Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/B06aZm3HcbS31ypl8RWzuCYW5vg.roa
File: B06aZm3HcbS31ypl8RWzuCYW5vg.roa (raw, json)
Hash identifier: Nc4KvRtWwDq93DIa70gqmj5MQt45uAPxY+aZ9JB6HLk=
Subject key identifier: 07:4E:9A:66:6D:C7:71:B4:B7:D7:2A:65:F1:15:B3:B8:26:16:E6:F8
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1B84
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/B06aZm3HcbS31ypl8RWzuCYW5vg.roa
Signing time: Thu 12 Jun 2025 18:39:51 +0000
ROA not before: Thu 12 Jun 2025 18:39:51 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7044 (0x1b84)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 12 18:39:51 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=074E9A666DC771B4B7D72A65F115B3B82616E6F8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:56:d0:b7:f3:dc:c4:27:9e:16:5a:ed:6b:3c:
ca:ee:f8:0f:d6:7a:66:17:06:c3:88:02:eb:12:23:
f2:c2:3f:e6:73:fd:5f:bb:0c:12:8c:25:01:05:e7:
d0:cf:c8:bc:8e:92:c0:d3:6a:76:c8:e6:c8:8e:f2:
ff:12:ec:a1:9d:82:f1:cb:94:a5:c5:65:33:bd:41:
f4:5d:51:fe:6a:81:b2:90:53:f3:d2:0e:a5:2c:2e:
94:59:7c:2b:74:06:3d:55:90:72:75:9b:8e:51:8e:
47:bd:29:00:bc:75:2a:b0:c6:11:e8:ac:a9:66:28:
6c:c5:09:6f:51:9f:9a:67:ea:b8:bd:ff:0b:79:1c:
4f:79:b5:71:25:ef:38:c6:94:e5:fc:7c:82:c7:7c:
6d:c7:02:5e:e5:c3:70:d3:09:15:ba:8a:39:5a:f2:
9f:5f:88:fe:c7:94:96:09:49:49:60:8a:8c:e3:b8:
85:9f:00:5f:7d:57:eb:75:83:8b:c6:eb:19:59:1c:
86:56:0e:7e:d3:58:90:b2:7f:5d:8a:82:35:2b:a9:
48:42:3c:1d:a0:bb:0c:a6:36:00:e5:05:be:62:6a:
64:b4:6e:4c:36:9d:5f:41:43:cc:0d:60:5c:c9:70:
2e:3c:94:f9:44:cd:69:2f:dc:41:55:82:60:a6:86:
27:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:4E:9A:66:6D:C7:71:B4:B7:D7:2A:65:F1:15:B3:B8:26:16:E6:F8
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/B06aZm3HcbS31ypl8RWzuCYW5vg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
11:6c:e9:a3:f8:6c:a1:67:8d:c6:50:ec:7f:a7:4f:cc:df:c1:
64:33:cf:99:c5:4a:f3:35:86:4d:74:b4:d3:fe:c2:c5:da:e0:
ab:2b:20:fe:f4:ba:08:78:c8:c8:51:8d:a9:2c:16:5c:d0:b3:
ad:79:0e:2c:f7:ff:67:54:cb:f1:16:22:13:e9:13:b5:c3:cd:
7f:0d:d0:87:83:c1:f9:91:68:4c:c8:b3:a9:3b:9e:b5:5a:c7:
bc:5f:1a:20:5b:f1:9e:10:b3:ab:e1:54:42:03:9d:a3:71:13:
6d:84:3e:e5:8d:c1:36:58:9b:3f:2f:3b:6b:1b:95:96:7d:16:
9f:ba:fa:b5:98:52:39:34:8f:7f:21:bc:34:81:ee:44:84:6b:
ad:93:e7:1d:a6:00:6d:55:22:82:29:cc:50:0a:6d:ad:77:84:
eb:b9:84:9e:0e:4d:62:a9:3c:98:f4:cb:8f:44:bd:65:ba:41:
59:49:72:2a:22:1b:f1:a9:82:e8:5e:ea:f2:ab:ce:36:72:14:
38:b9:29:91:92:b2:64:4c:76:61:b7:37:b0:df:7b:e2:93:e2:
0f:0a:bf:9a:e1:80:27:59:23:75:84:c1:0d:6f:06:08:55:1b:
1a:c5:b5:78:79:6f:b8:6b:93:19:ca:da:cd:85:dd:41:42:39:
15:c4:74:52
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICG4QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTIx
ODM5NTFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDA3NEU5QTY2NkRDNzcx
QjRCN0Q3MkE2NUYxMTVCM0I4MjYxNkU2RjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6VtC389zEJ54WWu1rPMru+A/WemYXBsOIAusSI/LCP+Zz/V+7
DBKMJQEF59DPyLyOksDTanbI5siO8v8S7KGdgvHLlKXFZTO9QfRdUf5qgbKQU/PS
DqUsLpRZfCt0Bj1VkHJ1m45Rjke9KQC8dSqwxhHorKlmKGzFCW9Rn5pn6ri9/wt5
HE95tXEl7zjGlOX8fILHfG3HAl7lw3DTCRW6ijla8p9fiP7HlJYJSUlgiozjuIWf
AF99V+t1g4vG6xlZHIZWDn7TWJCyf12KgjUrqUhCPB2guwymNgDlBb5iamS0bkw2
nV9BQ8wNYFzJcC48lPlEzWkv3EFVgmCmhidxAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUB06aZm3HcbS31ypl8RWzuCYW5vgwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9CMDZhWm0zSGNiUzMxeXBs
OFJXenVDWVc1dmcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBABFs6aP4bKFnjcZQ7H+nT8zfwWQzz5nFSvM1
hk10tNP+wsXa4KsrIP70ugh4yMhRjaksFlzQs615Diz3/2dUy/EWIhPpE7XDzX8N
0IeDwfmRaEzIs6k7nrVax7xfGiBb8Z4Qs6vhVEIDnaNxE22EPuWNwTZYmz8vO2sb
lZZ9Fp+6+rWYUjk0j38hvDSB7kSEa62T5x2mAG1VIoIpzFAKba13hOu5hJ4OTWKp
PJj0y49EvWW6QVlJcioiG/Gpguhe6vKrzjZyFDi5KZGSsmRMdmG3N7Dfe+KT4g8K
v5rhgCdZI3WEwQ1vBghVGxrFtXh5b7hrkxnK2s2F3UFCORXEdFI=
-----END CERTIFICATE-----
Generated at Sat Jun 21 11:57:05 2025 by rpki-client