Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/oh-us7TRUg78W94nCzqStB2eP1I.roa
File: oh-us7TRUg78W94nCzqStB2eP1I.roa (raw, json)
Hash identifier: zJ9tlYdI0CkatrwLJriYIsEzTXN0JivjkPI3f14I6I8=
Subject key identifier: A2:1F:AE:B3:B4:D1:52:0E:FC:5B:DE:27:0B:3A:92:B4:1D:9E:3F:52
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1DD4
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/oh-us7TRUg78W94nCzqStB2eP1I.roa
Signing time: Sun 15 Jun 2025 20:39:58 +0000
ROA not before: Sun 15 Jun 2025 20:39:58 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7636 (0x1dd4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 15 20:39:58 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=A21FAEB3B4D1520EFC5BDE270B3A92B41D9E3F52
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:84:49:7a:18:e8:89:26:02:2c:4b:a0:92:24:
fe:93:83:91:d1:05:c7:c8:03:18:e9:d5:66:71:ba:
a7:b1:b7:29:95:3f:28:74:66:7d:62:58:b0:8d:06:
52:a8:59:13:af:4f:26:b0:75:5a:f9:37:dd:a9:58:
ff:5f:c8:73:3a:e2:45:85:84:5e:1e:83:d4:83:0c:
07:e2:e3:5f:8d:2c:d5:2e:bb:a9:8f:23:b5:ab:02:
54:ce:81:e7:4e:7a:46:96:b4:f8:2f:72:9f:53:bf:
91:8c:9c:61:b1:de:7d:34:dd:79:f5:ea:9d:90:20:
1a:93:98:b2:81:7b:8d:3b:12:1a:74:2e:a0:4e:46:
a5:05:01:f4:ba:a1:a7:d2:d9:a0:71:ac:4d:3e:b8:
0f:13:9f:a0:38:2e:29:b4:4e:22:26:5a:bd:3d:5c:
f8:b8:5a:d4:23:74:b0:8b:cd:cd:bb:6b:ce:de:89:
40:03:b0:d3:5b:6b:a5:95:c5:a1:67:bb:fd:c4:65:
de:28:e4:5a:e1:cd:c4:8c:22:4c:ce:f3:31:48:51:
99:ee:b4:d9:93:8d:ed:32:2e:26:89:2e:67:7d:36:
7b:10:6d:01:b8:a6:a4:d1:10:aa:31:67:bf:d7:11:
ae:67:3a:55:0c:d4:1c:41:69:7f:4d:ba:7a:cb:11:
99:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:1F:AE:B3:B4:D1:52:0E:FC:5B:DE:27:0B:3A:92:B4:1D:9E:3F:52
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/oh-us7TRUg78W94nCzqStB2eP1I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
ae:ac:38:b9:89:8d:da:eb:7f:d0:5c:54:b4:ef:99:86:b8:3c:
18:30:4f:6d:4b:ba:65:86:6c:a9:1c:50:e7:bc:45:ee:4b:ab:
19:6f:94:d2:85:d7:d9:ce:0e:35:01:d9:4d:33:bc:55:3a:2b:
97:28:8e:ad:67:f0:23:59:18:7c:96:73:db:31:44:10:4a:16:
0b:37:10:1d:d0:74:96:21:14:7d:bf:6c:70:13:3d:c7:08:a3:
c7:04:e5:40:fd:eb:48:e8:e0:1c:ae:ac:3a:7f:dc:c1:2e:57:
d6:2e:16:af:4e:11:87:3c:e4:24:c6:38:b8:db:18:ec:a9:fc:
e2:02:37:6c:a4:77:14:ec:8c:9f:4c:cb:51:c3:06:f2:e1:b8:
f3:89:85:64:77:7c:e5:e7:1f:a8:09:90:af:f8:ff:4e:9d:9f:
75:c1:8e:70:a2:7f:bb:89:02:83:09:23:ba:a1:f0:36:c7:db:
dc:d4:ba:d4:62:61:65:52:07:c2:0a:d0:af:ce:c6:c6:65:6c:
f8:4e:79:8e:21:23:b4:17:1a:6b:06:a0:b5:2e:b9:0a:90:c6:
8a:08:88:82:90:88:81:e9:19:1f:f2:00:c7:eb:96:b9:62:52:
7c:a3:2e:64:04:3b:f7:ea:22:7c:0c:b6:44:18:d9:2d:d1:fa:
e1:d7:cb:50
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHdQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTUy
MDM5NThaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEEyMUZBRUIzQjREMTUy
MEVGQzVCREUyNzBCM0E5MkI0MUQ5RTNGNTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDShEl6GOiJJgIsS6CSJP6Tg5HRBcfIAxjp1WZxuqextymVPyh0
Zn1iWLCNBlKoWROvTyawdVr5N92pWP9fyHM64kWFhF4eg9SDDAfi41+NLNUuu6mP
I7WrAlTOgedOekaWtPgvcp9Tv5GMnGGx3n003Xn16p2QIBqTmLKBe407Ehp0LqBO
RqUFAfS6oafS2aBxrE0+uA8Tn6A4Lim0TiImWr09XPi4WtQjdLCLzc27a87eiUAD
sNNba6WVxaFnu/3EZd4o5FrhzcSMIkzO8zFIUZnutNmTje0yLiaJLmd9NnsQbQG4
pqTREKoxZ7/XEa5nOlUM1BxBaX9NunrLEZk5AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUoh+us7TRUg78W94nCzqStB2eP1IwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9vaC11czdUUlVnNzhXOTRu
Q3pxU3RCMmVQMUkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAK6sOLmJjdrrf9BcVLTvmYa4PBgwT21LumWG
bKkcUOe8Re5LqxlvlNKF19nODjUB2U0zvFU6K5cojq1n8CNZGHyWc9sxRBBKFgs3
EB3QdJYhFH2/bHATPccIo8cE5UD960jo4ByurDp/3MEuV9YuFq9OEYc85CTGOLjb
GOyp/OICN2ykdxTsjJ9My1HDBvLhuPOJhWR3fOXnH6gJkK/4/06dn3XBjnCif7uJ
AoMJI7qh8DbH29zUutRiYWVSB8IK0K/OxsZlbPhOeY4hI7QXGmsGoLUuuQqQxooI
iIKQiIHpGR/yAMfrlrliUnyjLmQEO/fqInwMtkQY2S3R+uHXy1A=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:50:46 2025 by rpki-client