Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/1xs2ZDiDHxguwAkvbc3s_P2VcC8.roa
File: 1xs2ZDiDHxguwAkvbc3s_P2VcC8.roa (raw, json)
Hash identifier: xmV5+1omidLGuFWDjP9MLmCMndxOYW8IlwVyC0f6FTc=
Subject key identifier: D7:1B:36:64:38:83:1F:18:2E:C0:09:2F:6D:CD:EC:FC:FD:95:70:2F
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 19F0
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/1xs2ZDiDHxguwAkvbc3s_P2VcC8.roa
Signing time: Tue 10 Jun 2025 16:09:44 +0000
ROA not before: Tue 10 Jun 2025 16:09:44 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6640 (0x19f0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 10 16:09:44 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=D71B366438831F182EC0092F6DCDECFCFD95702F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:c7:15:52:fe:2d:1f:cd:71:63:1c:34:3a:58:
bc:a7:75:a0:df:e2:4a:7c:8e:82:e3:20:8f:90:57:
0a:13:15:88:57:94:78:93:e8:f4:f6:dd:63:55:60:
5f:52:3b:15:8d:13:76:f0:89:f6:ab:0e:18:a2:ea:
80:dd:66:2f:bd:e7:46:d8:73:af:67:c5:e4:29:9f:
12:ac:c3:e1:73:32:5e:9f:07:37:3c:d4:22:2f:ec:
04:be:fc:f6:2a:4c:46:74:61:4a:8e:6e:27:ba:63:
70:02:9e:71:a0:31:f6:4b:eb:52:4d:be:8f:12:d5:
6b:cf:44:38:f7:8e:f8:e1:16:e9:62:e9:d3:22:8e:
4e:65:65:a8:d7:fe:52:6e:f3:6b:24:ea:bd:40:c5:
6c:a7:70:f0:ef:6b:50:99:0e:35:2e:8a:94:cb:0d:
5d:3f:a1:ff:d1:19:b5:ee:e7:75:76:04:24:c6:d8:
73:f1:29:2b:22:77:05:8f:d3:61:19:08:5e:3e:ca:
18:b7:d2:6f:1f:1f:03:71:24:cc:20:59:96:b1:23:
c2:42:d2:6e:6f:f0:a8:1b:3c:9c:58:d5:d9:87:6b:
10:61:9f:37:cf:fc:4a:7c:84:46:57:f2:61:3a:83:
ab:59:3c:f6:5c:d5:d8:66:5d:23:32:c6:10:13:4b:
88:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:1B:36:64:38:83:1F:18:2E:C0:09:2F:6D:CD:EC:FC:FD:95:70:2F
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/1xs2ZDiDHxguwAkvbc3s_P2VcC8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9d:17:13:8c:71:7a:96:fc:b7:cb:76:02:49:9e:80:17:f8:77:
9b:60:94:1f:be:47:b8:22:b0:c8:5c:13:80:f7:73:67:da:40:
8a:1e:47:4d:2b:36:ed:91:28:d0:29:eb:1f:0a:26:be:bf:ab:
56:55:aa:39:7a:0b:af:fd:6f:3e:9a:23:97:21:f5:8d:7b:1c:
05:75:17:27:05:2c:14:3c:bf:a3:87:e5:00:ca:d7:e5:05:84:
1d:d5:04:db:0b:7d:a2:06:e5:58:aa:c0:c8:4f:e9:fc:12:32:
f3:e8:47:6f:c2:6d:4d:7c:dd:65:80:b4:0b:7b:38:a2:b7:3d:
2b:27:57:f6:52:a6:9e:f3:9b:b2:82:a7:4c:b8:d9:20:93:66:
d1:ca:d8:56:50:08:eb:e2:58:05:d5:6e:ca:85:92:85:7d:12:
d5:df:cd:78:5c:4e:85:09:60:b5:3a:33:89:5a:5e:3d:0e:c0:
ed:ca:d3:7d:86:34:2f:59:c5:0f:c5:68:72:7d:a4:05:c5:3b:
b1:51:65:89:3b:66:c3:ef:47:cb:b6:5c:e2:00:04:30:03:98:
28:2d:27:cf:84:8b:d8:75:0b:30:84:25:f3:fd:79:4a:57:22:
4d:2e:88:34:6d:7e:22:0b:34:2c:9d:89:bd:82:db:a8:e1:00:
1e:96:39:b3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGfAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTAx
NjA5NDRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEQ3MUIzNjY0Mzg4MzFG
MTgyRUMwMDkyRjZEQ0RFQ0ZDRkQ5NTcwMkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCVxxVS/i0fzXFjHDQ6WLyndaDf4kp8joLjII+QVwoTFYhXlHiT
6PT23WNVYF9SOxWNE3bwifarDhii6oDdZi+950bYc69nxeQpnxKsw+FzMl6fBzc8
1CIv7AS+/PYqTEZ0YUqObie6Y3ACnnGgMfZL61JNvo8S1WvPRDj3jvjhFuli6dMi
jk5lZajX/lJu82sk6r1AxWyncPDva1CZDjUuipTLDV0/of/RGbXu53V2BCTG2HPx
KSsidwWP02EZCF4+yhi30m8fHwNxJMwgWZaxI8JC0m5v8KgbPJxY1dmHaxBhnzfP
/Ep8hEZX8mE6g6tZPPZc1dhmXSMyxhATS4jZAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU1xs2ZDiDHxguwAkvbc3s/P2VcC8wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni8xeHMyWkRpREh4Z3V3QWt2
YmMzc19QMlZjQzgucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAJ0XE4xxepb8t8t2AkmegBf4d5tglB++R7gi
sMhcE4D3c2faQIoeR00rNu2RKNAp6x8KJr6/q1ZVqjl6C6/9bz6aI5ch9Y17HAV1
FycFLBQ8v6OH5QDK1+UFhB3VBNsLfaIG5ViqwMhP6fwSMvPoR2/CbU183WWAtAt7
OKK3PSsnV/ZSpp7zm7KCp0y42SCTZtHK2FZQCOviWAXVbsqFkoV9EtXfzXhcToUJ
YLU6M4laXj0OwO3K032GNC9ZxQ/FaHJ9pAXFO7FRZYk7ZsPvR8u2XOIABDADmCgt
J8+Ei9h1CzCEJfP9eUpXIk0uiDRtfiILNCydib2C26jhAB6WObM=
-----END CERTIFICATE-----
Generated at Sat Jun 21 07:15:19 2025 by rpki-client