Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/HWPXZlZEuE-yRcc78RmFNnlSm50.roa
File: HWPXZlZEuE-yRcc78RmFNnlSm50.roa (raw, json)
Hash identifier: 0jvxK3ej00375egQJYAndGUCNsY673gxmCn/VBY6e2I=
Subject key identifier: 1D:63:D7:66:56:44:B8:4F:B2:45:C7:3B:F1:19:85:36:79:52:9B:9D
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 038C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/HWPXZlZEuE-yRcc78RmFNnlSm50.roa
Signing time: Sun 11 May 2025 19:37:54 +0000
ROA not before: Sun 11 May 2025 19:37:54 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 908 (0x38c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 11 19:37:54 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=1D63D7665644B84FB245C73BF119853679529B9D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:9a:97:db:6b:18:4c:3b:f4:b2:ab:99:7d:f0:
7a:68:b2:0b:a2:ca:ae:82:6a:1b:8c:55:03:1b:fb:
93:66:2a:93:b6:dd:94:20:4e:f1:8a:28:b5:d6:a3:
e9:8c:3c:ca:28:37:4a:07:26:21:bb:9c:46:f1:eb:
28:f4:e3:82:a1:38:b4:62:9d:4e:fa:4c:c5:ad:8e:
87:b9:44:41:97:c6:a4:44:94:37:f2:ce:9a:d6:63:
66:3c:20:d7:6d:bc:3b:c4:41:46:0c:05:7a:f9:35:
03:68:18:01:df:d7:8f:f3:3b:e7:e1:b8:df:1b:76:
aa:26:a7:a1:65:3d:57:30:bb:7f:03:39:a5:6e:c3:
d0:a2:78:f9:dd:4c:27:0c:ff:e1:0d:da:39:9a:39:
dc:6b:b1:be:1a:7d:78:b6:38:17:9f:26:1d:06:1d:
e4:2c:b9:64:67:b8:7c:2e:48:fc:11:e5:5e:e4:26:
32:f5:a2:43:d5:18:58:1d:92:24:70:b0:1f:fa:fa:
17:40:ff:97:65:16:ed:5f:a9:ea:cb:38:85:77:98:
0d:44:6f:91:a5:42:a7:93:6f:88:58:eb:30:10:df:
a2:74:7d:01:eb:0c:f9:13:ac:50:0d:22:61:71:e2:
ac:cd:71:5e:05:03:b0:a6:7c:eb:b6:ad:ac:37:ed:
f3:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:63:D7:66:56:44:B8:4F:B2:45:C7:3B:F1:19:85:36:79:52:9B:9D
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/HWPXZlZEuE-yRcc78RmFNnlSm50.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
47:4c:34:d4:e6:bb:a8:73:74:2e:c7:c3:97:b4:95:16:cc:04:
0a:9a:2f:2a:6d:aa:cb:40:dd:bd:86:d4:ca:ff:a7:b3:1d:7f:
ae:1b:3d:56:f9:c0:58:7a:7f:79:f6:6c:40:60:8b:fa:7c:78:
6a:74:72:c7:90:09:ad:e4:b8:df:be:bc:4a:70:0b:85:66:6d:
84:42:c9:b9:bf:b8:3d:fe:c8:14:00:1e:2e:0c:d6:82:dc:91:
2c:3a:9a:08:f3:d7:cb:53:95:55:f3:be:cf:c6:21:5b:02:53:
10:c1:5c:84:21:d3:29:2d:18:ac:d7:fa:ac:fe:92:0a:dc:6c:
af:cd:60:e3:c1:e6:95:c8:88:ce:59:44:26:b5:2c:da:60:a0:
b8:39:16:5c:6e:aa:ef:0f:73:5a:15:17:68:a5:c5:27:8f:cf:
f4:43:0d:70:ab:80:83:22:70:2f:9c:6b:12:73:a4:16:46:29:
c7:ad:a4:ce:57:b3:87:10:c5:d9:ba:c4:b6:7b:f0:74:10:38:
19:9e:5e:8e:3c:30:71:1f:e1:ca:b0:2c:cf:6d:49:0d:84:59:
3d:82:2f:bd:1a:4e:58:7b:5d:f4:25:9a:2e:44:c3:35:c4:ef:
df:45:bd:79:2f:a5:ff:39:ec:36:5c:e7:8a:98:43:62:06:f5:
ba:63:0a:a2
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICA4wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTEx
OTM3NTRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDFENjNENzY2NTY0NEI4
NEZCMjQ1QzczQkYxMTk4NTM2Nzk1MjlCOUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2mpfbaxhMO/Syq5l98Hposguiyq6CahuMVQMb+5NmKpO23ZQg
TvGKKLXWo+mMPMooN0oHJiG7nEbx6yj044KhOLRinU76TMWtjoe5REGXxqRElDfy
zprWY2Y8INdtvDvEQUYMBXr5NQNoGAHf14/zO+fhuN8bdqomp6FlPVcwu38DOaVu
w9CiePndTCcM/+EN2jmaOdxrsb4afXi2OBefJh0GHeQsuWRnuHwuSPwR5V7kJjL1
okPVGFgdkiRwsB/6+hdA/5dlFu1fqerLOIV3mA1Eb5GlQqeTb4hY6zAQ36J0fQHr
DPkTrFANImFx4qzNcV4FA7CmfOu2raw37fPHAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUHWPXZlZEuE+yRcc78RmFNnlSm50wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9IV1BYWmxaRXVFLXlSY2M3
OFJtRk5ubFNtNTAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAEdMNNTmu6hzdC7Hw5e0lRbMBAqaLyptqstA
3b2G1Mr/p7Mdf64bPVb5wFh6f3n2bEBgi/p8eGp0cseQCa3kuN++vEpwC4VmbYRC
ybm/uD3+yBQAHi4M1oLckSw6mgjz18tTlVXzvs/GIVsCUxDBXIQh0yktGKzX+qz+
kgrcbK/NYOPB5pXIiM5ZRCa1LNpgoLg5Flxuqu8Pc1oVF2ilxSePz/RDDXCrgIMi
cC+caxJzpBZGKcetpM5Xs4cQxdm6xLZ78HQQOBmeXo48MHEf4cqwLM9tSQ2EWT2C
L70aTlh7XfQlmi5EwzXE799FvXkvpf857DZc54qYQ2IG9bpjCqI=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:20:03 2025 by rpki-client