Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/GfmsvGobMmGxvqi8oYgu6T2pMO0.roa
File: GfmsvGobMmGxvqi8oYgu6T2pMO0.roa (raw, json)
Hash identifier: kQCKg1E33knYPHWpC+FQ4ZEBCyLPd+A23wAXDGs9gVs=
Subject key identifier: 19:F9:AC:BC:6A:1B:32:61:B1:BE:A8:BC:A1:88:2E:E9:3D:A9:30:ED
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2FB4
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/GfmsvGobMmGxvqi8oYgu6T2pMO0.roa
Signing time: Mon 20 Oct 2025 20:34:42 +0000
ROA not before: Mon 20 Oct 2025 20:34:42 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 9391
IP address blocks: 124.29.0.0/17 maxlen: 17
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12212 (0x2fb4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Oct 20 20:34:42 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=19F9ACBC6A1B3261B1BEA8BCA1882EE93DA930ED
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:50:33:c6:50:fa:be:c8:e4:f2:33:5c:52:07:
ab:38:73:33:d6:ad:1c:55:2f:b2:98:15:bc:6c:1d:
8d:2c:45:1e:90:1d:f9:2f:be:f1:b1:f3:e7:04:80:
0e:08:1e:83:06:5f:9b:29:c0:2c:86:46:64:95:71:
fe:3a:47:fd:4e:7e:3d:0b:43:b2:3d:e1:37:a6:07:
24:86:e9:6c:bd:d3:5d:2c:1f:d3:14:62:e3:bf:fc:
5a:55:50:20:64:93:3d:9d:9d:68:c8:34:8c:a7:0f:
a7:2e:99:a9:7e:ca:10:ef:38:1b:7a:c4:fd:f6:e9:
b4:9b:62:c8:46:1c:66:0a:dd:d8:ee:a4:71:7b:18:
b9:2d:1e:21:08:d6:55:96:3f:64:18:c7:2a:cd:e0:
02:50:e6:b3:7f:4b:2b:1e:70:99:4a:03:10:98:49:
62:e3:fb:6a:8a:d8:68:19:bc:f3:c2:15:b6:2a:8a:
26:88:74:84:63:d9:c0:54:34:3e:0e:13:b6:a2:fc:
aa:b3:8a:59:ab:af:a9:f3:d9:cf:08:75:3d:df:64:
62:1c:90:fa:8f:74:79:dd:01:fd:21:2b:bf:f4:a8:
9e:0f:b6:cd:1d:3e:53:6c:76:2e:56:e0:5d:f2:2e:
e7:50:fc:28:90:61:61:6a:df:c4:52:20:a7:ce:51:
93:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:F9:AC:BC:6A:1B:32:61:B1:BE:A8:BC:A1:88:2E:E9:3D:A9:30:ED
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/GfmsvGobMmGxvqi8oYgu6T2pMO0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
124.29.0.0/17
Signature Algorithm: sha256WithRSAEncryption
6e:e3:0a:48:a7:0b:75:57:ae:95:e2:df:8e:63:37:93:97:17:
89:ca:01:88:0e:ba:50:6d:7e:1a:1d:ba:38:2a:14:5d:73:66:
0e:eb:0d:a2:a3:e7:d0:58:18:c6:da:2b:7e:6f:a5:77:50:45:
05:10:9a:2b:a5:33:25:d5:7a:4a:bb:04:4d:c8:05:c7:5b:8e:
19:b6:53:4e:d9:63:a7:e1:e3:98:c3:6a:ce:dd:1f:c6:37:59:
e6:c3:2f:48:14:79:d8:3f:20:83:f6:56:39:10:3d:af:ed:c9:
9e:a7:10:bf:8c:66:60:87:d4:48:b1:a9:f2:60:48:06:7a:65:
8f:92:8e:15:af:ea:ff:b4:80:40:76:ae:8d:15:d3:05:16:ae:
15:7c:cf:b1:90:da:4f:ef:cc:b7:f8:07:bd:4c:ed:7a:63:5c:
11:5b:a0:46:57:2b:d2:dc:8a:60:12:d8:9d:d3:76:13:0e:01:
04:31:7b:bb:b9:26:d6:f3:dc:9d:cb:3d:75:c2:2e:9d:92:54:
81:7a:a3:19:7e:16:57:a3:f2:0a:63:d9:83:48:39:1b:1d:e9:
53:b4:10:1e:47:d3:95:82:68:1c:72:02:7c:d2:32:96:60:60:
ba:45:45:22:28:e2:ae:4f:c7:f5:c4:06:6e:7d:47:01:41:d9:
5c:be:e7:4b
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgICL7QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTEwMjAy
MDM0NDJaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDE5RjlBQ0JDNkExQjMy
NjFCMUJFQThCQ0ExODgyRUU5M0RBOTMwRUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDxUDPGUPq+yOTyM1xSB6s4czPWrRxVL7KYFbxsHY0sRR6QHfkv
vvGx8+cEgA4IHoMGX5spwCyGRmSVcf46R/1Ofj0LQ7I94TemBySG6Wy9010sH9MU
YuO//FpVUCBkkz2dnWjINIynD6cumal+yhDvOBt6xP326bSbYshGHGYK3djupHF7
GLktHiEI1lWWP2QYxyrN4AJQ5rN/SysecJlKAxCYSWLj+2qK2GgZvPPCFbYqiiaI
dIRj2cBUND4OE7ai/Kqzilmrr6nz2c8IdT3fZGIckPqPdHndAf0hK7/0qJ4Pts0d
PlNsdi5W4F3yLudQ/CiQYWFq38RSIKfOUZNLAgMBAAGjggHvMIIB6zAdBgNVHQ4E
FgQUGfmsvGobMmGxvqi8oYgu6T2pMO0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9HZm1zdkdvYk1tR3h2cWk4
b1lndTZUMnBNTzAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQH
fB0AMA0GCSqGSIb3DQEBCwUAA4IBAQBu4wpIpwt1V66V4t+OYzeTlxeJygGIDrpQ
bX4aHbo4KhRdc2YO6w2io+fQWBjG2it+b6V3UEUFEJorpTMl1XpKuwRNyAXHW44Z
tlNO2WOn4eOYw2rO3R/GN1nmwy9IFHnYPyCD9lY5ED2v7cmepxC/jGZgh9RIsany
YEgGemWPko4Vr+r/tIBAdq6NFdMFFq4VfM+xkNpP78y3+Ae9TO16Y1wRW6BGVyvS
3IpgEtid03YTDgEEMXu7uSbW89ydyz11wi6dklSBeqMZfhZXo/IKY9mDSDkbHelT
tBAeR9OVgmgccgJ80jKWYGC6RUUiKOKuT8f1xAZufUcBQdlcvudL
-----END CERTIFICATE-----
Generated at Tue Oct 21 06:22:57 2025 by rpki-client