Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/BxUhLhWkjw5qVWnGB-JACRm5-Mc.roa
File: BxUhLhWkjw5qVWnGB-JACRm5-Mc.roa (raw, json)
Hash identifier: vtaHHBD0VdOn/kAy4gXFc9dJd0LMhfZX6msOV9UMb7E=
Subject key identifier: 07:15:21:2E:15:A4:8F:0E:6A:55:69:C6:07:E2:40:09:19:B9:F8:C7
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1430
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/BxUhLhWkjw5qVWnGB-JACRm5-Mc.roa
Signing time: Tue 03 Jun 2025 00:09:23 +0000
ROA not before: Tue 03 Jun 2025 00:09:23 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5168 (0x1430)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 3 00:09:23 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=0715212E15A48F0E6A5569C607E2400919B9F8C7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:55:c9:5c:6d:0a:2e:c1:c1:33:c0:81:7c:54:
e5:cd:83:1a:dd:73:9a:32:5b:33:bd:50:6d:5a:63:
6e:bf:bd:99:56:eb:67:f2:0a:db:6b:b6:b0:61:67:
68:d3:bd:db:95:2d:c8:3b:46:54:d8:4d:bc:da:2a:
a0:6d:9b:82:44:ac:a7:eb:bd:bf:50:78:83:ac:51:
a3:7c:86:24:3f:6d:96:bd:c1:95:02:3a:d7:76:ec:
e6:27:0b:84:29:74:f9:eb:06:7e:e2:94:13:2e:9f:
3a:25:c6:52:1c:32:70:bb:46:e5:77:ae:2a:60:b5:
eb:07:37:56:a2:aa:bd:26:a1:f4:c6:23:8d:4c:7c:
09:99:2e:a1:7f:86:b4:11:0b:56:d0:b5:c2:5f:e6:
3f:e8:1a:f7:81:5c:62:c5:c6:c7:44:46:09:0f:4d:
85:2f:6e:22:62:21:e2:ea:d5:98:cd:55:cb:51:82:
ec:e1:8c:10:0c:52:52:13:ab:05:e0:7a:cb:fb:e8:
62:13:7a:bf:66:d5:83:32:25:8f:29:2a:2c:de:03:
a4:b9:e2:5e:fa:bd:c3:07:99:bc:f5:d4:b0:f7:00:
8b:b3:a4:a4:19:77:a0:a3:4d:30:44:bc:f7:71:32:
0d:26:08:a4:63:1d:f3:93:00:94:f8:c7:48:4a:a3:
93:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:15:21:2E:15:A4:8F:0E:6A:55:69:C6:07:E2:40:09:19:B9:F8:C7
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/BxUhLhWkjw5qVWnGB-JACRm5-Mc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a1:5c:64:5e:da:88:96:bc:f5:64:48:58:44:30:d3:07:53:60:
c9:31:fa:05:8c:ec:fc:a4:69:cc:4f:ca:2c:08:31:95:0f:ed:
fd:e8:ab:00:dc:f8:8d:1b:91:c5:87:ef:27:30:0a:9e:ac:fc:
c2:c8:ba:8c:4e:1e:57:09:39:ec:e7:6f:08:96:e0:86:ca:d4:
fe:e5:4e:54:65:d5:9c:35:89:07:a7:85:dd:73:53:6d:b1:d6:
22:fc:41:f8:b7:1d:66:c2:16:9b:80:a4:11:d7:cf:92:b8:81:
5a:c9:cc:92:df:5a:83:b4:f0:1a:7b:ee:54:a5:6f:4d:4b:07:
e9:c3:cc:4a:ba:26:0d:1e:57:75:50:8d:75:bb:84:34:bf:c0:
82:6b:63:09:04:6f:45:61:3e:1d:ce:7c:b9:4c:27:24:30:3c:
d0:8d:52:3d:d7:c8:27:e5:a9:17:aa:81:32:fd:d6:b3:15:75:
74:1f:11:49:d7:9f:25:4c:8d:f8:61:c3:31:bb:ae:24:39:ab:
66:8a:57:d9:2f:41:1b:16:74:0a:b3:0f:af:e8:0e:d5:6a:53:
33:59:19:70:cb:e6:9e:3d:41:88:27:f0:20:fe:c7:b1:9e:86:
bc:df:8c:cf:46:c5:89:25:b0:56:30:d2:d7:48:de:f6:96:44:
17:99:6b:83
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFDAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDMw
MDA5MjNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDA3MTUyMTJFMTVBNDhG
MEU2QTU1NjlDNjA3RTI0MDA5MTlCOUY4QzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDVclcbQouwcEzwIF8VOXNgxrdc5oyWzO9UG1aY26/vZlW62fy
CttrtrBhZ2jTvduVLcg7RlTYTbzaKqBtm4JErKfrvb9QeIOsUaN8hiQ/bZa9wZUC
Otd27OYnC4QpdPnrBn7ilBMunzolxlIcMnC7RuV3ripgtesHN1aiqr0mofTGI41M
fAmZLqF/hrQRC1bQtcJf5j/oGveBXGLFxsdERgkPTYUvbiJiIeLq1ZjNVctRguzh
jBAMUlITqwXgesv76GITer9m1YMyJY8pKizeA6S54l76vcMHmbz11LD3AIuzpKQZ
d6CjTTBEvPdxMg0mCKRjHfOTAJT4x0hKo5NHAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUBxUhLhWkjw5qVWnGB+JACRm5+McwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9CeFVoTGhXa2p3NXFWV25H
Qi1KQUNSbTUtTWMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAKFcZF7aiJa89WRIWEQw0wdTYMkx+gWM7Pyk
acxPyiwIMZUP7f3oqwDc+I0bkcWH7ycwCp6s/MLIuoxOHlcJOeznbwiW4IbK1P7l
TlRl1Zw1iQenhd1zU22x1iL8Qfi3HWbCFpuApBHXz5K4gVrJzJLfWoO08Bp77lSl
b01LB+nDzEq6Jg0eV3VQjXW7hDS/wIJrYwkEb0VhPh3OfLlMJyQwPNCNUj3XyCfl
qReqgTL91rMVdXQfEUnXnyVMjfhhwzG7riQ5q2aKV9kvQRsWdAqzD6/oDtVqUzNZ
GXDL5p49QYgn8CD+x7GehrzfjM9GxYklsFYw0tdI3vaWRBeZa4M=
-----END CERTIFICATE-----
Generated at Sun Jun 22 04:17:16 2025 by rpki-client