Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/1BbTl51Fl74MMtOyScXrGiIpJHU.roa
File: 1BbTl51Fl74MMtOyScXrGiIpJHU.roa (raw, json)
Hash identifier: 8oXpGkEA8ELuW+kN7am0WCp2lU0pOYczHPpDQmuq5z8=
Subject key identifier: D4:16:D3:97:9D:45:97:BE:0C:32:D3:B2:49:C5:EB:1A:22:29:24:75
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1448
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/1BbTl51Fl74MMtOyScXrGiIpJHU.roa
Signing time: Tue 03 Jun 2025 03:09:15 +0000
ROA not before: Tue 03 Jun 2025 03:09:15 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5192 (0x1448)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 3 03:09:15 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=D416D3979D4597BE0C32D3B249C5EB1A22292475
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:4e:ac:e3:52:bb:ba:bc:9b:df:b3:bd:1b:7d:
04:0b:2e:f3:bb:df:c5:09:85:18:7c:90:a7:db:f6:
b8:22:b7:dc:75:13:24:50:6e:aa:a3:ed:2a:d2:0d:
ca:d6:b9:c6:55:ee:71:19:34:d6:95:61:96:c7:92:
7a:2d:2a:d5:44:38:cc:8d:85:bb:20:a6:de:d8:f9:
ad:42:cc:0a:79:c6:f1:53:93:9c:5c:ec:69:56:35:
bb:93:36:7a:95:07:92:b3:a3:19:8c:14:5e:28:24:
52:45:11:2d:7d:56:46:db:85:b6:5a:07:4f:1b:cb:
ba:7b:0e:b8:02:31:b1:d5:d0:20:47:df:84:5f:ef:
c2:43:a3:08:c5:f1:80:93:f6:4c:4c:8d:75:f3:a3:
e5:15:51:6f:3a:9d:67:13:c5:c3:0d:49:79:ce:7b:
3f:8b:ed:3b:54:3c:3f:fc:91:f7:d7:96:79:1f:64:
c0:5c:c7:21:50:36:fd:ec:5e:d6:a3:2f:40:38:c4:
f7:a4:72:df:f9:6d:62:61:41:d1:f8:1d:1c:e6:6e:
d8:0c:c8:bf:80:5c:f9:d7:67:7e:6b:83:18:f8:93:
25:93:a8:39:00:3d:ec:a8:86:fa:ef:55:ef:44:9b:
0f:3f:ce:0e:cb:6e:39:37:e1:de:b7:63:a2:5f:d1:
3c:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:16:D3:97:9D:45:97:BE:0C:32:D3:B2:49:C5:EB:1A:22:29:24:75
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/1BbTl51Fl74MMtOyScXrGiIpJHU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
ae:c6:8e:39:46:a9:08:85:de:09:53:02:0d:be:9a:a3:20:d7:
7b:f1:93:05:9d:71:45:8c:e6:40:30:83:c4:ae:db:05:97:53:
6c:01:be:7a:f9:66:57:8a:d3:9b:e7:6a:01:a2:3f:fe:a6:2c:
6e:92:b2:ad:41:b2:35:ef:44:04:23:2e:b9:c4:0e:99:d3:a4:
39:13:ee:36:6d:37:96:07:b5:8b:e0:2d:fb:1e:7b:8c:8d:12:
58:c1:53:13:9e:ff:0b:26:d2:00:f4:c8:75:7f:f8:2e:83:d1:
44:93:c6:61:c9:b5:da:bf:ca:18:41:50:80:02:f5:37:90:eb:
80:ac:80:9a:88:b1:92:c3:f9:ab:d3:29:0b:eb:ab:fc:e0:c0:
4b:62:f2:3e:f8:0f:5b:de:48:e4:6e:d4:21:87:ce:c1:ac:74:
73:5a:c7:1c:b1:72:ae:9a:b3:51:1c:e3:d6:db:46:fa:24:c6:
01:d0:1e:2f:9b:e3:cb:8f:be:1b:11:ad:54:f9:12:ba:c7:ef:
db:f7:f9:a6:7a:0a:10:40:54:5a:81:03:05:cf:4d:2e:53:98:
f0:8c:7d:a5:01:ee:6f:f2:ea:8f:2a:97:c7:65:6b:7f:d6:f2:
c4:52:72:92:71:98:9a:a3:ec:92:04:53:9d:cf:72:ef:51:a7:
51:f7:5b:b4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFEgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDMw
MzA5MTVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEQ0MTZEMzk3OUQ0NTk3
QkUwQzMyRDNCMjQ5QzVFQjFBMjIyOTI0NzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDITqzjUru6vJvfs70bfQQLLvO738UJhRh8kKfb9rgit9x1EyRQ
bqqj7SrSDcrWucZV7nEZNNaVYZbHknotKtVEOMyNhbsgpt7Y+a1CzAp5xvFTk5xc
7GlWNbuTNnqVB5KzoxmMFF4oJFJFES19VkbbhbZaB08by7p7DrgCMbHV0CBH34Rf
78JDowjF8YCT9kxMjXXzo+UVUW86nWcTxcMNSXnOez+L7TtUPD/8kffXlnkfZMBc
xyFQNv3sXtajL0A4xPekct/5bWJhQdH4HRzmbtgMyL+AXPnXZ35rgxj4kyWTqDkA
PeyohvrvVe9Emw8/zg7Lbjk34d63Y6Jf0TwBAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU1BbTl51Fl74MMtOyScXrGiIpJHUwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni8xQmJUbDUxRmw3NE1NdE95
U2NYckdpSXBKSFUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAK7GjjlGqQiF3glTAg2+mqMg13vxkwWdcUWM
5kAwg8Su2wWXU2wBvnr5ZleK05vnagGiP/6mLG6Ssq1BsjXvRAQjLrnEDpnTpDkT
7jZtN5YHtYvgLfsee4yNEljBUxOe/wsm0gD0yHV/+C6D0USTxmHJtdq/yhhBUIAC
9TeQ64CsgJqIsZLD+avTKQvrq/zgwEti8j74D1veSORu1CGHzsGsdHNaxxyxcq6a
s1Ec49bbRvokxgHQHi+b48uPvhsRrVT5ErrH79v3+aZ6ChBAVFqBAwXPTS5TmPCM
faUB7m/y6o8ql8dla3/W8sRScpJxmJqj7JIEU53Pcu9Rp1H3W7Q=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:19:41 2025 by rpki-client