Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/i3hUEtXo1jecySyOKkxBctIDCKI.roa
File: i3hUEtXo1jecySyOKkxBctIDCKI.roa (raw, json)
Hash identifier: /FUj+YKXTqCi3YgpI/L4II/l1pbAJzhQqjg3M5hnciM=
Subject key identifier: 8B:78:54:12:D5:E8:D6:37:9C:C9:2C:8E:2A:4C:41:72:D2:03:08:A2
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 21BC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/i3hUEtXo1jecySyOKkxBctIDCKI.roa
Signing time: Sat 21 Jun 2025 13:11:45 +0000
ROA not before: Sat 21 Jun 2025 13:11:45 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8636 (0x21bc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 21 13:11:45 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=8B785412D5E8D6379CC92C8E2A4C4172D20308A2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:47:ac:51:70:17:0a:35:a3:55:c2:68:96:36:
e7:be:99:7b:8b:39:7d:13:d5:b5:d7:68:c6:2c:fd:
1b:9c:7e:96:3e:37:8b:a1:4c:ef:03:26:cd:9b:b1:
0c:64:a6:1d:bc:e2:67:8c:c4:33:1e:c6:a8:71:24:
8c:a5:21:eb:16:e9:23:90:ae:f1:b3:21:52:38:53:
2f:3c:c9:25:65:f8:0e:e7:f8:bf:e3:d0:d6:06:a5:
2e:09:1c:5f:c6:c3:b6:4e:b6:a0:a7:71:d2:42:b8:
ae:9e:92:15:2e:7b:57:a0:75:41:5a:a9:85:8b:e4:
de:4d:d1:90:70:3d:1c:df:66:60:00:fb:c6:e0:ee:
41:7f:f4:36:ca:ac:0c:ed:fd:f0:4e:94:13:5e:a7:
80:c8:03:09:bf:97:79:5a:9f:7f:a2:35:86:cd:61:
17:86:f2:7a:d3:a5:45:87:d8:5a:f0:a5:94:bf:46:
de:d3:a0:12:57:a3:94:d8:16:96:3b:2b:87:96:f3:
67:b2:d0:df:d1:e4:6c:17:de:d1:26:46:3c:54:87:
43:da:5c:bb:97:7f:c4:81:82:1e:05:43:2b:f2:4b:
ed:6d:ca:d8:30:b1:9e:08:82:6d:4a:1d:05:88:ae:
21:86:91:5e:24:85:c6:ae:55:80:5c:4c:13:ef:fb:
16:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:78:54:12:D5:E8:D6:37:9C:C9:2C:8E:2A:4C:41:72:D2:03:08:A2
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/i3hUEtXo1jecySyOKkxBctIDCKI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3e:fe:68:da:53:24:4e:b5:43:98:75:ad:32:84:94:dd:19:ab:
1a:4e:b7:70:3a:48:74:cf:9b:1c:ca:e2:1f:fe:1a:bb:05:26:
29:b8:ef:a4:a8:00:20:d4:8a:cb:8b:88:71:de:c7:ca:eb:f3:
ba:27:66:6e:e6:e4:36:80:0e:cd:83:64:30:f0:ab:24:7b:cb:
8d:5e:bf:1e:d2:3c:8f:f5:c1:cf:6a:e7:63:01:2e:37:b7:16:
d7:38:2a:fc:1b:b6:ef:99:72:72:53:eb:67:cf:b9:ee:0b:b9:
80:1f:53:cc:87:83:27:de:6a:40:57:c3:9b:67:11:51:a8:53:
64:6b:0f:1f:3b:6e:f2:9e:57:ce:27:db:05:08:35:cc:b7:d5:
e9:6f:29:dd:6c:82:f7:4c:ac:0e:58:5a:62:d0:31:cc:c0:39:
c8:05:e8:c4:15:99:29:27:96:59:8b:3d:c1:8a:f6:9a:f7:a4:
c4:df:89:28:cb:59:a9:1c:bb:02:fd:c5:92:ec:27:bb:68:d7:
df:2c:06:5a:4d:b1:54:db:f0:7a:22:ce:b9:3a:45:4f:2e:e0:
8c:8c:53:4b:46:02:f4:b8:6f:fb:59:66:0e:28:87:24:2e:2a:
9d:6e:d1:15:af:f0:e3:1c:42:ff:61:6b:a5:ce:24:87:71:3c:
80:ed:0d:21
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIbwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjEx
MzExNDVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDhCNzg1NDEyRDVFOEQ2
Mzc5Q0M5MkM4RTJBNEM0MTcyRDIwMzA4QTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCoR6xRcBcKNaNVwmiWNue+mXuLOX0T1bXXaMYs/RucfpY+N4uh
TO8DJs2bsQxkph284meMxDMexqhxJIylIesW6SOQrvGzIVI4Uy88ySVl+A7n+L/j
0NYGpS4JHF/Gw7ZOtqCncdJCuK6ekhUue1egdUFaqYWL5N5N0ZBwPRzfZmAA+8bg
7kF/9DbKrAzt/fBOlBNep4DIAwm/l3lan3+iNYbNYReG8nrTpUWH2FrwpZS/Rt7T
oBJXo5TYFpY7K4eW82ey0N/R5GwX3tEmRjxUh0PaXLuXf8SBgh4FQyvyS+1tytgw
sZ4Igm1KHQWIriGGkV4khcauVYBcTBPv+xbbAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUi3hUEtXo1jecySyOKkxBctIDCKIwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9pM2hVRXRYbzFqZWN5U3lP
S2t4QmN0SURDS0kucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAD7+aNpTJE61Q5h1rTKElN0ZqxpOt3A6SHTP
mxzK4h/+GrsFJim476SoACDUisuLiHHex8rr87onZm7m5DaADs2DZDDwqyR7y41e
vx7SPI/1wc9q52MBLje3Ftc4Kvwbtu+ZcnJT62fPue4LuYAfU8yHgyfeakBXw5tn
EVGoU2RrDx87bvKeV84n2wUINcy31elvKd1sgvdMrA5YWmLQMczAOcgF6MQVmSkn
llmLPcGK9pr3pMTfiSjLWakcuwL9xZLsJ7to198sBlpNsVTb8Hoizrk6RU8u4IyM
U0tGAvS4b/tZZg4ohyQuKp1u0RWv8OMcQv9ha6XOJIdxPIDtDSE=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:43:09 2025 by rpki-client