Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/Ma-NmCXrAOhyaQy25Ab724HrxHI.roa
File: Ma-NmCXrAOhyaQy25Ab724HrxHI.roa (raw, json)
Hash identifier: P6NFhSUJzZo0/bTTWzYfDErR26x5rgws++FXo0EFo18=
Subject key identifier: 31:AF:8D:98:25:EB:00:E8:72:69:0C:B6:E4:06:FB:DB:81:EB:C4:72
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1330
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Ma-NmCXrAOhyaQy25Ab724HrxHI.roa
Signing time: Sun 01 Jun 2025 16:09:19 +0000
ROA not before: Sun 01 Jun 2025 16:09:19 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4912 (0x1330)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 1 16:09:19 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=31AF8D9825EB00E872690CB6E406FBDB81EBC472
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:d0:19:f8:51:7c:88:4e:2c:e0:4a:4a:c5:b0:
a9:52:de:59:c1:5a:b3:e4:80:1f:d2:47:e4:f4:9a:
f5:d4:5b:92:6c:be:bb:63:87:9e:9f:b6:c2:7e:ff:
a8:1c:76:c1:63:ed:37:0b:bf:d5:cc:91:1e:94:7c:
50:35:9f:a0:12:ad:e3:eb:92:33:e2:6d:0c:1a:d9:
3b:cd:52:4a:23:46:ad:99:8d:39:f4:f1:a8:d8:03:
e2:f9:7e:7f:00:f3:9b:33:46:e8:13:8c:75:c7:a0:
20:a0:02:56:f9:e0:be:33:58:84:ae:d4:fd:0a:78:
81:45:94:b4:36:2d:4f:c7:f8:2b:c5:a9:75:93:1d:
65:a9:cc:3a:e4:53:de:03:9d:31:b7:19:da:8a:fa:
ad:55:e1:de:26:6c:06:45:22:ad:76:b0:01:9a:cb:
9a:ba:e8:3d:ce:c8:8f:9f:30:d7:4c:c1:1b:58:a0:
ed:d6:c0:ec:7b:3a:4d:8c:72:34:f2:e3:76:6f:67:
64:c3:44:b4:2b:47:a6:0f:1e:f2:3e:0b:f2:30:b8:
8f:d4:bf:fc:bd:c6:c1:ca:6e:00:0a:75:19:4d:09:
53:d4:8e:d5:74:85:e7:f1:0d:99:7b:3c:16:18:71:
cb:81:97:44:bc:9a:1c:fb:dc:4f:0a:18:9a:e5:ea:
84:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:AF:8D:98:25:EB:00:E8:72:69:0C:B6:E4:06:FB:DB:81:EB:C4:72
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Ma-NmCXrAOhyaQy25Ab724HrxHI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
54:20:31:3c:62:82:19:e6:13:23:ad:30:bd:9e:90:89:21:4d:
43:8e:cb:13:29:b2:83:54:ce:08:07:86:82:4e:3d:01:6f:c5:
74:63:f0:60:4c:ca:89:ee:5d:be:91:f4:c7:3e:c3:68:6f:34:
2d:dd:c0:26:c1:0a:55:a9:3c:c3:2c:f1:3c:fb:82:c2:cf:15:
6f:8a:96:2b:fd:2f:6f:be:b2:95:94:45:79:c8:30:84:9f:ba:
55:2e:08:a2:ad:37:48:8b:14:38:bb:fb:b6:a0:28:23:35:00:
bb:2b:b2:50:36:bf:5b:96:5d:06:39:2b:21:4d:cb:56:69:d3:
3d:58:98:3e:87:65:02:6c:e0:d8:12:0c:fe:33:60:04:db:17:
cd:fc:5e:80:5b:3d:8a:fc:f0:bc:7d:eb:de:00:da:76:7e:eb:
35:06:97:38:7f:bf:25:57:a6:99:e0:f4:47:23:fe:fb:ec:76:
9c:3d:62:c2:6d:85:9c:a0:1f:5c:d4:54:6b:b1:d7:48:48:0e:
fe:19:56:78:a1:50:5c:34:dd:22:02:ce:0f:95:b4:fe:b6:76:
89:5d:8d:09:66:db:23:c8:20:dc:a8:21:5d:b1:ce:43:13:d4:
40:e7:a7:d2:71:5c:79:8a:a1:9f:21:46:85:4c:c7:38:5f:f4:
91:40:02:73
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICEzAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDEx
NjA5MTlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDMxQUY4RDk4MjVFQjAw
RTg3MjY5MENCNkU0MDZGQkRCODFFQkM0NzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDy0Bn4UXyITizgSkrFsKlS3lnBWrPkgB/SR+T0mvXUW5Jsvrtj
h56ftsJ+/6gcdsFj7TcLv9XMkR6UfFA1n6ASrePrkjPibQwa2TvNUkojRq2ZjTn0
8ajYA+L5fn8A85szRugTjHXHoCCgAlb54L4zWISu1P0KeIFFlLQ2LU/H+CvFqXWT
HWWpzDrkU94DnTG3GdqK+q1V4d4mbAZFIq12sAGay5q66D3OyI+fMNdMwRtYoO3W
wOx7Ok2McjTy43ZvZ2TDRLQrR6YPHvI+C/IwuI/Uv/y9xsHKbgAKdRlNCVPUjtV0
hefxDZl7PBYYccuBl0S8mhz73E8KGJrl6oRhAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUMa+NmCXrAOhyaQy25Ab724HrxHIwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9NYS1ObUNYckFPaHlhUXky
NUFiNzI0SHJ4SEkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAFQgMTxighnmEyOtML2ekIkhTUOOyxMpsoNU
zggHhoJOPQFvxXRj8GBMyonuXb6R9Mc+w2hvNC3dwCbBClWpPMMs8Tz7gsLPFW+K
liv9L2++spWURXnIMISfulUuCKKtN0iLFDi7+7agKCM1ALsrslA2v1uWXQY5KyFN
y1Zp0z1YmD6HZQJs4NgSDP4zYATbF838XoBbPYr88Lx9694A2nZ+6zUGlzh/vyVX
ppng9Ecj/vvsdpw9YsJthZygH1zUVGux10hIDv4ZVnihUFw03SICzg+VtP62dold
jQlm2yPIINyoIV2xzkMT1EDnp9JxXHmKoZ8hRoVMxzhf9JFAAnM=
-----END CERTIFICATE-----
Generated at Sun Jun 22 00:54:44 2025 by rpki-client