Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/DY6OlDhIJgXDyiKGqMbRpbOWDHk.roa
File: DY6OlDhIJgXDyiKGqMbRpbOWDHk.roa (raw, json)
Hash identifier: 1MEdoTsXnMjaHUiCVWzb/sk7/gSXcv4PyVGRcVnprfk=
Subject key identifier: 0D:8E:8E:94:38:48:26:05:C3:CA:22:86:A8:C6:D1:A5:B3:96:0C:79
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0684
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/DY6OlDhIJgXDyiKGqMbRpbOWDHk.roa
Signing time: Thu 15 May 2025 18:38:07 +0000
ROA not before: Thu 15 May 2025 18:38:07 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1668 (0x684)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 15 18:38:07 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=0D8E8E9438482605C3CA2286A8C6D1A5B3960C79
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:6b:17:76:85:db:f6:e6:de:22:a8:62:b7:7a:
34:7d:39:c1:a2:ac:ed:69:6a:88:72:a5:1f:9b:45:
fe:99:55:78:05:e3:b5:bb:a3:ed:7c:d7:e5:ba:b2:
21:a2:08:e1:6b:93:f1:ee:37:39:43:5b:24:45:1b:
12:48:1e:0c:7a:d7:11:b7:78:19:61:94:19:75:f8:
65:3b:b8:9c:d9:72:43:5c:c4:99:0c:71:f4:f7:60:
c9:fe:c5:52:d3:b3:3e:08:92:6d:10:1c:fe:77:5a:
7c:61:d2:4f:b1:4d:7a:a2:9e:3d:e6:9f:33:74:63:
07:a6:87:57:dd:99:67:f2:70:eb:fc:c2:ed:70:69:
a8:80:25:2c:fe:c9:df:13:8c:b8:6a:27:f4:bc:00:
f3:8f:e3:34:7f:3f:bd:2e:db:ac:60:14:f3:d1:b1:
ec:03:ed:99:95:93:49:84:dc:e7:c5:7d:7f:93:76:
b9:20:69:43:cd:e9:f6:84:f4:a1:62:23:01:69:c4:
ef:c7:39:fb:61:bd:0f:a2:91:fe:c8:7a:5e:79:24:
9e:5a:30:a0:fa:c6:6c:59:8e:4d:7c:02:7c:72:ac:
1e:48:47:f8:eb:f5:a1:65:91:3e:b7:30:50:56:6a:
b7:38:b3:f8:ed:3d:f8:2f:08:bd:b2:40:66:55:42:
e3:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:8E:8E:94:38:48:26:05:C3:CA:22:86:A8:C6:D1:A5:B3:96:0C:79
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/DY6OlDhIJgXDyiKGqMbRpbOWDHk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9d:99:1d:04:ce:f1:f1:49:e5:2e:34:e1:ca:02:7d:79:4a:ea:
5c:6c:c8:d9:42:f0:c1:0b:f5:38:33:51:f4:6f:77:ad:71:bf:
29:07:22:f5:80:f6:f5:69:d8:09:c2:41:9d:90:55:ce:85:43:
be:36:1a:e8:ff:9b:3f:eb:9d:ba:e3:b5:53:4e:55:ce:1d:28:
8c:72:70:94:30:5e:c4:85:b3:74:9d:2d:c3:f1:b0:40:fc:70:
6e:c5:85:64:30:bb:d7:dc:5c:4c:39:23:c8:c7:de:4b:3e:69:
67:ae:99:d5:f1:d5:88:a4:92:d7:52:e8:34:38:a4:47:56:66:
f0:0a:1d:86:0c:8b:d1:41:71:35:c4:16:61:c4:99:b4:5a:58:
73:26:48:2a:1a:c4:ab:f9:de:64:e1:b3:f7:6b:36:28:d3:9e:
4b:1a:8e:8e:c6:02:d6:ad:0a:29:97:59:82:39:07:ab:29:4c:
e3:3e:e0:d2:96:c6:be:4f:c6:a8:8b:96:cc:29:fe:01:f8:e7:
fe:63:6e:db:48:0e:12:30:01:26:d9:6f:a5:74:21:0f:29:3d:
87:91:45:04:98:3d:ff:9b:7a:ec:10:1c:58:08:a1:03:ff:26:
d5:df:ad:76:e1:90:6d:bc:7c:55:c9:49:c3:cd:2e:29:9e:59:
31:e7:07:1b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBoQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTUx
ODM4MDdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDBEOEU4RTk0Mzg0ODI2
MDVDM0NBMjI4NkE4QzZEMUE1QjM5NjBDNzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCaxd2hdv25t4iqGK3ejR9OcGirO1paohypR+bRf6ZVXgF47W7
o+181+W6siGiCOFrk/HuNzlDWyRFGxJIHgx61xG3eBlhlBl1+GU7uJzZckNcxJkM
cfT3YMn+xVLTsz4Ikm0QHP53Wnxh0k+xTXqinj3mnzN0Ywemh1fdmWfycOv8wu1w
aaiAJSz+yd8TjLhqJ/S8APOP4zR/P70u26xgFPPRsewD7ZmVk0mE3OfFfX+Tdrkg
aUPN6faE9KFiIwFpxO/HOfthvQ+ikf7Iel55JJ5aMKD6xmxZjk18AnxyrB5IR/jr
9aFlkT63MFBWarc4s/jtPfgvCL2yQGZVQuNTAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUDY6OlDhIJgXDyiKGqMbRpbOWDHkwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9EWTZPbERoSUpnWER5aUtH
cU1iUnBiT1dESGsucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAJ2ZHQTO8fFJ5S404coCfXlK6lxsyNlC8MEL
9TgzUfRvd61xvykHIvWA9vVp2AnCQZ2QVc6FQ742Guj/mz/rnbrjtVNOVc4dKIxy
cJQwXsSFs3SdLcPxsED8cG7FhWQwu9fcXEw5I8jH3ks+aWeumdXx1YikktdS6DQ4
pEdWZvAKHYYMi9FBcTXEFmHEmbRaWHMmSCoaxKv53mThs/drNijTnksajo7GAtat
CimXWYI5B6spTOM+4NKWxr5PxqiLlswp/gH45/5jbttIDhIwASbZb6V0IQ8pPYeR
RQSYPf+beuwQHFgIoQP/JtXfrXbhkG28fFXJScPNLimeWTHnBxs=
-----END CERTIFICATE-----
Generated at Fri Jun 20 17:50:19 2025 by rpki-client