Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/z32YfJRMp0ssTnvBc6GQgH-K6qM.roa
File: z32YfJRMp0ssTnvBc6GQgH-K6qM.roa (raw, json)
Hash identifier: oB7H6xK7W0A3n5L0nGWZis0mwvNmhmiYsKQMeZr9YfQ=
Subject key identifier: CF:7D:98:7C:94:4C:A7:4B:2C:4E:7B:C1:73:A1:90:80:7F:8A:EA:A3
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2098
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/z32YfJRMp0ssTnvBc6GQgH-K6qM.roa
Signing time: Thu 19 Jun 2025 22:02:14 +0000
ROA not before: Thu 19 Jun 2025 22:02:14 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8344 (0x2098)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 19 22:02:14 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=CF7D987C944CA74B2C4E7BC173A190807F8AEAA3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:23:43:22:9b:7f:10:8a:dd:00:fa:27:8a:4a:
d3:4d:16:b8:cc:d2:a9:4f:9a:b4:b3:bb:c1:ef:70:
2a:b1:c8:a6:74:bb:08:a6:0a:ef:17:03:69:46:1e:
08:9c:e0:a7:40:53:09:50:13:06:7d:a9:41:f0:0a:
dd:16:45:b0:35:71:19:5c:0b:dc:2c:b1:f0:18:d7:
6b:3f:39:0c:27:9e:be:49:32:2a:8b:dd:03:08:d3:
a6:78:f4:cc:31:f2:f4:95:dc:fe:b7:9d:91:06:19:
c7:b5:e9:04:f4:19:70:63:44:09:0a:17:48:f9:27:
3c:fe:f5:c8:69:21:df:3c:db:c7:c2:a0:21:dc:80:
a7:a2:3c:0d:37:11:00:12:58:3d:d4:5f:40:a9:ac:
bb:f5:ee:76:36:1a:19:61:d1:4c:06:2b:ee:bb:76:
f3:74:ae:40:b7:a6:f1:2f:06:20:1f:30:8d:0a:09:
05:07:cb:c5:df:8b:4d:de:60:ac:7f:c3:b2:53:ad:
08:64:5c:52:8b:59:c6:a2:28:c9:45:a4:f9:bf:33:
06:84:2b:31:3a:df:ac:7e:51:1e:09:be:8a:8c:3d:
34:3c:dc:4e:50:a4:7a:cb:07:fe:ad:01:53:99:17:
57:0d:af:7b:ea:ec:d3:a7:12:f7:d6:60:73:5c:e9:
7a:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:7D:98:7C:94:4C:A7:4B:2C:4E:7B:C1:73:A1:90:80:7F:8A:EA:A3
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/z32YfJRMp0ssTnvBc6GQgH-K6qM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7a:45:0b:af:fb:36:e3:5c:8b:1b:d4:14:ef:2b:3b:1e:ac:3a:
f2:54:a8:c4:b7:6e:4f:ba:c0:5a:e5:59:76:4d:64:15:ea:6e:
b8:11:e9:5c:9a:5b:a0:8c:38:9d:2a:7d:20:46:9a:54:5d:71:
c8:6b:ed:fc:2b:c0:b5:40:a1:cf:2b:8e:10:02:4c:a9:32:ca:
8d:bc:2c:5e:8d:2a:f0:e2:43:eb:69:e6:db:94:6d:25:34:45:
8a:1b:cc:1b:c9:91:1f:9b:86:c7:5b:30:b9:d6:b5:2b:93:dc:
bb:e9:56:4d:b0:0a:45:f9:66:08:e6:a4:3b:b8:9b:0b:9b:9a:
6a:60:83:7d:23:e3:de:c8:57:e5:3b:67:3b:e9:d7:3e:46:25:
6c:ed:f6:7d:08:a5:5d:01:2d:13:be:36:ea:99:4e:ae:0a:14:
75:73:e4:12:c3:f1:91:ec:81:31:f5:a8:7c:7b:ee:ca:71:af:
a4:d1:85:be:12:bb:4d:ab:2a:1b:0d:09:26:3a:17:87:67:b6:
75:ec:bf:f9:5e:c2:f1:ab:0c:7d:f5:13:0f:24:49:a5:ff:32:
f0:53:86:61:8a:aa:68:8d:f0:29:f0:79:6d:53:9f:33:21:f4:
34:91:a6:95:6a:04:87:17:d7:27:c7:9e:8c:13:51:d4:6b:1d:
15:f6:5c:12
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIJgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTky
MjAyMTRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKENGN0Q5ODdDOTQ0Q0E3
NEIyQzRFN0JDMTczQTE5MDgwN0Y4QUVBQTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCuI0Mim38Qit0A+ieKStNNFrjM0qlPmrSzu8HvcCqxyKZ0uwim
Cu8XA2lGHgic4KdAUwlQEwZ9qUHwCt0WRbA1cRlcC9wssfAY12s/OQwnnr5JMiqL
3QMI06Z49Mwx8vSV3P63nZEGGce16QT0GXBjRAkKF0j5Jzz+9chpId8828fCoCHc
gKeiPA03EQASWD3UX0CprLv17nY2Ghlh0UwGK+67dvN0rkC3pvEvBiAfMI0KCQUH
y8Xfi03eYKx/w7JTrQhkXFKLWcaiKMlFpPm/MwaEKzE636x+UR4JvoqMPTQ83E5Q
pHrLB/6tAVOZF1cNr3vq7NOnEvfWYHNc6XqVAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUz32YfJRMp0ssTnvBc6GQgH+K6qMwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni96MzJZZkpSTXAwc3NUbnZC
YzZHUWdILUs2cU0ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAHpFC6/7NuNcixvUFO8rOx6sOvJUqMS3bk+6
wFrlWXZNZBXqbrgR6VyaW6CMOJ0qfSBGmlRdcchr7fwrwLVAoc8rjhACTKkyyo28
LF6NKvDiQ+tp5tuUbSU0RYobzBvJkR+bhsdbMLnWtSuT3LvpVk2wCkX5ZgjmpDu4
mwubmmpgg30j497IV+U7Zzvp1z5GJWzt9n0IpV0BLRO+NuqZTq4KFHVz5BLD8ZHs
gTH1qHx77spxr6TRhb4Su02rKhsNCSY6F4dntnXsv/lewvGrDH31Ew8kSaX/MvBT
hmGKqmiN8CnweW1TnzMh9DSRppVqBIcX1yfHnowTUdRrHRX2XBI=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:50:46 2025 by rpki-client