Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/MpNUfdicK9Akt6ITma63JkrralE.roa
File: MpNUfdicK9Akt6ITma63JkrralE.roa (raw, json)
Hash identifier: 2ab+jcB0oI3UXT0HeDURqeU9sSS79E1oiTPKzF+wmx4=
Subject key identifier: 32:93:54:7D:D8:9C:2B:D0:24:B7:A2:13:99:AE:B7:26:4A:EB:6A:51
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1970
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/MpNUfdicK9Akt6ITma63JkrralE.roa
Signing time: Tue 10 Jun 2025 00:09:39 +0000
ROA not before: Tue 10 Jun 2025 00:09:39 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6512 (0x1970)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 10 00:09:39 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=3293547DD89C2BD024B7A21399AEB7264AEB6A51
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:7c:3f:33:7b:6f:9d:8f:51:47:43:98:97:0e:
44:9d:65:2b:a5:4f:6b:d9:8e:6c:b2:07:4b:2e:77:
95:91:2b:d2:15:7a:25:ba:22:94:c7:bf:95:21:b9:
73:23:18:37:67:36:23:81:e9:d6:e6:a3:da:a4:6a:
bd:f5:c1:e5:03:03:ec:e8:85:6e:ab:4e:86:04:d7:
00:b7:51:be:88:64:c5:6c:87:0c:cd:ec:d2:4e:8e:
4d:24:80:1c:35:6f:37:5b:e8:0a:e5:6c:22:4e:35:
53:03:c6:da:28:b0:44:24:40:17:41:42:77:74:09:
02:de:2e:1f:6c:11:4a:37:f6:34:77:49:a8:a8:53:
ba:74:7f:83:49:b4:f5:64:32:db:e3:26:ce:f1:91:
89:6d:87:5d:4e:9c:8f:f6:4e:88:ab:a0:cf:97:95:
ff:c4:52:45:98:21:b2:d4:5e:db:1f:da:73:96:88:
8d:7e:e5:e4:d5:91:cc:91:65:7a:85:1c:ac:f3:09:
7d:db:06:1a:ca:6e:17:bf:c4:37:9f:2b:4c:21:17:
22:2b:03:08:32:0a:c5:c9:e9:5e:45:82:da:9b:c1:
01:10:1c:88:41:7c:06:b1:a5:00:7e:e7:d0:84:92:
88:0c:cb:49:be:77:83:6d:72:9b:52:f6:2f:58:dc:
07:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:93:54:7D:D8:9C:2B:D0:24:B7:A2:13:99:AE:B7:26:4A:EB:6A:51
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/MpNUfdicK9Akt6ITma63JkrralE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
54:c7:2b:f3:eb:c1:63:63:ea:6f:01:2f:9b:a4:b5:02:fc:21:
0c:c1:80:89:84:ee:b2:2b:95:83:14:ab:87:ef:0c:88:8d:78:
9c:06:29:ea:07:75:57:de:2c:08:47:29:6c:16:db:e2:d0:0f:
15:a7:bf:57:99:87:33:ae:17:6b:b1:7b:fb:1d:ee:c8:11:8d:
a6:12:a8:f2:48:ea:ab:51:fb:16:a2:81:84:4b:b0:51:d6:8b:
2d:d5:2d:87:52:1d:d1:db:c6:2f:de:0d:3b:ca:9f:97:ea:40:
8d:a9:b1:07:94:39:83:f1:5b:37:0d:4b:e1:03:4c:99:a8:32:
74:30:fe:fb:51:ed:d1:6f:63:ef:7b:1e:a2:54:00:e9:02:f4:
d1:07:fe:a5:dc:d2:28:cb:a5:14:fd:40:98:4e:40:e3:78:c2:
13:11:8b:c4:ba:5e:f6:7e:19:91:94:f8:1f:90:c4:0e:29:a2:
7f:8f:c1:c7:0e:49:db:1a:7b:5e:b7:22:3b:42:80:89:6b:7e:
86:31:5b:45:34:33:05:d7:b0:d6:27:d5:6d:43:c9:f1:b4:29:
b2:1c:3e:2a:c3:2a:42:b9:b1:37:62:05:57:d1:27:6c:87:47:
57:b0:73:52:73:da:5d:63:e8:a8:81:4b:92:39:dc:91:c2:73:
9c:1d:9f:b5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGXAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTAw
MDA5MzlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDMyOTM1NDdERDg5QzJC
RDAyNEI3QTIxMzk5QUVCNzI2NEFFQjZBNTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHfD8ze2+dj1FHQ5iXDkSdZSulT2vZjmyyB0sud5WRK9IVeiW6
IpTHv5UhuXMjGDdnNiOB6dbmo9qkar31weUDA+zohW6rToYE1wC3Ub6IZMVshwzN
7NJOjk0kgBw1bzdb6ArlbCJONVMDxtoosEQkQBdBQnd0CQLeLh9sEUo39jR3Saio
U7p0f4NJtPVkMtvjJs7xkYlth11OnI/2ToiroM+Xlf/EUkWYIbLUXtsf2nOWiI1+
5eTVkcyRZXqFHKzzCX3bBhrKbhe/xDefK0whFyIrAwgyCsXJ6V5FgtqbwQEQHIhB
fAaxpQB+59CEkogMy0m+d4NtcptS9i9Y3Ae3AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUMpNUfdicK9Akt6ITma63JkrralEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9NcE5VZmRpY0s5QWt0NklU
bWE2M0prcnJhbEUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAFTHK/PrwWNj6m8BL5uktQL8IQzBgImE7rIr
lYMUq4fvDIiNeJwGKeoHdVfeLAhHKWwW2+LQDxWnv1eZhzOuF2uxe/sd7sgRjaYS
qPJI6qtR+xaigYRLsFHWiy3VLYdSHdHbxi/eDTvKn5fqQI2psQeUOYPxWzcNS+ED
TJmoMnQw/vtR7dFvY+97HqJUAOkC9NEH/qXc0ijLpRT9QJhOQON4whMRi8S6XvZ+
GZGU+B+QxA4pon+PwccOSdsae163IjtCgIlrfoYxW0U0MwXXsNYn1W1DyfG0KbIc
PirDKkK5sTdiBVfRJ2yHR1ewc1Jz2l1j6KiBS5I53JHCc5wdn7U=
-----END CERTIFICATE-----
Generated at Sun Jun 22 14:41:37 2025 by rpki-client