Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/Rm3fmM4cM3rPBezQnxYVG6zTwfs.roa
File: Rm3fmM4cM3rPBezQnxYVG6zTwfs.roa (raw, json)
Hash identifier: Bfqo7fBcG+y1hi6kYCzo4SUDWP4LKoJ3m9q5X65yVoM=
Subject key identifier: 46:6D:DF:98:CE:1C:33:7A:CF:05:EC:D0:9F:16:15:1B:AC:D3:C1:FB
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 14A4
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Rm3fmM4cM3rPBezQnxYVG6zTwfs.roa
Signing time: Tue 03 Jun 2025 14:39:15 +0000
ROA not before: Tue 03 Jun 2025 14:39:15 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5284 (0x14a4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 3 14:39:15 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=466DDF98CE1C337ACF05ECD09F16151BACD3C1FB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:fe:fd:59:37:70:4c:41:40:fc:be:22:cf:e1:
a9:1a:f6:dc:77:59:18:98:b0:13:50:2e:59:c9:69:
2f:14:9d:f1:60:76:c4:f0:54:61:d7:0b:55:e3:ce:
8b:d8:fc:f0:98:03:cb:56:a3:00:cb:be:42:71:03:
fb:57:d5:e7:69:92:c4:b0:29:cc:81:9d:fa:92:92:
b5:26:49:8f:d2:e4:da:1d:c4:32:15:45:25:5a:76:
a5:09:1d:64:89:20:03:17:89:e0:5b:ea:ec:10:57:
a5:58:66:16:2a:39:b3:55:3d:64:a0:b4:f4:60:a2:
21:84:43:0c:00:4c:1a:d8:b5:00:a8:ea:e0:02:06:
e8:55:8a:a8:40:93:28:f8:43:27:9e:8c:b5:77:12:
24:dc:9b:be:f9:01:ae:d9:f8:d0:3a:6c:9f:37:d1:
b0:19:eb:35:76:7f:68:98:9b:32:0d:03:bd:55:6a:
4a:83:da:a9:07:cc:17:d4:57:5c:dc:56:41:f3:dd:
32:ee:f6:0c:68:19:ce:e8:f3:d4:59:ff:e7:54:e1:
41:c0:d1:f9:a2:e4:3a:96:9e:68:04:bd:70:46:f5:
f1:03:33:84:12:c8:f0:77:a0:ad:7a:89:0f:12:ab:
bf:e4:33:c3:97:1e:9e:45:0f:c8:1a:4f:73:33:0e:
9e:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:6D:DF:98:CE:1C:33:7A:CF:05:EC:D0:9F:16:15:1B:AC:D3:C1:FB
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Rm3fmM4cM3rPBezQnxYVG6zTwfs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
48:a1:40:01:e4:56:e2:9c:27:92:b9:51:12:81:75:88:fe:31:
e0:35:d6:e9:46:58:51:19:af:2f:52:2a:34:4b:9f:d4:fd:4e:
ec:34:b1:20:01:02:75:2a:f2:71:ee:0b:66:85:ea:8c:d2:db:
4a:c9:29:bd:a5:f4:a3:58:41:1f:20:03:56:96:63:fa:ef:59:
82:10:20:a7:0a:34:7d:02:86:94:f7:97:94:e5:2a:f5:36:e1:
5e:dc:da:ba:dd:f0:aa:59:fe:a6:bc:8a:33:c3:c0:19:a8:02:
5e:fa:83:ed:9c:0c:11:ab:a1:0f:84:f6:b5:48:ef:7a:11:ce:
3f:85:27:6d:04:c7:1f:11:79:db:6a:b6:f4:8a:15:ec:fd:de:
12:a2:a4:3f:bd:90:aa:a4:51:d9:65:c8:31:ab:7e:e3:6e:77:
53:3f:5a:98:48:a2:48:a3:5a:ea:29:97:35:e5:04:86:fc:7e:
8e:8c:88:a7:95:5e:7f:06:5c:86:44:c0:99:72:d0:98:1f:8f:
89:08:62:04:ec:24:7d:96:61:a9:24:7c:45:4b:45:ea:9c:2b:
18:23:f2:b1:a6:89:10:2b:38:37:9c:d6:ff:80:5a:b1:0d:e4:
f3:db:d8:6c:53:a5:1e:b1:a3:9b:88:1b:a5:56:30:24:81:78:
c5:23:98:1c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFKQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDMx
NDM5MTVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDQ2NkRERjk4Q0UxQzMz
N0FDRjA1RUNEMDlGMTYxNTFCQUNEM0MxRkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDv/v1ZN3BMQUD8viLP4aka9tx3WRiYsBNQLlnJaS8UnfFgdsTw
VGHXC1XjzovY/PCYA8tWowDLvkJxA/tX1edpksSwKcyBnfqSkrUmSY/S5NodxDIV
RSVadqUJHWSJIAMXieBb6uwQV6VYZhYqObNVPWSgtPRgoiGEQwwATBrYtQCo6uAC
BuhViqhAkyj4QyeejLV3EiTcm775Aa7Z+NA6bJ830bAZ6zV2f2iYmzINA71VakqD
2qkHzBfUV1zcVkHz3TLu9gxoGc7o89RZ/+dU4UHA0fmi5DqWnmgEvXBG9fEDM4QS
yPB3oK16iQ8Sq7/kM8OXHp5FD8gaT3MzDp6BAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQURm3fmM4cM3rPBezQnxYVG6zTwfswHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9SbTNmbU00Y00zclBCZXpR
bnhZVkc2elR3ZnMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAEihQAHkVuKcJ5K5URKBdYj+MeA11ulGWFEZ
ry9SKjRLn9T9Tuw0sSABAnUq8nHuC2aF6ozS20rJKb2l9KNYQR8gA1aWY/rvWYIQ
IKcKNH0ChpT3l5TlKvU24V7c2rrd8KpZ/qa8ijPDwBmoAl76g+2cDBGroQ+E9rVI
73oRzj+FJ20Exx8RedtqtvSKFez93hKipD+9kKqkUdllyDGrfuNud1M/WphIokij
WuoplzXlBIb8fo6MiKeVXn8GXIZEwJly0Jgfj4kIYgTsJH2WYakkfEVLReqcKxgj
8rGmiRArODec1v+AWrEN5PPb2GxTpR6xo5uIG6VWMCSBeMUjmBw=
-----END CERTIFICATE-----
Generated at Fri Jun 20 16:44:28 2025 by rpki-client