Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/ShEZvgkCsVxBI5ZwangouSzI19I.roa
File: ShEZvgkCsVxBI5ZwangouSzI19I.roa (raw, json)
Hash identifier: iVR/TkOhtHOK0lacpKVK/3GMmLRjvWsBX6UWgAl8psM=
Subject key identifier: 4A:11:19:BE:09:02:B1:5C:41:23:96:70:6A:78:28:B9:2C:C8:D7:D2
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1AA8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ShEZvgkCsVxBI5ZwangouSzI19I.roa
Signing time: Wed 11 Jun 2025 15:09:56 +0000
ROA not before: Wed 11 Jun 2025 15:09:56 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6824 (0x1aa8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 11 15:09:56 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=4A1119BE0902B15C412396706A7828B92CC8D7D2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:43:05:3e:4a:2c:53:c9:45:04:f7:63:89:9b:
7c:d7:31:8f:a3:48:5f:75:fe:81:7b:79:67:e4:a4:
1c:25:5f:42:d4:f0:a6:f2:49:fe:88:16:b9:6f:36:
c7:26:66:2d:68:90:46:7d:7a:31:47:1f:09:d2:b6:
71:b5:bd:5f:29:a0:ae:97:e5:c2:50:c5:d3:48:14:
01:50:ea:aa:39:15:fa:64:2f:ec:13:6d:10:42:5b:
48:f9:02:a3:04:d0:c3:af:75:ca:02:d2:62:3e:b1:
36:fe:50:54:20:c3:45:7a:89:7f:24:56:c4:22:d6:
06:b5:57:0c:6d:f6:a6:ee:75:94:72:66:2a:57:40:
98:dc:06:ae:6e:7c:98:06:1e:8a:4b:b0:c5:bb:ae:
7e:82:7d:47:4b:b7:5d:2f:45:27:8a:8a:97:d2:d1:
fa:cb:64:ec:fe:1b:ca:ec:8c:c3:c5:6e:31:27:de:
af:60:bc:77:4b:bd:a4:9f:c6:5c:de:1f:fd:6b:e4:
a8:94:0b:f7:da:ff:f1:b7:34:6e:41:b6:88:e9:47:
1c:84:ba:65:81:b1:4d:2a:cc:92:0d:44:41:a4:43:
72:6a:94:ed:fa:b9:aa:56:89:b3:08:da:e6:b1:0d:
9d:db:a4:c9:f3:9f:4e:88:13:e9:4b:f9:d3:e9:b4:
5c:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:11:19:BE:09:02:B1:5C:41:23:96:70:6A:78:28:B9:2C:C8:D7:D2
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ShEZvgkCsVxBI5ZwangouSzI19I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
15:16:9e:7c:37:22:c5:4a:1d:09:37:02:c9:cb:f0:8c:ab:55:
fd:81:e4:95:6a:e0:02:be:5a:e2:cc:df:b0:72:d4:e9:0c:ee:
57:8c:72:87:25:7c:e9:7d:cb:f9:f5:3e:4d:f6:63:41:f5:03:
b0:21:2f:74:7a:7b:33:6d:fb:dc:3b:e6:4b:ca:b5:4f:57:74:
f3:b2:04:07:54:e4:a4:14:a7:82:9e:3d:9b:20:97:b9:9c:56:
90:a7:2c:3d:65:12:0b:cb:69:c6:01:db:3d:ed:b9:cf:c6:b2:
e5:48:c5:7e:15:bd:83:6e:74:3d:3d:8e:0f:f5:df:98:2f:4e:
99:b6:5b:15:69:e2:79:18:fb:8a:48:31:81:1e:cd:45:c8:73:
0b:f2:44:c5:9a:43:20:ea:bd:6d:3c:1f:ba:88:7c:77:e2:0c:
0c:56:6d:64:4f:63:a1:93:5a:d4:a2:89:0c:4c:19:10:3f:03:
58:eb:f0:db:a8:8c:5c:6a:71:cc:cc:2c:9f:02:dc:7d:13:1c:
bc:c5:bb:67:1e:3f:65:60:7c:c2:93:bf:f5:65:39:da:9d:b2:
b7:89:28:24:d6:be:a1:44:dd:61:2f:83:39:c8:ec:19:91:46:
01:0b:a5:38:a7:55:8b:16:f9:68:8b:0b:6c:00:51:a5:8e:00:
72:5e:33:cb
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGqgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTEx
NTA5NTZaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDRBMTExOUJFMDkwMkIx
NUM0MTIzOTY3MDZBNzgyOEI5MkNDOEQ3RDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEQwU+SixTyUUE92OJm3zXMY+jSF91/oF7eWfkpBwlX0LU8Kby
Sf6IFrlvNscmZi1okEZ9ejFHHwnStnG1vV8poK6X5cJQxdNIFAFQ6qo5FfpkL+wT
bRBCW0j5AqME0MOvdcoC0mI+sTb+UFQgw0V6iX8kVsQi1ga1Vwxt9qbudZRyZipX
QJjcBq5ufJgGHopLsMW7rn6CfUdLt10vRSeKipfS0frLZOz+G8rsjMPFbjEn3q9g
vHdLvaSfxlzeH/1r5KiUC/fa//G3NG5BtojpRxyEumWBsU0qzJINREGkQ3JqlO36
uapWibMI2uaxDZ3bpMnzn06IE+lL+dPptFwRAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUShEZvgkCsVxBI5ZwangouSzI19IwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9TaEVadmdrQ3NWeEJJNVp3
YW5nb3VTekkxOUkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBABUWnnw3IsVKHQk3AsnL8IyrVf2B5JVq4AK+
WuLM37By1OkM7leMcoclfOl9y/n1Pk32Y0H1A7AhL3R6ezNt+9w75kvKtU9XdPOy
BAdU5KQUp4KePZsgl7mcVpCnLD1lEgvLacYB2z3tuc/GsuVIxX4VvYNudD09jg/1
35gvTpm2WxVp4nkY+4pIMYEezUXIcwvyRMWaQyDqvW08H7qIfHfiDAxWbWRPY6GT
WtSiiQxMGRA/A1jr8NuojFxqcczMLJ8C3H0THLzFu2ceP2VgfMKTv/VlOdqdsreJ
KCTWvqFE3WEvgznI7BmRRgELpTinVYsW+WiLC2wAUaWOAHJeM8s=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:52:48 2025 by rpki-client