Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/QXJ9PcsWuCJe9K27DVWzHj3bHSw.roa
File: QXJ9PcsWuCJe9K27DVWzHj3bHSw.roa (raw, json)
Hash identifier: 35hG4rXjbBxND4a4/KxF7oxOrbuCAVBsw4ufQdnOHa8=
Subject key identifier: 41:72:7D:3D:CB:16:B8:22:5E:F4:AD:BB:0D:55:B3:1E:3D:DB:1D:2C
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1C60
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/QXJ9PcsWuCJe9K27DVWzHj3bHSw.roa
Signing time: Fri 13 Jun 2025 22:09:55 +0000
ROA not before: Fri 13 Jun 2025 22:09:55 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7264 (0x1c60)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 13 22:09:55 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=41727D3DCB16B8225EF4ADBB0D55B31E3DDB1D2C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:35:cd:a3:6e:4e:2c:1b:8f:69:d8:4b:aa:00:
a8:bd:e9:71:74:3b:56:8b:44:f5:2c:fe:3d:64:a5:
41:fe:98:d2:99:f6:b9:77:93:fd:86:50:35:2f:07:
af:9d:b4:eb:82:d7:e5:a3:3a:e1:f8:99:76:e4:8b:
58:7e:dd:6c:eb:48:b3:da:a8:e7:cd:71:86:47:cb:
a9:47:e4:c6:c2:8f:b5:6a:82:ec:28:19:26:da:d3:
1e:20:b0:86:46:33:0e:58:62:55:a6:6a:7d:0b:37:
36:2e:53:f7:40:c1:3d:d9:e4:f1:6d:7a:3d:28:fa:
4e:eb:66:29:e6:52:ae:7c:36:bc:46:4c:c8:83:0b:
af:1c:ad:19:8e:0b:bc:78:26:d0:21:d0:ca:40:89:
ac:99:c0:df:6e:e6:2d:66:07:52:d2:e0:7f:33:9a:
e0:ea:3a:db:2c:e6:6c:ca:a2:a2:f9:cd:c1:8b:8a:
c8:ba:61:f2:21:9e:2d:74:31:6a:68:65:46:26:47:
a0:5b:a6:85:fc:56:57:0b:86:38:0a:fb:93:c8:52:
6a:ab:c7:88:a3:ac:56:4f:ab:2f:8f:08:a3:c0:80:
d1:09:54:eb:74:0c:18:2d:8c:2d:29:f6:12:fa:c6:
b0:5c:3a:94:ba:05:72:06:49:18:12:74:19:b5:49:
55:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:72:7D:3D:CB:16:B8:22:5E:F4:AD:BB:0D:55:B3:1E:3D:DB:1D:2C
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/QXJ9PcsWuCJe9K27DVWzHj3bHSw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
84:19:36:b7:a3:72:44:11:92:c8:41:2b:66:1f:e3:cc:2a:c2:
d1:dd:69:22:61:28:11:94:b6:88:61:5f:a8:45:82:52:57:05:
31:7e:6f:93:e7:3c:d9:7c:ec:40:5f:00:19:d2:b5:73:66:91:
a8:92:a9:30:f9:85:cd:19:18:40:d0:07:71:2d:cb:7d:45:42:
43:5a:3d:8a:66:5b:c1:1c:57:eb:b0:c4:21:68:1f:78:10:dc:
4d:c8:60:f5:26:79:32:4f:a2:f7:c9:72:12:6f:bc:ed:41:16:
0e:fd:09:ad:f7:d5:36:d5:5b:f2:b6:6f:f5:b0:f1:d2:f3:37:
cb:a3:c7:d1:cc:e4:56:80:f7:c1:31:b8:61:cd:a3:61:53:ff:
be:cd:09:54:93:3f:40:5c:54:b5:38:7a:54:b1:fc:03:e4:85:
47:61:e1:d0:d5:8c:b1:f3:eb:cf:f3:8f:a2:3a:82:0f:4e:3a:
37:32:f1:5f:d5:7b:54:5a:5f:d1:60:48:e9:ca:a9:85:c4:02:
fd:9d:c0:f6:79:fd:42:94:4e:44:22:af:3b:07:ef:58:6f:59:
77:59:57:c0:ba:04:15:5d:32:7c:f0:4b:85:ef:19:c3:37:d0:
38:54:1c:0b:a1:36:d7:6a:18:44:e5:8d:ef:27:99:df:4a:a8:
43:7a:aa:40
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHGAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTMy
MjA5NTVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDQxNzI3RDNEQ0IxNkI4
MjI1RUY0QURCQjBENTVCMzFFM0REQjFEMkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPNc2jbk4sG49p2EuqAKi96XF0O1aLRPUs/j1kpUH+mNKZ9rl3
k/2GUDUvB6+dtOuC1+WjOuH4mXbki1h+3WzrSLPaqOfNcYZHy6lH5MbCj7Vqguwo
GSba0x4gsIZGMw5YYlWman0LNzYuU/dAwT3Z5PFtej0o+k7rZinmUq58NrxGTMiD
C68crRmOC7x4JtAh0MpAiayZwN9u5i1mB1LS4H8zmuDqOtss5mzKoqL5zcGLisi6
YfIhni10MWpoZUYmR6BbpoX8VlcLhjgK+5PIUmqrx4ijrFZPqy+PCKPAgNEJVOt0
DBgtjC0p9hL6xrBcOpS6BXIGSRgSdBm1SVWnAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUQXJ9PcsWuCJe9K27DVWzHj3bHSwwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9RWEo5UGNzV3VDSmU5SzI3
RFZXekhqM2JIU3cucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIQZNrejckQRkshBK2Yf48wqwtHdaSJhKBGU
tohhX6hFglJXBTF+b5PnPNl87EBfABnStXNmkaiSqTD5hc0ZGEDQB3Ety31FQkNa
PYpmW8EcV+uwxCFoH3gQ3E3IYPUmeTJPovfJchJvvO1BFg79Ca331TbVW/K2b/Ww
8dLzN8ujx9HM5FaA98ExuGHNo2FT/77NCVSTP0BcVLU4elSx/APkhUdh4dDVjLHz
68/zj6I6gg9OOjcy8V/Ve1RaX9FgSOnKqYXEAv2dwPZ5/UKUTkQirzsH71hvWXdZ
V8C6BBVdMnzwS4XvGcM30DhUHAuhNtdqGETlje8nmd9KqEN6qkA=
-----END CERTIFICATE-----
Generated at Sun Jun 22 11:55:14 2025 by rpki-client