Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/QKKk-lhYzA1cvEhlxngk4OvdHhw.roa
File: QKKk-lhYzA1cvEhlxngk4OvdHhw.roa (raw, json)
Hash identifier: CL/wuOWXsxz4oiHGFThJ55SSRzkN3yM3A+bybw2ptYk=
Subject key identifier: 40:A2:A4:FA:58:58:CC:0D:5C:BC:48:65:C6:78:24:E0:EB:DD:1E:1C
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1784
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/QKKk-lhYzA1cvEhlxngk4OvdHhw.roa
Signing time: Sat 07 Jun 2025 10:39:42 +0000
ROA not before: Sat 07 Jun 2025 10:39:42 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6020 (0x1784)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 7 10:39:42 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=40A2A4FA5858CC0D5CBC4865C67824E0EBDD1E1C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:54:5c:d2:dc:6f:05:2b:7f:49:42:1d:32:6b:
f0:18:fe:f3:c6:a6:ac:34:7c:47:0c:76:92:81:9b:
0d:3a:e3:39:45:33:2e:50:b5:17:1a:71:bb:c2:0a:
7a:f0:78:16:db:aa:85:fe:69:2d:86:2c:76:96:ad:
43:39:6f:8a:e6:ef:7d:30:5d:c6:32:e4:3e:2e:3f:
3f:e9:eb:5d:51:78:45:84:a9:13:89:46:c3:2a:68:
59:a7:c0:f2:36:eb:8f:e4:d8:be:25:c6:be:ab:41:
b1:3a:d2:0c:5c:18:f3:f3:c8:f4:ef:2a:2d:52:d6:
75:04:06:45:0f:be:d6:28:e8:df:51:50:6f:2e:32:
c4:30:61:95:3b:af:d1:86:66:ef:3e:6f:0e:28:87:
7d:41:c7:db:ab:30:ee:b9:2a:3b:45:df:49:2d:58:
f5:70:6b:bb:91:d5:7b:fe:e9:50:91:ac:00:ea:cf:
aa:6b:be:00:eb:6a:93:bf:05:14:29:59:ed:be:13:
87:50:9c:c5:45:6d:3c:82:0c:68:92:fb:b6:3d:85:
86:a5:5e:60:80:d9:f7:a4:73:39:4f:5a:22:b2:87:
e0:c8:b6:b8:9b:01:9d:5a:ef:b5:ed:16:55:fb:10:
91:16:a6:06:35:2e:70:f2:c8:60:bd:99:56:45:e0:
75:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:A2:A4:FA:58:58:CC:0D:5C:BC:48:65:C6:78:24:E0:EB:DD:1E:1C
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/QKKk-lhYzA1cvEhlxngk4OvdHhw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
67:ad:bf:3d:35:36:67:65:0c:3f:5b:31:34:e4:68:ac:45:7e:
66:75:72:0c:df:a7:e1:15:71:4b:8c:e6:06:88:ec:3e:da:7e:
ab:be:7d:62:72:6e:d8:e6:99:55:87:c2:47:dd:0b:9d:b1:ef:
5b:09:1f:cb:e2:68:23:01:e7:a8:ff:9c:a6:d8:30:33:e0:8d:
18:d8:b5:6a:ca:11:fb:e4:38:b3:61:42:03:78:f6:d6:00:7d:
1f:3f:6d:f4:22:55:66:ae:77:19:e8:3f:25:5a:bf:71:9b:1f:
80:52:18:19:15:5d:9c:e0:ca:41:33:32:4b:f9:2a:33:8b:7a:
7d:84:81:13:3c:4b:49:69:7b:06:20:12:f4:76:b6:a8:4b:e7:
43:fb:00:30:20:55:27:79:fc:91:90:87:54:40:46:4b:b5:ec:
b2:1f:ab:cd:01:93:18:b5:71:73:98:c0:59:62:1f:86:9e:ab:
45:fd:f6:ad:3e:54:c8:1c:61:b2:c3:4d:34:cb:df:7f:a1:38:
ee:e3:39:d7:57:97:3e:9b:a7:28:c0:69:08:a3:ea:e4:ad:42:
b4:1c:3d:8b:0a:46:bf:75:94:c9:30:1a:2a:4b:30:62:32:05:
e3:24:0f:1a:7f:a5:85:f8:57:ea:fb:de:e1:8e:a2:11:98:ba:
5f:38:a2:0a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICF4QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDcx
MDM5NDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDQwQTJBNEZBNTg1OEND
MEQ1Q0JDNDg2NUM2NzgyNEUwRUJERDFFMUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYVFzS3G8FK39JQh0ya/AY/vPGpqw0fEcMdpKBmw064zlFMy5Q
tRcacbvCCnrweBbbqoX+aS2GLHaWrUM5b4rm730wXcYy5D4uPz/p611ReEWEqROJ
RsMqaFmnwPI264/k2L4lxr6rQbE60gxcGPPzyPTvKi1S1nUEBkUPvtYo6N9RUG8u
MsQwYZU7r9GGZu8+bw4oh31Bx9urMO65KjtF30ktWPVwa7uR1Xv+6VCRrADqz6pr
vgDrapO/BRQpWe2+E4dQnMVFbTyCDGiS+7Y9hYalXmCA2fekczlPWiKyh+DItrib
AZ1a77XtFlX7EJEWpgY1LnDyyGC9mVZF4HXFAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUQKKk+lhYzA1cvEhlxngk4OvdHhwwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9RS0trLWxoWXpBMWN2RWhs
eG5nazRPdmRIaHcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAGetvz01NmdlDD9bMTTkaKxFfmZ1cgzfp+EV
cUuM5gaI7D7afqu+fWJybtjmmVWHwkfdC52x71sJH8viaCMB56j/nKbYMDPgjRjY
tWrKEfvkOLNhQgN49tYAfR8/bfQiVWaudxnoPyVav3GbH4BSGBkVXZzgykEzMkv5
KjOLen2EgRM8S0lpewYgEvR2tqhL50P7ADAgVSd5/JGQh1RARku17LIfq80Bkxi1
cXOYwFliH4aeq0X99q0+VMgcYbLDTTTL33+hOO7jOddXlz6bpyjAaQij6uStQrQc
PYsKRr91lMkwGipLMGIyBeMkDxp/pYX4V+r73uGOohGYul84ogo=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:55:29 2025 by rpki-client