Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/SR8NdLPeJ6RF0BftgFH7iRPHAXM.roa
File: SR8NdLPeJ6RF0BftgFH7iRPHAXM.roa (raw, json)
Hash identifier: qRWKVon/gbmvBs7tF0Jb3eAQkSDsHrDXaJf0t1nDqhY=
Subject key identifier: 49:1F:0D:74:B3:DE:27:A4:45:D0:17:ED:80:51:FB:89:13:C7:01:73
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1B1C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/SR8NdLPeJ6RF0BftgFH7iRPHAXM.roa
Signing time: Thu 12 Jun 2025 05:39:59 +0000
ROA not before: Thu 12 Jun 2025 05:39:59 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6940 (0x1b1c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 12 05:39:59 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=491F0D74B3DE27A445D017ED8051FB8913C70173
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:60:93:5c:90:49:94:6b:6b:91:d3:e0:96:b5:
b3:4a:0e:c0:c1:85:9a:cb:29:32:3c:95:5e:e0:e0:
23:cb:fa:4a:0c:e7:fd:8c:47:c2:d8:f8:09:98:7f:
dd:45:84:97:c9:d7:7e:81:40:a9:47:84:f0:09:5c:
94:9e:52:e3:fb:5c:8b:67:97:9a:2d:d7:a4:7d:25:
29:d6:7e:fc:2b:43:d7:77:b4:f7:3d:0f:e3:cc:67:
63:2a:0e:f0:60:f9:80:17:e0:c6:1c:c7:1d:4d:36:
be:96:dd:a4:8b:7f:9e:2a:0f:51:71:92:e1:91:b0:
99:ef:bd:a3:61:af:68:e0:b3:91:6a:14:46:7a:9d:
9e:09:ff:96:7a:ae:c8:2a:3d:a3:df:73:f8:b2:9c:
30:da:b9:57:b9:a7:fd:0d:92:0e:bf:cb:18:df:4f:
a7:f8:61:80:be:c0:87:8e:f2:61:60:99:ea:2d:0d:
69:ae:68:9f:b9:61:f1:4b:de:dc:c4:6b:21:34:92:
38:23:bb:84:b2:0f:19:59:38:64:69:14:9f:9d:53:
2f:f0:87:cd:04:00:2f:42:d2:34:e2:cf:14:d5:19:
31:f6:f7:63:56:91:ed:7d:eb:35:b0:1b:f5:12:96:
f7:5b:5d:09:75:b1:aa:72:27:5a:92:1e:8a:41:0c:
0a:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:1F:0D:74:B3:DE:27:A4:45:D0:17:ED:80:51:FB:89:13:C7:01:73
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/SR8NdLPeJ6RF0BftgFH7iRPHAXM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
32:8d:20:0f:3d:7d:08:ec:3a:75:1f:47:2c:34:e2:ea:ea:8e:
f1:3b:bf:83:94:0c:91:3b:ba:4c:ff:5a:f5:8a:0d:b0:58:c7:
74:3d:3e:14:16:8d:8b:62:f4:90:87:8b:dc:03:b0:97:27:05:
d1:73:46:73:82:77:78:7f:5b:c6:3a:6e:25:08:a1:6d:ac:5a:
15:21:b9:7d:91:07:d8:3c:23:96:9e:16:8e:f5:84:2d:6c:fc:
ba:ef:0c:11:d7:86:e4:29:85:a2:ed:5a:26:a3:9a:20:7f:b3:
87:6a:ff:cf:ea:45:95:ce:5b:5f:67:dc:5b:1c:e3:8c:06:2b:
c1:cd:55:77:0d:27:bc:e1:69:83:00:5e:1d:44:ac:cf:c0:88:
98:04:62:ac:22:13:79:bf:c4:43:b9:f9:5f:5e:7b:9b:7a:4d:
42:9d:de:cf:49:d7:83:ed:15:7c:44:5e:f7:11:12:2a:99:06:
c0:ed:14:c4:81:43:1b:14:d6:3d:3a:02:de:be:d9:65:ab:f1:
44:d5:76:12:cd:84:01:c2:27:b4:f9:05:35:bc:aa:fd:a8:f7:
d2:bc:3f:01:81:96:fb:9c:9e:70:bf:4a:3e:73:6c:12:e5:11:
70:1f:16:ab:fe:71:d6:92:a5:f4:ea:2f:ca:6f:60:17:5f:31:
60:59:33:de
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGxwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTIw
NTM5NTlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDQ5MUYwRDc0QjNERTI3
QTQ0NUQwMTdFRDgwNTFGQjg5MTNDNzAxNzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQChYJNckEmUa2uR0+CWtbNKDsDBhZrLKTI8lV7g4CPL+koM5/2M
R8LY+AmYf91FhJfJ136BQKlHhPAJXJSeUuP7XItnl5ot16R9JSnWfvwrQ9d3tPc9
D+PMZ2MqDvBg+YAX4MYcxx1NNr6W3aSLf54qD1FxkuGRsJnvvaNhr2jgs5FqFEZ6
nZ4J/5Z6rsgqPaPfc/iynDDauVe5p/0Nkg6/yxjfT6f4YYC+wIeO8mFgmeotDWmu
aJ+5YfFL3tzEayE0kjgju4SyDxlZOGRpFJ+dUy/wh80EAC9C0jTizxTVGTH292NW
ke196zWwG/USlvdbXQl1sapyJ1qSHopBDAq1AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUSR8NdLPeJ6RF0BftgFH7iRPHAXMwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9TUjhOZExQZUo2UkYwQmZ0
Z0ZIN2lSUEhBWE0ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBADKNIA89fQjsOnUfRyw04urqjvE7v4OUDJE7
ukz/WvWKDbBYx3Q9PhQWjYti9JCHi9wDsJcnBdFzRnOCd3h/W8Y6biUIoW2sWhUh
uX2RB9g8I5aeFo71hC1s/LrvDBHXhuQphaLtWiajmiB/s4dq/8/qRZXOW19n3Fsc
44wGK8HNVXcNJ7zhaYMAXh1ErM/AiJgEYqwiE3m/xEO5+V9ee5t6TUKd3s9J14Pt
FXxEXvcREiqZBsDtFMSBQxsU1j06At6+2WWr8UTVdhLNhAHCJ7T5BTW8qv2o99K8
PwGBlvucnnC/Sj5zbBLlEXAfFqv+cdaSpfTqL8pvYBdfMWBZM94=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:55:26 2025 by rpki-client