Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/4QkHaHlXOngMYGZz_eMpfnWSmak.roa
File: 4QkHaHlXOngMYGZz_eMpfnWSmak.roa (raw, json)
Hash identifier: uG5ZeJbo7igFIDZ9WxbZ2bLp8Sk+s28/BIwNo0CMvnw=
Subject key identifier: E1:09:07:68:79:57:3A:78:0C:60:66:73:FD:E3:29:7E:75:92:99:A9
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1CE0
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/4QkHaHlXOngMYGZz_eMpfnWSmak.roa
Signing time: Sat 14 Jun 2025 14:20:08 +0000
ROA not before: Sat 14 Jun 2025 14:20:08 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7392 (0x1ce0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 14 14:20:08 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=E109076879573A780C606673FDE3297E759299A9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:8d:af:0d:be:6b:e1:ac:5c:b5:4e:49:d4:1c:
f8:9a:92:d2:04:8c:8a:c6:e1:84:e0:86:8a:d6:e9:
14:68:15:f3:20:a2:33:22:a8:1c:2c:35:66:b6:d0:
75:69:57:24:d5:c2:86:b5:46:80:56:34:91:fc:21:
d0:fd:06:0e:e2:a8:ff:65:1e:39:83:9e:c8:7d:ad:
b5:5e:be:49:76:e6:87:26:87:ad:4e:da:a5:8a:f7:
ab:6b:d1:7b:bd:d6:61:ec:c2:16:76:ba:30:16:58:
e8:0a:a3:01:b2:8b:c9:be:87:b3:3e:36:bc:8d:5c:
e5:da:b2:a5:fc:b8:34:2b:f8:51:fe:36:40:5a:4b:
ff:ff:14:42:af:ad:08:83:d6:8e:34:4d:64:36:e6:
11:82:da:7c:a7:50:32:2c:81:49:04:a2:2d:fe:f8:
b0:6e:96:f8:05:e8:e6:d8:d8:a3:bd:96:7d:a2:19:
2a:25:15:b2:82:3a:76:26:76:9e:4a:77:e9:87:81:
80:90:81:d2:6f:90:96:db:fd:ae:54:4a:3c:f8:67:
2c:db:df:3e:da:04:1b:00:20:fd:cb:13:69:eb:6f:
cf:82:25:92:46:72:0c:c8:dc:f2:36:72:ba:ee:f6:
f6:99:9e:b4:d1:f4:7f:93:7e:73:a5:7b:68:f5:12:
48:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:09:07:68:79:57:3A:78:0C:60:66:73:FD:E3:29:7E:75:92:99:A9
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/4QkHaHlXOngMYGZz_eMpfnWSmak.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
73:8c:78:dc:77:d8:c5:20:1a:1f:3f:e7:dc:c7:4e:5f:9e:ac:
b8:32:c0:f0:d4:7a:2a:0e:a6:90:59:37:8a:2b:47:c9:29:56:
34:59:8e:b7:ae:74:b2:44:e4:bd:61:4f:54:9c:53:2f:ba:a3:
55:02:08:89:2d:83:1d:6c:5f:e0:c9:04:67:2e:f2:df:36:de:
cb:93:5c:bf:be:20:af:ed:4a:e4:81:5c:41:a4:11:79:7f:4f:
53:64:2e:2b:e5:b0:c0:90:13:d7:dc:e4:21:ab:3b:90:f6:ab:
32:ab:67:2e:69:f5:cb:4f:39:f5:ef:08:80:30:70:3b:bf:cd:
d2:d9:79:fb:e4:6c:67:36:b7:4d:17:02:58:fa:76:eb:55:4e:
b6:0a:02:5f:9c:f6:32:6e:52:c0:30:f7:89:63:3e:2a:e7:b4:
d8:91:a1:f6:de:44:d3:eb:85:87:0a:90:0b:85:5a:b3:8a:98:
02:e5:da:9f:8d:0c:a2:01:71:d5:a6:38:55:78:6f:8f:63:b6:
e5:ac:63:e7:60:ba:6b:fc:f1:04:e4:75:1b:56:35:95:a3:e9:
57:76:a8:80:a3:e9:66:dd:10:ac:34:24:14:47:52:89:92:15:
3b:47:a8:9e:0e:3f:08:ef:16:ea:cc:0c:44:f0:b8:0f:bb:00:
37:28:27:05
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHOAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTQx
NDIwMDhaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEUxMDkwNzY4Nzk1NzNB
NzgwQzYwNjY3M0ZERTMyOTdFNzU5Mjk5QTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBja8NvmvhrFy1TknUHPiaktIEjIrG4YTghorW6RRoFfMgojMi
qBwsNWa20HVpVyTVwoa1RoBWNJH8IdD9Bg7iqP9lHjmDnsh9rbVevkl25ocmh61O
2qWK96tr0Xu91mHswhZ2ujAWWOgKowGyi8m+h7M+NryNXOXasqX8uDQr+FH+NkBa
S///FEKvrQiD1o40TWQ25hGC2nynUDIsgUkEoi3++LBulvgF6ObY2KO9ln2iGSol
FbKCOnYmdp5Kd+mHgYCQgdJvkJbb/a5USjz4Zyzb3z7aBBsAIP3LE2nrb8+CJZJG
cgzI3PI2crru9vaZnrTR9H+TfnOle2j1Ekg/AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU4QkHaHlXOngMYGZz/eMpfnWSmakwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni80UWtIYUhsWE9uZ01ZR1p6
X2VNcGZuV1NtYWsucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAHOMeNx32MUgGh8/59zHTl+erLgywPDUeioO
ppBZN4orR8kpVjRZjreudLJE5L1hT1ScUy+6o1UCCIktgx1sX+DJBGcu8t823suT
XL++IK/tSuSBXEGkEXl/T1NkLivlsMCQE9fc5CGrO5D2qzKrZy5p9ctPOfXvCIAw
cDu/zdLZefvkbGc2t00XAlj6dutVTrYKAl+c9jJuUsAw94ljPirntNiRofbeRNPr
hYcKkAuFWrOKmALl2p+NDKIBcdWmOFV4b49jtuWsY+dgumv88QTkdRtWNZWj6Vd2
qICj6WbdEKw0JBRHUomSFTtHqJ4OPwjvFurMDETwuA+7ADcoJwU=
-----END CERTIFICATE-----
Generated at Sun Jun 22 07:56:07 2025 by rpki-client