Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/oY_NviaXFOngtFADSfIKRYi8wbc.roa
File: oY_NviaXFOngtFADSfIKRYi8wbc.roa (raw, json)
Hash identifier: QWsjidYy/Yveh1FXY7BluT7KI5QEPg+YWOU3yCzuzgw=
Subject key identifier: A1:8F:CD:BE:26:97:14:E9:E0:B4:50:03:49:F2:0A:45:88:BC:C1:B7
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 210C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/oY_NviaXFOngtFADSfIKRYi8wbc.roa
Signing time: Fri 20 Jun 2025 15:11:42 +0000
ROA not before: Fri 20 Jun 2025 15:11:42 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8460 (0x210c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 20 15:11:42 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=A18FCDBE269714E9E0B4500349F20A4588BCC1B7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:7f:4a:01:62:15:4e:61:e6:dd:7b:0a:53:0b:
e4:e2:62:9e:1c:68:ca:1c:9f:91:13:98:45:56:a2:
f7:12:da:21:6e:df:4f:3c:21:22:23:fd:81:1f:d5:
30:38:cb:21:3e:9f:7d:26:77:a6:60:23:53:0b:40:
ba:28:ac:2c:ac:b9:15:15:44:ac:89:36:37:13:81:
f4:89:af:b1:39:1b:e1:a3:ed:91:6f:f1:97:0b:78:
b5:58:2c:8c:01:90:8a:b4:37:70:18:c5:9f:09:af:
16:06:bd:6f:d8:27:9a:3a:b8:60:9d:ae:ab:40:0f:
c0:2e:9c:b5:9e:63:f8:db:f8:70:3e:ea:ba:79:d5:
d4:58:0b:04:97:d6:50:74:a6:0d:92:3b:3c:0e:91:
c9:d9:66:85:b6:f4:7d:a5:f7:85:49:8d:77:20:cc:
39:4b:e3:d8:53:9e:1d:e8:42:ae:97:9a:69:53:a3:
c4:b6:b5:3f:85:10:d6:c3:20:de:b4:ff:b1:ca:39:
22:fb:04:cf:75:b3:c9:ee:f0:74:50:0f:1a:74:b0:
7d:bd:10:96:25:ae:16:c3:c6:5a:1e:d4:36:b7:0b:
ed:ff:68:9a:34:03:f5:31:62:d3:5a:38:1a:82:13:
85:0d:90:4a:8a:3a:f3:07:31:41:f7:f9:4a:cd:81:
26:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:8F:CD:BE:26:97:14:E9:E0:B4:50:03:49:F2:0A:45:88:BC:C1:B7
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/oY_NviaXFOngtFADSfIKRYi8wbc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
29:66:aa:e4:93:8e:77:0f:4b:9f:0f:21:ce:49:09:fd:3c:4b:
9a:11:64:aa:f3:df:be:f5:d6:fe:86:d4:b1:c9:e3:04:33:58:
c5:76:ac:4c:fb:ab:a5:c4:e7:71:88:65:d2:6d:6e:8c:dc:f6:
5b:f9:e3:c5:47:d2:8c:f9:bf:91:f8:b1:82:6f:19:b0:9c:ff:
a8:70:e9:cf:ad:c0:cb:8d:15:52:cf:8b:75:95:75:a2:79:f7:
52:76:e1:7d:ce:ea:bc:8c:0a:26:84:0a:e7:39:da:5a:be:1e:
dd:d5:67:d6:4b:21:ea:7c:fb:ee:17:e9:8c:75:3d:a2:9e:19:
ee:8d:db:b0:c0:44:68:fc:a1:ad:d1:a9:7c:24:b7:67:53:31:
7f:ba:fc:91:da:bd:31:5d:93:9b:46:78:56:f7:6f:82:ac:67:
c4:3a:61:6c:a5:c6:8d:18:c8:1e:a1:fd:1a:e8:b3:60:f2:56:
f4:7f:22:82:5a:28:c9:38:bd:f8:fd:4d:63:2f:69:9a:2c:36:
23:6b:85:83:5a:97:9f:33:3b:a1:d6:e2:cf:ab:12:a9:f4:35:
69:a8:d7:af:db:c3:35:c5:eb:64:e4:27:38:45:de:97:11:50:
a9:ce:38:7c:a6:38:29:aa:1c:78:55:b1:4f:8a:04:ff:1c:7f:
e8:42:80:cc
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIQwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjAx
NTExNDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEExOEZDREJFMjY5NzE0
RTlFMEI0NTAwMzQ5RjIwQTQ1ODhCQ0MxQjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDWf0oBYhVOYebdewpTC+TiYp4caMocn5ETmEVWovcS2iFu3088
ISIj/YEf1TA4yyE+n30md6ZgI1MLQLoorCysuRUVRKyJNjcTgfSJr7E5G+Gj7ZFv
8ZcLeLVYLIwBkIq0N3AYxZ8JrxYGvW/YJ5o6uGCdrqtAD8AunLWeY/jb+HA+6rp5
1dRYCwSX1lB0pg2SOzwOkcnZZoW29H2l94VJjXcgzDlL49hTnh3oQq6XmmlTo8S2
tT+FENbDIN60/7HKOSL7BM91s8nu8HRQDxp0sH29EJYlrhbDxloe1Da3C+3/aJo0
A/UxYtNaOBqCE4UNkEqKOvMHMUH3+UrNgSaZAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUoY/NviaXFOngtFADSfIKRYi8wbcwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9vWV9OdmlhWEZPbmd0RkFE
U2ZJS1JZaTh3YmMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAClmquSTjncPS58PIc5JCf08S5oRZKrz3771
1v6G1LHJ4wQzWMV2rEz7q6XE53GIZdJtbozc9lv548VH0oz5v5H4sYJvGbCc/6hw
6c+twMuNFVLPi3WVdaJ591J24X3O6ryMCiaECuc52lq+Ht3VZ9ZLIep8++4X6Yx1
PaKeGe6N27DARGj8oa3RqXwkt2dTMX+6/JHavTFdk5tGeFb3b4KsZ8Q6YWylxo0Y
yB6h/Rros2DyVvR/IoJaKMk4vfj9TWMvaZosNiNrhYNal58zO6HW4s+rEqn0NWmo
16/bwzXF62TkJzhF3pcRUKnOOHymOCmqHHhVsU+KBP8cf+hCgMw=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:21 2025 by rpki-client