Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/jNxpxH3y5oQZbL940-s4hmKJ6lM.roa
File: jNxpxH3y5oQZbL940-s4hmKJ6lM.roa (raw, json)
Hash identifier: 9DBZVq5VLqMia4cnXj5PnNPRU0sDEdxz2X4rBeiQ0hU=
Subject key identifier: 8C:DC:69:C4:7D:F2:E6:84:19:6C:BF:78:D3:EB:38:86:62:89:EA:53
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 242C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/jNxpxH3y5oQZbL940-s4hmKJ6lM.roa
Signing time: Tue 24 Jun 2025 19:12:00 +0000
ROA not before: Tue 24 Jun 2025 19:12:00 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9260 (0x242c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 24 19:12:00 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=8CDC69C47DF2E684196CBF78D3EB38866289EA53
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:06:05:d7:c3:90:2b:21:e7:2d:94:bc:b0:b4:
bf:5f:5e:57:cf:da:e8:0d:61:9b:d5:8d:a3:72:27:
2b:2b:39:71:10:85:00:d8:0c:a4:00:9e:c8:31:69:
47:36:17:7c:7b:dd:53:8b:91:d4:a7:11:99:20:ab:
a5:5b:8e:2e:25:8a:72:52:94:c2:39:2e:a6:fc:5a:
9f:98:1c:34:a4:e5:73:75:29:d9:8e:59:34:90:bd:
1b:15:43:9e:15:c5:d8:f7:a9:0d:f8:e5:0e:ef:46:
14:23:ac:92:5c:91:bc:80:84:3e:d7:6c:1b:33:e1:
4c:34:c6:d4:26:85:e2:77:41:4f:e8:54:9b:d2:45:
6c:ac:8a:2b:e3:3b:13:03:38:a9:6f:af:2d:41:d0:
95:8b:a4:bd:e2:77:63:67:d1:94:cd:4c:5b:e1:bc:
d6:75:95:36:bc:e5:57:5d:e2:59:a0:ef:ce:2b:4b:
b1:e6:3d:52:c3:ca:07:c9:3d:5d:a5:08:a5:d3:7c:
5e:7f:c1:7f:e0:49:24:ec:73:ae:90:ff:88:b8:89:
57:7a:42:58:da:e3:e6:25:77:2b:68:e9:d2:7d:4a:
13:77:32:97:b5:ff:81:32:58:ea:a2:76:17:56:a4:
cb:82:4e:50:d0:37:95:4e:e8:26:72:70:22:ca:95:
0a:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:DC:69:C4:7D:F2:E6:84:19:6C:BF:78:D3:EB:38:86:62:89:EA:53
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/jNxpxH3y5oQZbL940-s4hmKJ6lM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4b:8c:f8:bd:b5:4e:ee:3c:1a:60:1b:f4:bd:c6:1d:5a:d3:5f:
b1:f4:59:a6:35:47:ec:22:37:88:cd:54:f5:29:b9:62:69:32:
c8:51:3b:76:43:86:14:2f:58:0e:41:b2:d7:c1:c7:95:f3:9b:
10:4e:5e:4a:94:eb:c1:b8:e0:45:aa:1e:12:bc:ce:54:cc:f3:
a3:07:0b:97:ef:1f:92:f3:66:19:f2:0c:5d:c4:70:77:eb:a3:
c8:75:d9:94:04:ef:16:c0:51:e1:b2:78:b7:2d:c8:f7:d5:a2:
8c:17:68:0c:b3:3d:8c:b1:fa:78:4a:a1:4d:db:ec:86:8a:3e:
34:47:eb:4b:2a:e1:d3:75:99:57:95:cc:46:11:ab:a3:f3:03:
72:70:50:8d:e8:74:fd:92:d3:b7:c6:d3:90:80:e5:da:0b:5b:
00:2c:30:a9:36:a0:aa:9e:8c:63:60:5a:08:dd:c6:35:d6:bb:
df:4d:c1:d2:07:2d:b7:4f:28:d4:7f:74:91:cd:0c:41:4c:68:
5b:6d:b6:e1:88:fc:89:30:bc:39:3b:17:e6:5c:9f:88:d2:1f:
69:0b:ba:df:43:69:47:e8:1b:91:c8:96:47:cd:de:80:89:b5:
58:2e:f1:d5:c4:e9:68:4d:69:6e:d9:93:13:30:ca:5b:ad:f1:
b8:6a:91:06
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICJCwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjQx
OTEyMDBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDhDREM2OUM0N0RGMkU2
ODQxOTZDQkY3OEQzRUIzODg2NjI4OUVBNTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPBgXXw5ArIectlLywtL9fXlfP2ugNYZvVjaNyJysrOXEQhQDY
DKQAnsgxaUc2F3x73VOLkdSnEZkgq6Vbji4linJSlMI5Lqb8Wp+YHDSk5XN1KdmO
WTSQvRsVQ54Vxdj3qQ345Q7vRhQjrJJckbyAhD7XbBsz4Uw0xtQmheJ3QU/oVJvS
RWysiivjOxMDOKlvry1B0JWLpL3id2Nn0ZTNTFvhvNZ1lTa85Vdd4lmg784rS7Hm
PVLDygfJPV2lCKXTfF5/wX/gSSTsc66Q/4i4iVd6Qlja4+Yldyto6dJ9ShN3Mpe1
/4EyWOqidhdWpMuCTlDQN5VO6CZycCLKlQrdAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUjNxpxH3y5oQZbL940+s4hmKJ6lMwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9qTnhweEgzeTVvUVpiTDk0
MC1zNGhtS0o2bE0ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAEuM+L21Tu48GmAb9L3GHVrTX7H0WaY1R+wi
N4jNVPUpuWJpMshRO3ZDhhQvWA5BstfBx5XzmxBOXkqU68G44EWqHhK8zlTM86MH
C5fvH5LzZhnyDF3EcHfro8h12ZQE7xbAUeGyeLctyPfVoowXaAyzPYyx+nhKoU3b
7IaKPjRH60sq4dN1mVeVzEYRq6PzA3JwUI3odP2S07fG05CA5doLWwAsMKk2oKqe
jGNgWgjdxjXWu99NwdIHLbdPKNR/dJHNDEFMaFtttuGI/IkwvDk7F+Zcn4jSH2kL
ut9DaUfoG5HIlkfN3oCJtVgu8dXE6WhNaW7ZkxMwylut8bhqkQY=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:45:48 2025 by rpki-client