Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/De9VG8Q5UID-oA33h9G4XRWnMH0.roa
File: De9VG8Q5UID-oA33h9G4XRWnMH0.roa (raw, json)
Hash identifier: BNU12+ve5GI7T/rL04+y9yonod8PGp4CE7IkEo/SzgE=
Subject key identifier: 0D:EF:55:1B:C4:39:50:80:FE:A0:0D:F7:87:D1:B8:5D:15:A7:30:7D
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1AB0
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/De9VG8Q5UID-oA33h9G4XRWnMH0.roa
Signing time: Wed 11 Jun 2025 16:09:45 +0000
ROA not before: Wed 11 Jun 2025 16:09:45 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6832 (0x1ab0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 11 16:09:45 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=0DEF551BC4395080FEA00DF787D1B85D15A7307D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:5a:8a:9a:f1:b7:d1:e9:c7:58:c3:60:67:a1:
09:da:72:0c:8b:5b:d3:d5:d4:ff:93:d0:95:53:77:
69:2f:d3:9d:19:75:37:3a:1a:81:8e:2e:fd:2a:74:
2a:4a:bd:1b:11:b5:f0:ec:ff:cc:30:62:bb:ab:12:
15:da:e6:ac:2e:38:d0:42:58:d4:f9:fe:62:0f:19:
dd:33:45:3a:c8:60:3c:1a:c0:09:ce:e0:e2:c0:e8:
b6:29:d0:0a:49:65:64:67:53:64:ef:74:5b:23:22:
48:cf:94:07:df:57:64:b4:65:c7:80:fd:34:7d:9b:
a6:e6:7f:47:43:bc:4d:ad:47:eb:42:78:e7:db:9f:
e1:47:92:e4:70:cd:12:5e:39:46:fc:d1:ed:e9:77:
4a:3c:13:09:90:73:9a:ab:93:db:26:2d:7c:ba:9d:
e8:d3:8d:a1:b4:f6:c7:f0:f1:dd:48:5e:6c:d8:6f:
97:a8:a4:16:5a:5f:5b:5a:18:c2:45:c9:81:1f:1e:
a4:11:ac:5e:a3:5a:29:c7:c4:6c:cb:4f:cd:85:45:
b3:60:26:0f:c7:50:59:e7:93:92:7e:5a:02:15:87:
9a:15:27:c0:dd:18:59:f9:4d:09:11:41:20:5d:39:
fc:64:35:79:4c:0c:87:73:a8:55:df:6d:18:f2:89:
e7:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:EF:55:1B:C4:39:50:80:FE:A0:0D:F7:87:D1:B8:5D:15:A7:30:7D
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/De9VG8Q5UID-oA33h9G4XRWnMH0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9b:c0:f4:cc:76:77:6e:3c:a9:db:71:0a:c8:d0:38:ec:95:ad:
b7:80:3e:da:91:35:2c:1c:f7:c3:d3:69:cb:f3:9d:c6:38:be:
e4:9f:7e:a4:b3:3b:cb:de:7b:18:03:1e:7a:82:80:5c:3f:82:
f5:be:28:ad:7e:49:ca:39:1b:f8:2a:8a:cc:5e:2a:94:6a:d2:
ed:7b:8f:fb:d0:8a:d8:d0:f8:5e:bd:e5:b6:48:a7:28:5e:b4:
6e:2b:2c:c0:b4:f2:05:91:ea:d6:9d:59:09:8c:61:d2:c3:d5:
fd:17:0d:91:94:5a:bd:bd:0e:0d:03:39:38:a1:88:cc:98:9a:
fe:a8:4c:9a:95:ee:9e:65:40:99:46:e7:f5:d2:0d:72:51:ce:
ee:50:31:97:62:9b:ff:0b:84:2b:ae:6a:e0:25:18:6a:96:6d:
61:34:03:01:d9:b8:97:98:08:ec:17:f5:26:52:8a:28:65:f8:
f9:00:59:4e:de:4c:74:52:db:20:d6:59:eb:5f:c4:ea:25:06:
49:e3:e4:f9:0b:a3:70:4e:85:82:15:85:87:9e:f1:2d:5a:dd:
69:50:25:35:4b:1a:a6:75:8d:31:d5:e3:45:dc:31:d9:99:be:
1f:fa:3a:48:75:9f:00:aa:49:de:4a:0d:6b:c8:f3:3b:2e:25:
2e:ec:a8:8d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGrAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTEx
NjA5NDVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDBERUY1NTFCQzQzOTUw
ODBGRUEwMERGNzg3RDFCODVEMTVBNzMwN0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDWoqa8bfR6cdYw2BnoQnacgyLW9PV1P+T0JVTd2kv050ZdTc6
GoGOLv0qdCpKvRsRtfDs/8wwYrurEhXa5qwuONBCWNT5/mIPGd0zRTrIYDwawAnO
4OLA6LYp0ApJZWRnU2TvdFsjIkjPlAffV2S0ZceA/TR9m6bmf0dDvE2tR+tCeOfb
n+FHkuRwzRJeOUb80e3pd0o8EwmQc5qrk9smLXy6nejTjaG09sfw8d1IXmzYb5eo
pBZaX1taGMJFyYEfHqQRrF6jWinHxGzLT82FRbNgJg/HUFnnk5J+WgIVh5oVJ8Dd
GFn5TQkRQSBdOfxkNXlMDIdzqFXfbRjyiefnAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUDe9VG8Q5UID+oA33h9G4XRWnMH0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9EZTlWRzhRNVVJRC1vQTMz
aDlHNFhSV25NSDAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAJvA9Mx2d248qdtxCsjQOOyVrbeAPtqRNSwc
98PTacvzncY4vuSffqSzO8veexgDHnqCgFw/gvW+KK1+Sco5G/gqisxeKpRq0u17
j/vQitjQ+F695bZIpyhetG4rLMC08gWR6tadWQmMYdLD1f0XDZGUWr29Dg0DOTih
iMyYmv6oTJqV7p5lQJlG5/XSDXJRzu5QMZdim/8LhCuuauAlGGqWbWE0AwHZuJeY
COwX9SZSiihl+PkAWU7eTHRS2yDWWetfxOolBknj5PkLo3BOhYIVhYee8S1a3WlQ
JTVLGqZ1jTHV40XcMdmZvh/6Okh1nwCqSd5KDWvI8zsuJS7sqI0=
-----END CERTIFICATE-----
Generated at Sun Jun 15 08:54:18 2025 by rpki-client