Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/4jPIfRrYLKwkvA1Cq2xHLSKZ7QI.roa
File: 4jPIfRrYLKwkvA1Cq2xHLSKZ7QI.roa (raw, json)
Hash identifier: IMjfI83emypm4r3ApUr1uExVcZykFv2ExHJAUcC+1F0=
Subject key identifier: E2:33:C8:7D:1A:D8:2C:AC:24:BC:0D:42:AB:6C:47:2D:22:99:ED:02
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1DA8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/4jPIfRrYLKwkvA1Cq2xHLSKZ7QI.roa
Signing time: Sun 15 Jun 2025 15:10:00 +0000
ROA not before: Sun 15 Jun 2025 15:10:00 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7592 (0x1da8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 15 15:10:00 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=E233C87D1AD82CAC24BC0D42AB6C472D2299ED02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:3d:ca:fc:ce:20:71:51:1b:40:7a:fd:e9:89:
b1:c6:41:9e:ce:31:bc:8c:ab:d9:e9:ed:02:72:92:
98:43:68:7c:5c:8b:02:03:66:d0:c9:14:f4:3f:7e:
6d:bf:8c:4b:78:5b:46:16:c7:38:3b:79:2c:f8:3e:
4d:55:8a:3d:43:d9:f2:c4:0e:e6:87:18:ce:f4:fd:
9d:27:b1:a8:a0:04:5c:45:30:f2:a0:0e:66:f0:b3:
56:cf:5b:53:49:c4:88:c8:9b:02:95:3c:9b:91:61:
31:a7:96:02:8a:07:7c:49:08:c1:26:42:91:7a:9e:
27:9b:d5:41:8d:da:d1:42:33:5a:e4:77:31:35:1d:
57:28:db:1f:a2:5d:b8:9c:f8:e3:3f:1a:4d:0e:b3:
6f:8d:be:7b:a0:1b:b9:18:d4:5d:44:f0:d5:17:20:
b2:30:b3:28:00:7f:30:26:bc:86:0f:51:5b:c6:16:
f6:92:f8:3e:88:a4:06:77:ce:6e:e6:d5:9b:9e:05:
24:b5:ba:88:3c:b6:60:cc:c1:0a:18:48:a6:23:35:
f8:b4:db:81:25:e3:7b:c1:a8:49:92:f3:ef:79:c6:
34:35:f0:51:3c:99:10:c2:3b:75:fc:21:c1:63:c4:
71:83:5e:3b:1d:31:25:b5:c4:72:35:4c:3f:28:26:
8f:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:33:C8:7D:1A:D8:2C:AC:24:BC:0D:42:AB:6C:47:2D:22:99:ED:02
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/4jPIfRrYLKwkvA1Cq2xHLSKZ7QI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6a:85:8b:7b:cd:47:98:75:94:d2:39:ed:5b:98:a2:48:97:84:
e6:91:7b:76:69:a4:38:c5:7a:2f:7f:82:2b:9b:08:2b:7f:0a:
b7:a0:80:d0:ff:d2:bd:06:65:67:93:79:cd:39:af:f1:0b:a0:
51:3e:f1:cd:b0:1d:63:78:cb:33:a7:6f:94:be:8f:29:8d:6e:
c3:85:3a:07:3b:3b:b7:d1:2b:80:e0:ca:51:f4:c9:3c:41:4b:
06:9e:8f:a1:65:8c:97:05:e5:06:50:cc:9c:1f:dd:ef:82:87:
9a:39:d4:ec:04:b7:c0:4d:28:28:ea:12:b8:52:bf:85:31:cb:
34:e7:1e:53:bc:32:79:a4:6f:47:ce:79:90:fb:4a:19:a0:21:
98:96:4d:24:9a:91:f2:92:c8:a4:16:f4:05:cd:13:ec:a4:ba:
f7:45:b0:93:f9:11:d3:36:31:fd:12:34:8b:9a:06:e5:5b:ab:
72:b9:41:90:50:a9:90:3e:d6:88:0b:cd:7d:8e:5a:5d:02:c3:
82:cd:44:01:5e:09:f9:c0:2b:2a:0b:bc:2f:c3:2f:fc:79:42:
16:ec:6b:77:12:28:b8:d8:7d:8a:16:42:d9:3f:de:a9:07:ca:
35:fe:76:38:d6:0b:3c:42:58:0a:c0:52:71:8a:63:dc:da:a1:
03:95:80:58
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHagwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTUx
NTEwMDBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEUyMzNDODdEMUFEODJD
QUMyNEJDMEQ0MkFCNkM0NzJEMjI5OUVEMDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDePcr8ziBxURtAev3pibHGQZ7OMbyMq9np7QJykphDaHxciwID
ZtDJFPQ/fm2/jEt4W0YWxzg7eSz4Pk1Vij1D2fLEDuaHGM70/Z0nsaigBFxFMPKg
Dmbws1bPW1NJxIjImwKVPJuRYTGnlgKKB3xJCMEmQpF6nieb1UGN2tFCM1rkdzE1
HVco2x+iXbic+OM/Gk0Os2+NvnugG7kY1F1E8NUXILIwsygAfzAmvIYPUVvGFvaS
+D6IpAZ3zm7m1ZueBSS1uog8tmDMwQoYSKYjNfi024El43vBqEmS8+95xjQ18FE8
mRDCO3X8IcFjxHGDXjsdMSW1xHI1TD8oJo+3AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU4jPIfRrYLKwkvA1Cq2xHLSKZ7QIwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni80alBJZlJyWUxLd2t2QTFD
cTJ4SExTS1o3UUkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAGqFi3vNR5h1lNI57VuYokiXhOaRe3ZppDjF
ei9/giubCCt/CreggND/0r0GZWeTec05r/ELoFE+8c2wHWN4yzOnb5S+jymNbsOF
Ogc7O7fRK4DgylH0yTxBSwaej6FljJcF5QZQzJwf3e+Ch5o51OwEt8BNKCjqErhS
v4UxyzTnHlO8Mnmkb0fOeZD7ShmgIZiWTSSakfKSyKQW9AXNE+ykuvdFsJP5EdM2
Mf0SNIuaBuVbq3K5QZBQqZA+1ogLzX2OWl0Cw4LNRAFeCfnAKyoLvC/DL/x5Qhbs
a3cSKLjYfYoWQtk/3qkHyjX+djjWCzxCWArAUnGKY9zaoQOVgFg=
-----END CERTIFICATE-----
Generated at Fri Jun 20 18:07:34 2025 by rpki-client