Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/Ltb9I3HTiXfz4m5KHL9kUFpuBTo.roa
File: Ltb9I3HTiXfz4m5KHL9kUFpuBTo.roa (raw, json)
Hash identifier: eP6Kbyb+Kw1epz5+Ei9epwHhXS8JxXHsFshVcRDYC+Y=
Subject key identifier: 2E:D6:FD:23:71:D3:89:77:F3:E2:6E:4A:1C:BF:64:50:5A:6E:05:3A
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 02AC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Ltb9I3HTiXfz4m5KHL9kUFpuBTo.roa
Signing time: Sat 10 May 2025 15:37:50 +0000
ROA not before: Sat 10 May 2025 15:37:50 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 684 (0x2ac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 10 15:37:50 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=2ED6FD2371D38977F3E26E4A1CBF64505A6E053A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:8a:8e:f8:bd:69:49:ab:60:c2:50:1c:43:67:
13:e0:6a:48:7f:c6:c3:12:58:87:57:50:32:1d:3d:
10:a2:9b:1f:65:42:69:c8:42:b5:99:00:b7:ce:2e:
4d:98:7c:8d:14:3c:b2:79:e5:10:60:7c:fa:72:bb:
5b:f7:00:06:a0:69:34:a9:19:f5:e2:c2:76:dd:e2:
72:e6:ec:f1:71:a8:15:df:08:2d:66:ff:74:f9:da:
da:61:46:a1:14:42:ae:7b:fa:49:c6:98:21:ad:d4:
e7:be:58:08:98:30:06:3e:58:b7:99:f8:fd:50:87:
0f:53:db:09:ee:b5:97:a6:8b:89:fc:95:8f:c1:22:
da:52:41:b5:b9:5b:25:a7:9d:b2:56:b7:57:c2:bc:
a3:92:54:f9:cc:7f:23:fa:f3:56:30:5d:7c:39:62:
15:4b:ef:11:7f:26:33:96:9e:4a:8f:de:ec:11:f8:
a8:e1:0e:aa:9d:35:15:e4:b9:bc:fe:fa:18:82:85:
96:ad:33:4c:ae:0f:c0:7b:24:dd:59:47:1c:36:e1:
da:27:cb:91:7c:04:d6:d7:9b:94:b8:e7:d8:95:70:
71:6f:49:71:e0:c8:15:0c:f8:5f:e6:dd:51:25:20:
8e:3f:56:a3:6f:da:89:9b:86:7f:1e:c6:8d:46:15:
bb:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:D6:FD:23:71:D3:89:77:F3:E2:6E:4A:1C:BF:64:50:5A:6E:05:3A
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Ltb9I3HTiXfz4m5KHL9kUFpuBTo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
0a:dd:b9:a3:bc:fe:2c:ed:03:e8:fe:61:39:a2:fc:50:fa:1a:
1f:5a:b6:cc:52:26:19:d6:9f:18:12:44:5b:38:0f:c3:49:42:
7d:1e:9e:54:da:26:1d:af:31:c8:b1:18:ab:af:eb:65:de:2e:
27:7b:6b:26:4d:8c:d2:f0:34:9b:dd:51:bd:fc:a6:d4:82:40:
e3:e6:84:c3:e5:7b:19:a3:43:67:92:a8:cc:09:7b:25:b7:c1:
8c:0d:cb:1d:91:fb:3e:22:88:2e:4f:3b:14:75:00:c9:53:4e:
b7:e6:16:05:df:61:ab:68:12:72:63:22:ae:b3:43:c3:8a:e0:
eb:89:d7:e5:e3:20:ab:f3:b3:a6:b0:d5:ba:ac:ae:3b:65:3b:
b1:b8:75:3f:9d:03:d3:5a:46:6f:be:be:af:86:41:ff:0f:82:
5b:d0:9c:55:75:13:25:42:a0:df:13:6f:d0:f9:b1:bd:a0:10:
66:4b:56:71:77:e2:26:e2:fe:29:7f:7f:ed:01:33:46:d9:d3:
04:7b:3c:8f:f7:a8:13:64:59:0d:39:3e:85:a0:3d:7c:c7:d5:
27:ce:e0:a6:78:63:2a:a8:6d:79:a5:13:bb:39:95:68:72:a7:
94:b4:ed:ac:b0:0b:e6:22:43:a2:e5:3d:a4:e9:a7:6f:c5:35:
16:0a:9a:05
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAqwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTAx
NTM3NTBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDJFRDZGRDIzNzFEMzg5
NzdGM0UyNkU0QTFDQkY2NDUwNUE2RTA1M0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6io74vWlJq2DCUBxDZxPgakh/xsMSWIdXUDIdPRCimx9lQmnI
QrWZALfOLk2YfI0UPLJ55RBgfPpyu1v3AAagaTSpGfXiwnbd4nLm7PFxqBXfCC1m
/3T52tphRqEUQq57+knGmCGt1Oe+WAiYMAY+WLeZ+P1Qhw9T2wnutZemi4n8lY/B
ItpSQbW5WyWnnbJWt1fCvKOSVPnMfyP681YwXXw5YhVL7xF/JjOWnkqP3uwR+Kjh
DqqdNRXkubz++hiChZatM0yuD8B7JN1ZRxw24dony5F8BNbXm5S459iVcHFvSXHg
yBUM+F/m3VElII4/VqNv2ombhn8exo1GFbsVAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQULtb9I3HTiXfz4m5KHL9kUFpuBTowHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9MdGI5STNIVGlYZno0bTVL
SEw5a1VGcHVCVG8ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAArduaO8/iztA+j+YTmi/FD6Gh9atsxSJhnW
nxgSRFs4D8NJQn0enlTaJh2vMcixGKuv62XeLid7ayZNjNLwNJvdUb38ptSCQOPm
hMPlexmjQ2eSqMwJeyW3wYwNyx2R+z4iiC5POxR1AMlTTrfmFgXfYatoEnJjIq6z
Q8OK4OuJ1+XjIKvzs6aw1bqsrjtlO7G4dT+dA9NaRm++vq+GQf8PglvQnFV1EyVC
oN8Tb9D5sb2gEGZLVnF34ibi/il/f+0BM0bZ0wR7PI/3qBNkWQ05PoWgPXzH1SfO
4KZ4YyqobXmlE7s5lWhyp5S07aywC+YiQ6LlPaTpp2/FNRYKmgU=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:56:08 2025 by rpki-client