njZ2hcdlROqrFqV64+j/PnSvNFEQkJ12Bj
eQ+Yzm5lGbRtnDYrK18NX4mKV27vjZ2wqUgc6pAlRYCU67g7pM1l+m8INXcl4LEf
8rcd7Gm3+xNQphZZNSUsX9qj+x0gDQ+aqz7ERY8OdGjYCeYOV71x+S8tMFHpg4fJ
xCrFRI3GhEHBRNPqjEwK5k0q6RRQAk5KI1QDPL+znCif6oe5QCc=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:47:34 2025 by rpki-client