Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/0KbZI-L-mqi2wLkwSlOLqjhmeio.roa
File: 0KbZI-L-mqi2wLkwSlOLqjhmeio.roa (raw, json)
Hash identifier: yfrEf1UVJuhm4gtIFe9Ihj6dhwttxebaWnZeOhv/9Og=
Subject key identifier: D0:A6:D9:23:E2:FE:9A:A8:B6:C0:B9:30:4A:53:8B:AA:38:66:7A:2A
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 13D8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/0KbZI-L-mqi2wLkwSlOLqjhmeio.roa
Signing time: Mon 02 Jun 2025 13:09:12 +0000
ROA not before: Mon 02 Jun 2025 13:09:12 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5080 (0x13d8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 2 13:09:12 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=D0A6D923E2FE9AA8B6C0B9304A538BAA38667A2A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:37:90:da:91:ba:02:29:fb:1b:ac:f0:c5:51:
cf:c5:42:be:3d:0a:ef:87:8e:fb:b1:e4:34:70:49:
4a:72:14:0d:fe:8f:23:75:d3:d9:6a:f7:a9:3d:71:
93:b0:19:14:6d:65:47:ed:0d:f9:56:66:78:26:40:
a8:6d:6d:91:a8:8f:af:9c:0b:7a:f7:6b:d9:ac:7e:
0f:1f:a2:8e:28:59:1b:db:09:26:f2:ea:62:08:67:
a4:c2:23:ce:de:1a:97:b0:e7:c8:38:50:b6:67:38:
08:46:ae:07:2f:1a:16:1f:1d:85:14:27:36:6b:c1:
bd:b2:20:57:67:7b:f4:07:c7:b6:6a:b6:cd:6e:e3:
e0:3c:00:3a:88:e0:49:e4:0d:6b:e1:00:83:14:0b:
2b:7e:4f:6d:3e:bb:0c:44:f8:81:b5:60:08:8a:c2:
98:44:e9:9b:64:6f:43:4d:b8:ef:07:71:b2:a3:44:
81:b7:ca:24:9f:84:e1:2d:91:a1:0f:48:4e:88:e0:
95:62:39:e8:da:6d:cf:f6:f9:2c:ce:b1:be:46:8d:
0e:01:d9:6a:a4:f5:06:c2:89:b0:5f:05:6f:ff:f6:
81:7a:32:c9:19:b6:f8:62:66:dc:38:61:44:f3:18:
bb:e7:71:97:ba:a1:40:aa:fa:c0:61:63:74:e8:3d:
a0:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:A6:D9:23:E2:FE:9A:A8:B6:C0:B9:30:4A:53:8B:AA:38:66:7A:2A
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/0KbZI-L-mqi2wLkwSlOLqjhmeio.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9a:72:20:98:f0:1c:e9:76:f4:41:13:69:73:b6:71:a0:2d:32:
42:00:b6:37:35:d5:f3:42:b0:c0:98:51:4d:2d:cf:52:0d:61:
c4:6c:b0:e1:20:57:e2:4d:ed:e6:b5:73:9d:78:28:fe:c3:a2:
59:a1:60:ab:ef:19:e0:3c:e9:0b:65:9a:55:a8:26:6f:51:99:
15:49:e7:66:63:34:02:f3:16:2b:1e:e8:01:b7:08:1e:b2:86:
cf:94:de:36:42:9c:66:18:77:47:a6:e8:e3:f4:bb:34:87:c4:
77:5c:47:d3:be:cd:23:05:37:59:a3:17:0f:c6:58:cd:73:5d:
49:de:68:32:3c:a7:6e:4f:a8:f5:55:ab:7f:2c:17:12:0f:3f:
8f:ea:42:a2:8b:dc:46:d2:50:23:09:08:7d:eb:88:d6:44:f0:
74:d3:3d:8b:c7:49:a8:4d:c3:19:1a:60:c4:9b:eb:b1:7d:2c:
a3:c8:f2:27:0b:41:e7:c0:1d:e1:5e:e9:3d:4f:ac:0a:10:a4:
46:ac:0e:6e:b1:fd:4a:57:60:d9:01:88:04:13:f8:16:61:f8:
dc:d5:02:06:05:73:86:41:dc:f2:7b:64:91:81:2a:9f:61:4a:
0d:11:a4:38:de:af:29:0e:ae:51:6d:12:ae:1b:f7:aa:07:6e:
6e:3f:3b:02
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICE9gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDIx
MzA5MTJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEQwQTZEOTIzRTJGRTlB
QThCNkMwQjkzMDRBNTM4QkFBMzg2NjdBMkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIN5DakboCKfsbrPDFUc/FQr49Cu+Hjvux5DRwSUpyFA3+jyN1
09lq96k9cZOwGRRtZUftDflWZngmQKhtbZGoj6+cC3r3a9msfg8foo4oWRvbCSby
6mIIZ6TCI87eGpew58g4ULZnOAhGrgcvGhYfHYUUJzZrwb2yIFdne/QHx7Zqts1u
4+A8ADqI4EnkDWvhAIMUCyt+T20+uwxE+IG1YAiKwphE6Ztkb0NNuO8HcbKjRIG3
yiSfhOEtkaEPSE6I4JViOejabc/2+SzOsb5GjQ4B2Wqk9QbCibBfBW//9oF6MskZ
tvhiZtw4YUTzGLvncZe6oUCq+sBhY3ToPaDzAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU0KbZI+L+mqi2wLkwSlOLqjhmeiowHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni8wS2JaSS1MLW1xaTJ3TGt3
U2xPTHFqaG1laW8ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAJpyIJjwHOl29EETaXO2caAtMkIAtjc11fNC
sMCYUU0tz1INYcRssOEgV+JN7ea1c514KP7DolmhYKvvGeA86QtlmlWoJm9RmRVJ
52ZjNALzFise6AG3CB6yhs+U3jZCnGYYd0em6OP0uzSHxHdcR9O+zSMFN1mjFw/G
WM1zXUneaDI8p25PqPVVq38sFxIPP4/qQqKL3EbSUCMJCH3riNZE8HTTPYvHSahN
wxkaYMSb67F9LKPI8icLQefAHeFe6T1PrAoQpEasDm6x/UpXYNkBiAQT+BZh+NzV
AgYFc4ZB3PJ7ZJGBKp9hSg0RpDjerykOrlFtEq4b96oHbm4/OwI=
-----END CERTIFICATE-----
Generated at Sun Jun 22 16:47:15 2025 by rpki-client