Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/-BFjkGKpRPQWLZEGDWUaRQOl2WA.roa
File: -BFjkGKpRPQWLZEGDWUaRQOl2WA.roa (raw, json)
Hash identifier: 1ghfZwrbYPgkkjrDFa87i4OM/FHlV0DWYv0Bw3KsTyU=
Subject key identifier: F8:11:63:90:62:A9:44:F4:16:2D:91:06:0D:65:1A:45:03:A5:D9:60
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1CB0
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/-BFjkGKpRPQWLZEGDWUaRQOl2WA.roa
Signing time: Sat 14 Jun 2025 08:18:58 +0000
ROA not before: Sat 14 Jun 2025 08:18:58 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7344 (0x1cb0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 14 08:18:58 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=F811639062A944F4162D91060D651A4503A5D960
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:cb:59:30:92:1f:0f:5a:ea:a2:12:57:bb:a0:
60:c8:42:45:a7:ed:f6:f6:d3:74:a4:e0:22:62:49:
1c:5b:a0:c4:7f:7c:f2:8e:c1:55:7c:b9:1a:05:3d:
97:c1:c8:f7:55:4b:07:c2:66:d2:8f:75:32:15:a4:
81:82:28:8e:1d:9d:75:5b:c3:35:b1:ea:69:6b:ed:
c3:1d:22:bd:eb:58:4e:ed:52:b2:a6:8d:ce:71:9d:
c3:1f:74:40:50:ba:a9:e0:a7:7b:b5:14:e8:de:62:
89:82:ac:38:8f:98:77:fc:b7:ab:54:ff:02:51:90:
9b:7f:fc:a0:93:41:7b:f1:df:37:79:3b:ef:6c:2d:
80:98:fc:b0:9c:7d:05:c3:27:1b:1a:57:36:e8:ac:
16:9b:7e:96:ec:de:33:da:dc:ed:cb:b8:1d:47:ee:
1c:49:e3:39:89:38:6b:21:56:02:1d:57:d7:a9:f7:
84:0f:c3:84:3c:fb:eb:f7:1c:5c:e9:30:ad:39:04:
88:7f:16:94:62:49:96:88:33:31:12:2c:c5:0d:e2:
68:ef:6c:d7:b5:e7:5a:3f:92:47:29:90:15:3a:79:
96:0d:6a:4c:be:a3:24:2b:ef:d5:f1:83:eb:35:60:
5d:ca:ae:54:aa:27:5d:ea:e2:94:09:7d:50:3a:14:
b9:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:11:63:90:62:A9:44:F4:16:2D:91:06:0D:65:1A:45:03:A5:D9:60
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/-BFjkGKpRPQWLZEGDWUaRQOl2WA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3d:ac:3e:53:17:44:9d:25:2f:52:94:c3:60:cc:06:6c:e7:6c:
aa:49:ba:92:78:f9:56:3b:c9:a5:71:db:94:4d:39:af:b7:86:
c6:b3:7d:c1:9b:c5:84:4f:db:c8:d1:94:c4:75:c4:92:3f:0b:
64:09:02:7a:38:84:51:b7:d1:29:6d:1e:31:61:8e:9e:0e:f9:
1d:da:6d:40:2a:56:13:fe:11:8a:2f:0a:2d:7f:a6:a9:99:99:
3b:94:8f:45:49:97:75:0b:f0:d7:13:2e:a3:7c:11:71:c7:52:
e7:7d:0f:30:ce:e3:9a:11:58:50:d1:71:6c:98:52:a7:f9:ac:
c5:73:82:d3:02:d6:76:07:58:f9:5d:6b:31:2a:96:ab:10:7c:
e4:75:da:2f:0e:6e:c4:aa:1a:ff:7b:fc:36:3c:57:93:4e:83:
54:52:19:78:ed:41:c8:ac:8a:f5:93:2b:84:09:da:4f:3b:95:
71:a0:cb:94:2d:f5:44:7d:9d:de:5e:5e:c5:4e:1c:f5:59:2d:
a6:80:cd:ce:a6:18:9e:54:dc:f0:24:12:de:b2:ff:8b:38:b7:
00:b7:3e:74:a1:84:03:c0:fc:5b:0e:42:57:4e:89:98:e6:73:
79:81:69:63:d5:57:ec:6a:e5:0b:4e:79:e4:5d:5a:44:99:c3:
87:d9:80:23
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHLAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTQw
ODE4NThaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEY4MTE2MzkwNjJBOTQ0
RjQxNjJEOTEwNjBENjUxQTQ1MDNBNUQ5NjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIy1kwkh8PWuqiEle7oGDIQkWn7fb203Sk4CJiSRxboMR/fPKO
wVV8uRoFPZfByPdVSwfCZtKPdTIVpIGCKI4dnXVbwzWx6mlr7cMdIr3rWE7tUrKm
jc5xncMfdEBQuqngp3u1FOjeYomCrDiPmHf8t6tU/wJRkJt//KCTQXvx3zd5O+9s
LYCY/LCcfQXDJxsaVzborBabfpbs3jPa3O3LuB1H7hxJ4zmJOGshVgIdV9ep94QP
w4Q8++v3HFzpMK05BIh/FpRiSZaIMzESLMUN4mjvbNe151o/kkcpkBU6eZYNaky+
oyQr79Xxg+s1YF3KrlSqJ13q4pQJfVA6FLnlAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU+BFjkGKpRPQWLZEGDWUaRQOl2WAwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni8tQkZqa0dLcFJQUVdMWkVH
RFdVYVJRT2wyV0Eucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAD2sPlMXRJ0lL1KUw2DMBmznbKpJupJ4+VY7
yaVx25RNOa+3hsazfcGbxYRP28jRlMR1xJI/C2QJAno4hFG30SltHjFhjp4O+R3a
bUAqVhP+EYovCi1/pqmZmTuUj0VJl3UL8NcTLqN8EXHHUud9DzDO45oRWFDRcWyY
Uqf5rMVzgtMC1nYHWPldazEqlqsQfOR12i8ObsSqGv97/DY8V5NOg1RSGXjtQcis
ivWTK4QJ2k87lXGgy5Qt9UR9nd5eXsVOHPVZLaaAzc6mGJ5U3PAkEt6y/4s4twC3
PnShhAPA/FsOQldOiZjmc3mBaWPVV+xq5QtOeeRdWkSZw4fZgCM=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:56:07 2025 by rpki-client