Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/NvHWpkkyfoK2XLd64Ay42H5Bbqg.roa
File: NvHWpkkyfoK2XLd64Ay42H5Bbqg.roa (raw, json)
Hash identifier: LVOLGAwvQX0to0PMfobVtvmAVT6YPwNLSnnVSOy0Oto=
Subject key identifier: 36:F1:D6:A6:49:32:7E:82:B6:5C:B7:7A:E0:0C:B8:D8:7E:41:6E:A8
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1874
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/NvHWpkkyfoK2XLd64Ay42H5Bbqg.roa
Signing time: Sun 08 Jun 2025 16:39:39 +0000
ROA not before: Sun 08 Jun 2025 16:39:39 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6260 (0x1874)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 8 16:39:39 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=36F1D6A649327E82B65CB77AE00CB8D87E416EA8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:ce:5b:04:0e:c5:5e:3b:24:45:04:69:af:db:
6e:01:85:62:a1:d5:95:bb:a4:a1:17:f8:5d:49:ee:
2a:44:1c:0b:b0:ef:cb:23:31:15:f7:2e:70:39:23:
7e:52:5c:35:24:e5:ef:de:9a:1d:ed:33:b9:9d:7e:
6f:cf:9e:01:df:3b:f0:c0:49:5e:15:d5:27:c7:4a:
3f:d1:b0:5d:6b:97:4c:2c:39:a9:4a:61:d6:77:ea:
88:86:ff:be:d0:bb:89:9e:b1:2a:ec:44:d8:69:f2:
68:c0:2b:fb:9e:32:53:b4:59:39:eb:7a:32:2a:ae:
b9:78:47:29:f4:e1:7c:11:e9:8c:b3:c5:35:7a:3c:
31:24:ac:82:cf:c9:55:4f:f0:55:ab:0a:1f:2f:93:
4f:11:8e:bf:8f:cf:cf:15:1d:96:5a:f8:5a:9f:32:
6d:34:9f:c8:c3:6b:dd:8c:7f:14:e7:4e:70:72:b0:
15:7d:6c:f9:a2:d0:ec:9a:67:28:1a:6b:60:35:b2:
30:89:99:9a:93:02:a5:58:95:7a:95:a8:8a:8b:39:
03:1c:6c:70:c5:c1:2f:bb:6f:77:fa:f2:1c:3d:04:
d8:a8:15:4b:df:b5:92:e7:3c:44:53:2c:10:4c:27:
5f:68:08:de:df:06:b4:da:ff:a5:22:6e:df:1c:af:
c5:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:F1:D6:A6:49:32:7E:82:B6:5C:B7:7A:E0:0C:B8:D8:7E:41:6E:A8
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/NvHWpkkyfoK2XLd64Ay42H5Bbqg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5e:1a:eb:d1:27:69:0e:d2:ad:8f:c9:8c:dc:e8:aa:eb:a3:76:
f6:c9:55:1a:3c:3d:ad:cc:8e:fc:a1:42:b2:1b:e5:ec:a6:9c:
3e:b9:95:b5:9d:3f:13:e9:7b:6b:a0:1b:33:f2:99:d1:dd:42:
05:ad:7b:50:24:4d:5a:b5:3e:ff:52:0e:8f:b2:4e:4f:f8:78:
70:9c:54:56:04:64:f0:7e:99:75:d5:b4:35:4e:27:f7:57:d9:
68:45:e6:6a:30:0e:7d:fe:d7:a3:98:40:57:dc:e5:ae:da:c1:
9a:47:66:6b:61:2a:1e:62:4a:11:71:e6:d2:65:af:59:a6:99:
1d:ac:6e:df:3c:0a:78:96:32:41:c0:7f:d7:52:36:4f:d5:eb:
27:93:c9:32:0c:f2:d6:87:31:33:ad:39:b2:77:f4:a9:81:70:
29:dc:1d:8c:55:ad:0e:aa:8d:60:ad:79:a0:cb:b2:c5:26:a6:
7e:e7:6b:cd:70:7d:cf:c5:c2:89:e5:b6:17:81:af:96:3c:d7:
b3:fa:0e:c2:7e:9d:c5:59:45:e8:7c:e7:1e:36:61:eb:41:55:
b2:30:d4:6c:a8:5d:df:e5:1c:fe:47:f4:25:cb:16:39:89:21:
24:f6:cc:2c:6e:3c:be:6d:65:9b:54:8e:40:a4:e2:3b:a3:52:
a2:dc:ee:3e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGHQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDgx
NjM5MzlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDM2RjFENkE2NDkzMjdF
ODJCNjVDQjc3QUUwMENCOEQ4N0U0MTZFQTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOzlsEDsVeOyRFBGmv224BhWKh1ZW7pKEX+F1J7ipEHAuw78sj
MRX3LnA5I35SXDUk5e/emh3tM7mdfm/PngHfO/DASV4V1SfHSj/RsF1rl0wsOalK
YdZ36oiG/77Qu4mesSrsRNhp8mjAK/ueMlO0WTnrejIqrrl4Ryn04XwR6YyzxTV6
PDEkrILPyVVP8FWrCh8vk08Rjr+Pz88VHZZa+FqfMm00n8jDa92MfxTnTnBysBV9
bPmi0OyaZygaa2A1sjCJmZqTAqVYlXqVqIqLOQMcbHDFwS+7b3f68hw9BNioFUvf
tZLnPERTLBBMJ19oCN7fBrTa/6Uibt8cr8XpAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUNvHWpkkyfoK2XLd64Ay42H5BbqgwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9OdkhXcGtreWZvSzJYTGQ2
NEF5NDJINUJicWcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAF4a69EnaQ7SrY/JjNzoquujdvbJVRo8Pa3M
jvyhQrIb5eymnD65lbWdPxPpe2ugGzPymdHdQgWte1AkTVq1Pv9SDo+yTk/4eHCc
VFYEZPB+mXXVtDVOJ/dX2WhF5mowDn3+16OYQFfc5a7awZpHZmthKh5iShFx5tJl
r1mmmR2sbt88CniWMkHAf9dSNk/V6yeTyTIM8taHMTOtObJ39KmBcCncHYxVrQ6q
jWCteaDLssUmpn7na81wfc/FwonltheBr5Y817P6DsJ+ncVZReh85x42YetBVbIw
1GyoXd/lHP5H9CXLFjmJIST2zCxuPL5tZZtUjkCk4jujUqLc7j4=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:54:37 2025 by rpki-client