Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/kH9jVI53S9KjCnhq4j0zVldrH6U.roa
File: kH9jVI53S9KjCnhq4j0zVldrH6U.roa (raw, json)
Hash identifier: 4+WKqgxGPylvWdjYhuwy6dZwH0uhgeDwyfqLnzwbHTs=
Subject key identifier: 90:7F:63:54:8E:77:4B:D2:A3:0A:78:6A:E2:3D:33:56:57:6B:1F:A5
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2438
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/kH9jVI53S9KjCnhq4j0zVldrH6U.roa
Signing time: Tue 24 Jun 2025 20:42:05 +0000
ROA not before: Tue 24 Jun 2025 20:42:05 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9272 (0x2438)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 24 20:42:05 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=907F63548E774BD2A30A786AE23D3356576B1FA5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:96:a7:f6:4b:cf:b2:09:55:f9:37:80:c2:6e:
35:a3:95:1f:48:8c:3a:77:c5:82:9c:9a:09:63:da:
d4:77:7e:4c:3c:e8:f3:17:d8:12:ec:0a:d9:df:21:
02:67:4e:02:d3:3f:d3:c7:a8:09:79:97:76:a7:c8:
36:99:a7:f8:3e:ad:20:60:ff:43:8a:32:13:52:d1:
bd:29:a7:d2:e4:58:87:97:a0:cd:bf:8b:e6:7d:66:
ed:ac:79:2f:2f:04:c4:a5:1e:c9:af:d5:da:9e:fc:
ca:c8:eb:06:8e:81:46:8b:a6:61:4a:2b:53:0f:20:
93:25:49:23:3b:ba:cf:57:fc:0d:40:8d:20:37:39:
0c:54:65:bb:a4:bc:00:52:b5:aa:33:d6:9c:9b:16:
2b:5c:51:04:9c:bc:bf:1f:55:e3:e5:c3:8d:2b:14:
d0:5b:e4:30:44:31:b8:8c:43:6e:1b:12:12:8b:ef:
0d:34:b1:ca:c2:28:9b:e2:81:39:24:c0:7a:87:85:
0f:32:8e:34:59:6a:fe:00:d6:0b:e7:f4:0e:e3:42:
e6:ef:88:5c:7f:42:7b:31:08:56:64:c1:eb:ce:ed:
f7:5f:5c:04:89:bd:63:49:78:dc:5a:2a:c8:dd:25:
b4:07:85:0d:20:7c:a5:fc:8d:38:df:25:5c:d9:e6:
0a:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:7F:63:54:8E:77:4B:D2:A3:0A:78:6A:E2:3D:33:56:57:6B:1F:A5
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/kH9jVI53S9KjCnhq4j0zVldrH6U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2b:d7:6c:b0:55:27:b9:ee:57:c4:23:d6:f5:30:14:13:e0:ff:
c5:3c:8d:5e:41:d4:3f:0b:1b:04:d0:b7:0e:bb:8a:8f:20:a3:
5f:e6:9e:55:8a:12:57:7b:47:bb:fd:6b:7c:38:e7:e1:0f:ed:
f6:d3:05:9e:23:7d:6f:40:4c:ae:b5:3f:90:d2:d3:a2:f6:f2:
c2:d2:b4:66:bc:6a:13:46:3e:4a:fd:cd:05:c6:7c:32:14:40:
b0:c0:c5:fe:0e:e7:27:9c:f4:72:5b:81:7c:37:2f:89:46:33:
c4:cd:46:b5:59:36:6d:0f:b4:63:eb:c5:b1:67:32:4e:3a:8d:
f6:0f:5b:fc:76:f5:0b:7a:85:b4:6a:22:fe:30:1a:71:15:c5:
ff:f4:13:e6:bc:89:43:b8:c8:3d:50:45:6d:0b:c8:60:44:de:
8b:80:3e:da:ea:24:ff:c7:b4:2f:51:27:12:b9:e9:34:68:f0:
83:6f:f9:33:3a:a1:3c:c1:ad:b9:98:6a:dd:97:a2:7f:3e:a4:
22:5e:57:43:09:8c:61:51:51:7d:9a:73:06:38:ba:73:38:f3:
0f:94:b3:17:69:2f:f6:69:c2:63:54:59:69:20:a2:60:1a:25:
19:72:5d:f6:46:90:7a:2e:7b:83:36:ff:f4:ea:88:3e:13:92:
6a:d7:6b:c3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICJDgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjQy
MDQyMDVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDkwN0Y2MzU0OEU3NzRC
RDJBMzBBNzg2QUUyM0QzMzU2NTc2QjFGQTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCulqf2S8+yCVX5N4DCbjWjlR9IjDp3xYKcmglj2tR3fkw86PMX
2BLsCtnfIQJnTgLTP9PHqAl5l3anyDaZp/g+rSBg/0OKMhNS0b0pp9LkWIeXoM2/
i+Z9Zu2seS8vBMSlHsmv1dqe/MrI6waOgUaLpmFKK1MPIJMlSSM7us9X/A1AjSA3
OQxUZbukvABStaoz1pybFitcUQScvL8fVePlw40rFNBb5DBEMbiMQ24bEhKL7w00
scrCKJvigTkkwHqHhQ8yjjRZav4A1gvn9A7jQubviFx/QnsxCFZkwevO7fdfXASJ
vWNJeNxaKsjdJbQHhQ0gfKX8jTjfJVzZ5grdAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUkH9jVI53S9KjCnhq4j0zVldrH6UwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9rSDlqVkk1M1M5S2pDbmhx
NGowelZsZHJINlUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACvXbLBVJ7nuV8Qj1vUwFBPg/8U8jV5B1D8L
GwTQtw67io8go1/mnlWKEld7R7v9a3w45+EP7fbTBZ4jfW9ATK61P5DS06L28sLS
tGa8ahNGPkr9zQXGfDIUQLDAxf4O5yec9HJbgXw3L4lGM8TNRrVZNm0PtGPrxbFn
Mk46jfYPW/x29Qt6hbRqIv4wGnEVxf/0E+a8iUO4yD1QRW0LyGBE3ouAPtrqJP/H
tC9RJxK56TRo8INv+TM6oTzBrbmYat2Xon8+pCJeV0MJjGFRUX2acwY4unM48w+U
sxdpL/ZpwmNUWWkgomAaJRlyXfZGkHoue4M2//TqiD4TkmrXa8M=
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:33:44 2025 by rpki-client