Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/CNlr17cnYhiP9-1y6y01ZmCUwy0.roa
File: CNlr17cnYhiP9-1y6y01ZmCUwy0.roa (raw, json)
Hash identifier: pW2Pq1ViDDazctKkHDs5U9jw5U2zt+p4GSJz6CJx5Vg=
Subject key identifier: 08:D9:6B:D7:B7:27:62:18:8F:F7:ED:72:EB:2D:35:66:60:94:C3:2D
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1C0C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/CNlr17cnYhiP9-1y6y01ZmCUwy0.roa
Signing time: Fri 13 Jun 2025 11:40:51 +0000
ROA not before: Fri 13 Jun 2025 11:40:51 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7180 (0x1c0c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 13 11:40:51 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=08D96BD7B72762188FF7ED72EB2D35666094C32D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:23:56:c3:5d:f0:95:18:1e:e9:48:b6:1b:d7:
db:ba:10:f6:6f:02:05:f8:fa:14:c8:d4:25:bd:76:
80:20:7a:54:3c:8f:a5:2c:f6:3d:13:8a:a2:24:ac:
3f:c8:40:14:21:98:79:6a:c2:73:a3:e9:06:d6:f8:
39:4d:f4:39:a3:67:b7:bf:30:c0:42:86:93:4d:44:
bf:17:62:a1:77:9b:17:4b:b5:4b:29:a4:b2:4c:b9:
81:28:f4:c6:6a:22:01:ff:7c:24:37:e6:96:0d:50:
8b:b4:cb:20:5e:95:a8:8a:93:34:70:37:05:44:13:
82:5f:d8:b8:cb:28:1a:cc:e8:68:bc:04:d5:78:84:
19:e5:3a:66:0e:12:b3:41:4a:cb:33:37:03:1e:3e:
dd:eb:68:d0:a9:fc:80:18:05:72:8d:1e:2b:a5:e9:
04:68:dc:38:a4:76:1d:8a:2f:1f:fa:d8:76:d5:b7:
6a:d2:57:8d:a0:c3:f6:bc:47:94:15:22:5b:8b:ee:
a1:dc:e7:ca:2c:75:b5:11:c2:4b:73:81:ca:9f:e0:
54:6b:3e:14:30:50:85:5d:5c:57:04:5a:19:ba:73:
43:0e:a9:e8:b2:31:c6:13:d2:df:bf:ae:cf:d3:6f:
77:dc:e7:02:79:57:07:ab:66:92:94:8e:e0:37:86:
0a:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:D9:6B:D7:B7:27:62:18:8F:F7:ED:72:EB:2D:35:66:60:94:C3:2D
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/CNlr17cnYhiP9-1y6y01ZmCUwy0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7d:58:53:93:13:3c:10:24:bc:7f:34:17:7e:9b:ed:8d:70:5e:
23:1d:1b:33:a8:a4:aa:c8:12:76:4e:95:00:f1:42:62:97:66:
11:84:28:5e:e6:23:c5:a4:4d:de:07:d2:4b:87:47:53:b3:df:
33:b4:20:c9:f7:7f:09:cf:dd:af:c2:74:28:44:90:74:87:83:
e9:c5:15:26:0f:4f:2f:1f:2b:8d:59:2c:96:64:ae:4c:e8:8d:
da:74:0b:cb:7c:75:52:60:2b:b7:ba:f6:8d:2b:a0:d0:86:35:
d8:27:a1:6d:f6:ea:4e:10:35:60:1c:88:78:18:83:f0:4f:f8:
98:31:a8:76:b2:f2:5a:17:a2:03:0e:04:63:81:6d:d8:82:a1:
31:cc:be:2e:c9:18:23:d8:8a:df:6c:fc:f5:4a:c1:3a:ce:e4:
58:e7:67:bb:ca:a9:c7:f6:fa:04:c9:32:3a:a0:75:89:5e:56:
60:ba:ae:9d:78:25:33:9e:95:e1:63:2d:59:94:a9:cb:38:d1:
75:37:9b:c7:2c:4e:34:d1:32:5b:25:1b:02:a6:24:2c:09:1a:
bc:32:a2:b6:8c:a4:c4:af:c9:d7:2d:aa:e8:7e:46:b4:3c:2d:
7f:26:d4:06:e6:3c:b2:22:5f:5c:07:96:9f:e0:4f:9a:32:5d:
99:99:c5:3a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHAwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTMx
MTQwNTFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDA4RDk2QkQ3QjcyNzYy
MTg4RkY3RUQ3MkVCMkQzNTY2NjA5NEMzMkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDzI1bDXfCVGB7pSLYb19u6EPZvAgX4+hTI1CW9doAgelQ8j6Us
9j0TiqIkrD/IQBQhmHlqwnOj6QbW+DlN9DmjZ7e/MMBChpNNRL8XYqF3mxdLtUsp
pLJMuYEo9MZqIgH/fCQ35pYNUIu0yyBelaiKkzRwNwVEE4Jf2LjLKBrM6Gi8BNV4
hBnlOmYOErNBSsszNwMePt3raNCp/IAYBXKNHiul6QRo3Dikdh2KLx/62HbVt2rS
V42gw/a8R5QVIluL7qHc58osdbURwktzgcqf4FRrPhQwUIVdXFcEWhm6c0MOqeiy
McYT0t+/rs/Tb3fc5wJ5VwerZpKUjuA3hgqxAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUCNlr17cnYhiP9+1y6y01ZmCUwy0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9DTmxyMTdjblloaVA5LTF5
NnkwMVptQ1V3eTAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAH1YU5MTPBAkvH80F36b7Y1wXiMdGzOopKrI
EnZOlQDxQmKXZhGEKF7mI8WkTd4H0kuHR1Oz3zO0IMn3fwnP3a/CdChEkHSHg+nF
FSYPTy8fK41ZLJZkrkzojdp0C8t8dVJgK7e69o0roNCGNdgnoW326k4QNWAciHgY
g/BP+JgxqHay8loXogMOBGOBbdiCoTHMvi7JGCPYit9s/PVKwTrO5FjnZ7vKqcf2
+gTJMjqgdYleVmC6rp14JTOeleFjLVmUqcs40XU3m8csTjTRMlslGwKmJCwJGrwy
oraMpMSvydctquh+RrQ8LX8m1AbmPLIiX1wHlp/gT5oyXZmZxTo=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:00:50 2025 by rpki-client