Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/2L7pn9PvKlIdGBG8U6g2YnAJzjE.roa
File: 2L7pn9PvKlIdGBG8U6g2YnAJzjE.roa (raw, json)
Hash identifier: CUMWt0TIWtC1C91KKWMPH6v9uzdtQCJx+GDH4RIoPqA=
Subject key identifier: D8:BE:E9:9F:D3:EF:2A:52:1D:18:11:BC:53:A8:36:62:70:09:CE:31
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1C1C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/2L7pn9PvKlIdGBG8U6g2YnAJzjE.roa
Signing time: Fri 13 Jun 2025 13:39:53 +0000
ROA not before: Fri 13 Jun 2025 13:39:53 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7196 (0x1c1c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 13 13:39:53 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=D8BEE99FD3EF2A521D1811BC53A836627009CE31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:3d:27:d9:9d:5b:9a:83:94:d4:08:9f:47:98:
15:a4:2e:02:78:38:f6:f8:e5:64:a9:12:a9:58:e4:
71:a6:21:53:94:27:a9:78:90:eb:27:16:6b:d2:31:
ac:21:15:d1:5b:a3:70:ae:bc:4a:27:91:3c:e2:31:
9f:85:02:6d:58:9d:a4:b0:3d:f8:2a:fc:33:cc:eb:
df:88:61:fa:b1:55:f0:d8:f4:0f:52:d2:af:dd:26:
d3:01:bc:c7:33:ee:e8:46:9e:d5:d3:92:59:71:56:
4f:6b:e6:d6:a5:32:ae:e4:a1:57:c4:d6:54:f1:a7:
70:61:b1:87:49:f5:27:68:91:a9:bf:a6:5a:42:74:
bc:5d:2f:f6:15:2c:53:7e:53:ca:85:de:b1:ec:bd:
53:30:70:2c:52:f6:3e:78:2b:a4:5f:49:ab:56:8d:
d0:fc:a0:3d:ae:b1:ee:fa:c6:18:b6:c3:d5:55:67:
cc:f5:c0:cf:c5:3f:fd:01:8b:bb:f7:7a:3d:9d:d1:
b0:d0:af:e4:b0:a9:45:87:a8:65:6a:14:f6:a8:10:
4c:dc:eb:3a:a7:ff:9e:df:15:94:04:d1:a5:7a:70:
b0:b6:00:77:29:e6:3f:35:e6:54:57:6b:59:27:de:
3b:92:b5:7b:88:bc:d8:4b:db:04:16:7a:66:71:a9:
40:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:BE:E9:9F:D3:EF:2A:52:1D:18:11:BC:53:A8:36:62:70:09:CE:31
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/2L7pn9PvKlIdGBG8U6g2YnAJzjE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
08:66:e5:ea:0b:cc:b6:16:16:bb:21:42:3c:5f:a1:a0:3f:ec:
c1:0c:fa:df:ea:04:9c:fc:c5:1e:24:3c:24:06:f3:e4:dc:75:
1b:d7:70:21:20:42:57:0d:88:49:ac:72:4f:84:86:2c:29:22:
b8:e4:89:7c:52:71:22:ee:31:8e:f3:3a:23:04:76:a4:1b:9b:
b8:9a:2e:0f:18:86:60:f0:38:8f:fc:bb:a1:66:a6:93:9a:2a:
4c:80:44:d0:66:77:ef:6f:76:63:20:0a:b3:72:6a:1a:22:7c:
af:25:4b:25:4e:e7:8f:ef:18:a7:c8:73:f4:b0:86:da:0b:14:
c1:7a:bc:0f:a9:e2:6b:0e:5e:a7:73:01:f7:02:bf:e8:7b:b6:
ab:aa:76:7b:08:53:bc:33:8d:42:c4:7c:c4:db:ed:17:19:f5:
38:42:d0:00:c1:78:96:94:4c:98:9b:dc:96:e5:5e:a0:d3:11:
57:a1:20:eb:5d:18:58:76:ff:e8:c4:01:e5:4e:07:38:ef:d3:
ac:2b:a1:aa:a9:72:4c:c8:c3:3b:df:62:56:8c:de:a2:bc:fe:
19:c7:1c:06:57:38:77:a1:96:1b:3e:4e:a4:92:37:d3:a1:fc:
fa:7b:68:f9:b7:a4:51:59:32:ba:3e:a7:04:f4:14:92:ed:86:
dc:eb:82:eb
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHBwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTMx
MzM5NTNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEQ4QkVFOTlGRDNFRjJB
NTIxRDE4MTFCQzUzQTgzNjYyNzAwOUNFMzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpPSfZnVuag5TUCJ9HmBWkLgJ4OPb45WSpEqlY5HGmIVOUJ6l4
kOsnFmvSMawhFdFbo3CuvEonkTziMZ+FAm1YnaSwPfgq/DPM69+IYfqxVfDY9A9S
0q/dJtMBvMcz7uhGntXTkllxVk9r5talMq7koVfE1lTxp3BhsYdJ9Sdokam/plpC
dLxdL/YVLFN+U8qF3rHsvVMwcCxS9j54K6RfSatWjdD8oD2use76xhi2w9VVZ8z1
wM/FP/0Bi7v3ej2d0bDQr+SwqUWHqGVqFPaoEEzc6zqn/57fFZQE0aV6cLC2AHcp
5j815lRXa1kn3juStXuIvNhL2wQWemZxqUDVAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU2L7pn9PvKlIdGBG8U6g2YnAJzjEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni8yTDdwbjlQdktsSWRHQkc4
VTZnMlluQUp6akUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAAhm5eoLzLYWFrshQjxfoaA/7MEM+t/qBJz8
xR4kPCQG8+TcdRvXcCEgQlcNiEmsck+EhiwpIrjkiXxScSLuMY7zOiMEdqQbm7ia
Lg8YhmDwOI/8u6FmppOaKkyARNBmd+9vdmMgCrNyahoifK8lSyVO54/vGKfIc/Sw
htoLFMF6vA+p4msOXqdzAfcCv+h7tquqdnsIU7wzjULEfMTb7RcZ9ThC0ADBeJaU
TJib3JblXqDTEVehIOtdGFh2/+jEAeVOBzjv06wroaqpckzIwzvfYlaM3qK8/hnH
HAZXOHehlhs+TqSSN9Oh/Pp7aPm3pFFZMro+pwT0FJLthtzrgus=
-----END CERTIFICATE-----
Generated at Sun Jun 22 08:21:52 2025 by rpki-client