Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/Gq8G-Qg3qkzipOZrZTv1H04pX1M.roa
File: Gq8G-Qg3qkzipOZrZTv1H04pX1M.roa (raw, json)
Hash identifier: K0ebPbQ3B9QgtEtcEt0DuoWak870/XoIWVN/3bQULlQ=
Subject key identifier: 1A:AF:06:F9:08:37:AA:4C:E2:A4:E6:6B:65:3B:F5:1F:4E:29:5F:53
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 15F0
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Gq8G-Qg3qkzipOZrZTv1H04pX1M.roa
Signing time: Thu 05 Jun 2025 08:09:21 +0000
ROA not before: Thu 05 Jun 2025 08:09:21 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5616 (0x15f0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 5 08:09:21 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=1AAF06F90837AA4CE2A4E66B653BF51F4E295F53
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:05:86:f5:31:19:dd:25:8f:47:b5:e4:7a:0e:
e0:33:79:ed:87:68:1e:b7:87:19:64:89:49:8f:79:
07:7c:13:98:a3:61:e7:31:49:06:d4:57:79:45:6e:
8a:23:3c:02:99:63:88:59:16:2f:57:84:6b:60:03:
1d:e8:da:e3:b5:23:1f:f5:d5:f1:b7:de:13:0b:e0:
62:d1:6c:dd:84:b0:b7:8b:06:90:ff:76:cb:68:39:
ee:ff:9b:7b:57:d7:12:17:54:58:91:51:86:46:72:
04:2e:48:33:e6:b9:c5:ca:83:50:7a:24:6a:67:32:
ed:87:b8:38:2d:3a:81:04:19:3c:75:a4:c7:ee:c6:
33:30:09:0a:80:c5:33:73:09:18:9a:04:f5:56:c2:
95:aa:8e:98:56:60:25:2c:db:12:74:43:a6:db:f8:
ca:3f:d8:57:d2:78:ee:4e:9c:1a:24:36:33:9a:d5:
2c:a1:42:cf:a6:fa:51:3b:fb:d8:15:27:ec:a5:56:
06:2f:3b:4d:23:22:01:60:a4:2a:9f:d1:63:14:1f:
1c:1b:78:96:c3:1a:e5:96:34:85:54:fd:71:26:b2:
5e:00:6e:bc:7b:82:e2:31:aa:66:31:75:7c:e3:f3:
cb:09:3b:8d:79:20:98:3a:6f:81:87:8a:6a:f9:9d:
cc:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:AF:06:F9:08:37:AA:4C:E2:A4:E6:6B:65:3B:F5:1F:4E:29:5F:53
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Gq8G-Qg3qkzipOZrZTv1H04pX1M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2b:5c:e2:3a:39:e9:dc:6e:bf:d7:ac:32:07:d8:b0:25:e6:e7:
a3:d8:31:47:41:85:84:f5:17:02:82:62:1c:e8:b6:91:8d:91:
d6:24:ea:2b:04:f8:92:4a:89:cc:50:ff:f6:a2:f2:7d:c0:3e:
8c:32:bb:1c:f9:61:3d:5f:f4:19:28:c6:52:d8:1f:43:0f:ef:
a3:b9:a0:dd:01:5f:8d:ff:61:6b:80:49:2f:9d:c8:3b:61:ba:
23:cb:9d:72:b4:de:0f:7f:14:e5:ed:96:be:63:35:71:89:56:
bb:84:74:d8:87:1e:16:d9:0e:3a:bd:df:33:87:5e:84:62:6d:
d7:85:14:86:09:35:3f:a9:bb:e5:14:7c:49:03:59:cd:ac:71:
12:aa:ff:cc:6b:80:27:1a:42:fe:9c:c0:f5:df:1c:90:f7:dc:
55:0f:e6:08:49:e3:9e:7a:b7:c7:b1:18:cd:04:76:f1:4f:9e:
7d:2f:26:90:7c:da:5a:08:51:08:a7:c0:36:4b:31:87:12:c1:
0a:62:87:11:e9:73:77:47:ec:4e:8c:38:42:58:ea:58:71:00:
20:94:a2:5d:97:c7:46:c7:61:83:ed:a1:25:4f:a0:ba:73:03:
f6:6b:a8:a5:59:15:48:28:47:27:c4:26:e0:9b:a4:07:31:5a:
eb:19:4e:8d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFfAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDUw
ODA5MjFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDFBQUYwNkY5MDgzN0FB
NENFMkE0RTY2QjY1M0JGNTFGNEUyOTVGNTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCTBYb1MRndJY9HteR6DuAzee2HaB63hxlkiUmPeQd8E5ijYecx
SQbUV3lFboojPAKZY4hZFi9XhGtgAx3o2uO1Ix/11fG33hML4GLRbN2EsLeLBpD/
dstoOe7/m3tX1xIXVFiRUYZGcgQuSDPmucXKg1B6JGpnMu2HuDgtOoEEGTx1pMfu
xjMwCQqAxTNzCRiaBPVWwpWqjphWYCUs2xJ0Q6bb+Mo/2FfSeO5OnBokNjOa1Syh
Qs+m+lE7+9gVJ+ylVgYvO00jIgFgpCqf0WMUHxwbeJbDGuWWNIVU/XEmsl4Abrx7
guIxqmYxdXzj88sJO415IJg6b4GHimr5nczFAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUGq8G+Qg3qkzipOZrZTv1H04pX1MwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9HcThHLVFnM3FremlwT1py
WlR2MUgwNHBYMU0ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACtc4jo56dxuv9esMgfYsCXm56PYMUdBhYT1
FwKCYhzotpGNkdYk6isE+JJKicxQ//ai8n3APowyuxz5YT1f9BkoxlLYH0MP76O5
oN0BX43/YWuASS+dyDthuiPLnXK03g9/FOXtlr5jNXGJVruEdNiHHhbZDjq93zOH
XoRibdeFFIYJNT+pu+UUfEkDWc2scRKq/8xrgCcaQv6cwPXfHJD33FUP5ghJ4556
t8exGM0EdvFPnn0vJpB82loIUQinwDZLMYcSwQpihxHpc3dH7E6MOEJY6lhxACCU
ol2Xx0bHYYPtoSVPoLpzA/ZrqKVZFUgoRyfEJuCbpAcxWusZTo0=
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:51:43 2025 by rpki-client