Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/-0YDbQbxsW1iidbvRBPR22mY9t0.roa
File: -0YDbQbxsW1iidbvRBPR22mY9t0.roa (raw, json)
Hash identifier: PhQxVLGtpofXRf+vgSHxNk01fHpoEydzcJpiH4NU1O8=
Subject key identifier: FB:46:03:6D:06:F1:B1:6D:62:89:D6:EF:44:13:D1:DB:69:98:F6:DD
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 35BA
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/-0YDbQbxsW1iidbvRBPR22mY9t0.roa
Signing time: Wed 05 Nov 2025 21:11:33 +0000
ROA not before: Wed 05 Nov 2025 21:11:33 +0000
ROA not after: Fri 23 Oct 2026 03:01:03 +0000
asID: 9391
IP address blocks: 124.29.0.0/17 maxlen: 17
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13754 (0x35ba)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Nov 5 21:11:33 2025 GMT
Not After : Oct 23 03:01:03 2026 GMT
Subject: CN=FB46036D06F1B16D6289D6EF4413D1DB6998F6DD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:62:80:fb:fe:9f:6d:07:91:a3:09:57:6e:48:
e9:a6:af:12:1f:c3:95:21:ea:bc:b2:32:ea:63:3f:
ef:87:c4:30:04:62:96:2d:7b:35:26:90:fd:d6:1b:
06:60:0a:14:a1:a8:be:fe:78:6f:ae:79:d3:0a:60:
93:24:6b:72:66:5a:17:87:e1:c9:63:65:2a:6c:36:
8e:1c:27:93:cd:53:2d:1a:a4:02:b1:f5:8d:40:56:
64:29:8e:93:8a:ff:83:aa:56:e6:c6:24:93:d7:94:
b3:62:7a:dc:c1:f4:8c:17:b1:d6:86:d2:b4:a9:25:
07:9e:d4:92:4a:1a:f3:a3:f0:a7:25:f4:74:0a:70:
d1:73:b6:46:ac:3c:ce:1d:cb:4a:e4:61:74:fc:d5:
7c:25:9a:ae:e9:73:6f:0b:d2:d2:62:43:23:c9:22:
8f:48:fc:51:ab:ec:f6:1c:a7:9e:16:88:63:0d:4a:
34:89:35:e9:e4:ba:f1:3f:57:18:e5:04:7f:8a:26:
dc:c4:bf:45:36:74:de:d5:41:93:f3:5d:20:4d:22:
14:bd:1e:bd:00:a7:c0:25:36:44:54:64:8a:9a:5c:
56:fe:6c:a0:57:96:8a:c6:b7:37:ad:5e:77:ae:24:
46:e3:aa:bc:aa:6c:71:c0:d1:52:a4:27:cc:b9:24:
b4:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:46:03:6D:06:F1:B1:6D:62:89:D6:EF:44:13:D1:DB:69:98:F6:DD
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/-0YDbQbxsW1iidbvRBPR22mY9t0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
124.29.0.0/17
Signature Algorithm: sha256WithRSAEncryption
5f:37:cd:96:e9:aa:ac:e4:b9:1a:8d:c3:f2:de:25:5e:11:7b:
c3:69:77:62:65:d3:1f:0f:6a:4b:cf:46:16:dc:32:fa:e8:61:
7e:3b:31:80:dd:91:67:69:29:99:c9:18:fa:68:6e:44:2a:a5:
48:05:b0:b1:67:ba:50:33:68:0d:c7:46:16:f3:e7:16:37:1b:
4e:55:25:d4:d4:d1:92:75:73:89:a5:ab:de:ba:98:e6:a1:58:
51:2f:bc:87:b7:0b:26:33:59:de:8a:6d:14:1e:55:69:a6:b2:
8f:49:de:4f:2b:02:74:95:af:cd:da:44:9a:ac:b6:f5:a6:54:
2e:5f:c5:7e:82:bc:fb:5c:b7:d6:cd:5f:e4:40:c7:31:16:b7:
29:9a:fd:a6:be:70:a2:5d:8f:69:ca:35:9a:11:9d:69:94:99:
78:12:25:67:7e:c5:0e:3f:21:92:dd:f1:0f:a6:48:6c:81:65:
73:18:7f:d2:b1:e8:23:77:ce:f5:a2:bf:cb:8b:7f:ea:3c:67:
38:89:a7:d2:26:78:19:c6:4d:79:21:e6:c8:97:98:b3:ad:0f:
8b:b5:c8:0b:02:b3:63:92:ee:94:e8:c8:d9:4c:55:ae:7a:a8:
1e:b0:11:a5:97:c5:5a:70:f9:0f:56:30:cd:f8:fd:72:15:b6:
bb:d6:89:9b
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgICNbowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTExMDUy
MTExMzNaFw0yNjEwMjMwMzAxMDNaMDMxMTAvBgNVBAMTKEZCNDYwMzZEMDZGMUIx
NkQ2Mjg5RDZFRjQ0MTNEMURCNjk5OEY2REQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMYoD7/p9tB5GjCVduSOmmrxIfw5Uh6ryyMupjP++HxDAEYpYt
ezUmkP3WGwZgChShqL7+eG+uedMKYJMka3JmWheH4cljZSpsNo4cJ5PNUy0apAKx
9Y1AVmQpjpOK/4OqVubGJJPXlLNietzB9IwXsdaG0rSpJQee1JJKGvOj8Kcl9HQK
cNFztkasPM4dy0rkYXT81Xwlmq7pc28L0tJiQyPJIo9I/FGr7PYcp54WiGMNSjSJ
NenkuvE/VxjlBH+KJtzEv0U2dN7VQZPzXSBNIhS9Hr0Ap8AlNkRUZIqaXFb+bKBX
lorGtzetXneuJEbjqryqbHHA0VKkJ8y5JLRlAgMBAAGjggHvMIIB6zAdBgNVHQ4E
FgQU+0YDbQbxsW1iidbvRBPR22mY9t0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni8tMFlEYlFieHNXMWlpZGJ2
UkJQUjIybVk5dDAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQH
fB0AMA0GCSqGSIb3DQEBCwUAA4IBAQBfN82W6aqs5LkajcPy3iVeEXvDaXdiZdMf
D2pLz0YW3DL66GF+OzGA3ZFnaSmZyRj6aG5EKqVIBbCxZ7pQM2gNx0YW8+cWNxtO
VSXU1NGSdXOJpaveupjmoVhRL7yHtwsmM1neim0UHlVpprKPSd5PKwJ0la/N2kSa
rLb1plQuX8V+grz7XLfWzV/kQMcxFrcpmv2mvnCiXY9pyjWaEZ1plJl4EiVnfsUO
PyGS3fEPpkhsgWVzGH/Ssegjd871or/Li3/qPGc4iafSJngZxk15IebIl5izrQ+L
tcgLArNjku6U6MjZTFWueqgesBGll8VacPkPVjDN+P1yFba71omb
-----END CERTIFICATE-----
Generated at Thu Nov 6 02:51:47 2025 by rpki-client