Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/Xgwfvi5GdsWikySpxWwsXttyo1g.roa
File: Xgwfvi5GdsWikySpxWwsXttyo1g.roa (raw, json)
Hash identifier: 0jGaSioPKUJFYnw5nd2SiJ048TOY/1PJkjw1j61DAcY=
Subject key identifier: 5E:0C:1F:BE:2E:46:76:C5:A2:93:24:A9:C5:6C:2C:5E:DB:72:A3:58
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1A78
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Xgwfvi5GdsWikySpxWwsXttyo1g.roa
Signing time: Wed 11 Jun 2025 09:09:46 +0000
ROA not before: Wed 11 Jun 2025 09:09:46 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6776 (0x1a78)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 11 09:09:46 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=5E0C1FBE2E4676C5A29324A9C56C2C5EDB72A358
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f7:d1:96:3a:72:02:a8:6d:85:16:78:df:4d:0a:
f1:b2:c4:96:b0:60:a3:b5:2d:04:54:9b:46:7e:ad:
8a:b5:b4:ca:1f:d2:af:e4:90:0f:b8:a2:f4:0a:36:
0d:c6:85:c4:13:95:f0:91:1d:f5:57:25:6b:b3:b3:
b8:e3:83:02:97:d8:62:6c:2f:2a:bf:ca:ed:67:ce:
9f:a2:b7:35:a0:66:8f:98:5c:09:dd:10:b5:db:84:
30:a0:21:c8:e7:f7:c0:95:ac:67:65:1a:e1:98:cc:
3d:3d:ae:56:8a:b9:29:28:de:f7:3c:4f:e3:3f:b4:
be:e4:ac:0d:8d:21:2f:37:66:3b:ce:8e:1e:9a:67:
3b:a6:28:57:63:0f:f5:3d:61:03:72:43:f3:5e:0e:
83:ab:7f:34:c7:71:f5:fa:37:87:b5:5e:58:cb:be:
ce:ec:03:cf:a4:11:e4:ac:d5:80:0c:da:9d:5f:72:
be:e7:89:c7:74:b6:bb:ab:8d:54:97:dc:58:23:a0:
54:20:ff:ad:d6:61:07:ca:86:04:fd:19:9b:5c:c9:
15:e5:c6:d5:8c:2d:88:67:cf:24:fd:54:3c:a7:39:
02:20:39:37:e0:6a:6f:ab:65:ee:b0:fb:58:eb:7c:
ab:a0:5f:0a:d7:5b:25:dc:f9:ea:ad:6a:82:6a:c4:
19:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:0C:1F:BE:2E:46:76:C5:A2:93:24:A9:C5:6C:2C:5E:DB:72:A3:58
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Xgwfvi5GdsWikySpxWwsXttyo1g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3e:6d:46:b2:eb:ab:a9:46:26:b2:9b:95:df:6f:dc:99:24:02:
93:01:7e:d8:c5:57:64:e1:d3:b9:54:9d:77:b0:75:85:97:a6:
90:d1:2d:4e:4a:8e:69:cf:0c:dc:b5:b9:a2:60:d3:e8:2c:c3:
d9:c9:90:d5:19:b1:54:02:3d:b4:b4:c0:3e:b4:87:46:09:b4:
c6:2b:11:56:b1:2a:68:81:75:7a:78:51:4f:17:4e:6d:a3:72:
6d:2a:ae:12:1b:87:4d:31:38:dd:04:79:9a:46:19:c2:16:39:
84:aa:54:44:4b:e4:99:8e:80:5f:88:85:7c:a2:42:ca:ce:5a:
c1:96:13:b6:58:2c:04:1c:b4:c9:45:71:eb:64:e7:8a:93:cb:
48:91:41:a0:f6:50:cc:15:a7:17:a9:98:27:ff:cc:67:ec:96:
26:70:b9:24:3a:1b:81:28:da:ea:50:69:6d:c9:b8:41:fa:d8:
27:39:96:8f:45:24:63:09:ff:18:c1:57:72:72:a7:94:9e:fb:
51:92:69:b9:93:23:3a:4a:0c:ae:04:21:14:c8:73:20:26:dc:
0f:18:c7:65:a4:05:77:56:70:14:2e:86:e4:da:35:38:b0:84:
0c:e7:c1:d4:1b:99:be:cf:8d:56:31:0b:27:bb:b1:43:0a:14:
ce:fa:59:ff
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGngwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTEw
OTA5NDZaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDVFMEMxRkJFMkU0Njc2
QzVBMjkzMjRBOUM1NkMyQzVFREI3MkEzNTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD30ZY6cgKobYUWeN9NCvGyxJawYKO1LQRUm0Z+rYq1tMof0q/k
kA+4ovQKNg3GhcQTlfCRHfVXJWuzs7jjgwKX2GJsLyq/yu1nzp+itzWgZo+YXAnd
ELXbhDCgIcjn98CVrGdlGuGYzD09rlaKuSko3vc8T+M/tL7krA2NIS83ZjvOjh6a
ZzumKFdjD/U9YQNyQ/NeDoOrfzTHcfX6N4e1XljLvs7sA8+kEeSs1YAM2p1fcr7n
icd0trurjVSX3FgjoFQg/63WYQfKhgT9GZtcyRXlxtWMLYhnzyT9VDynOQIgOTfg
am+rZe6w+1jrfKugXwrXWyXc+eqtaoJqxBktAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUXgwfvi5GdsWikySpxWwsXttyo1gwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9YZ3dmdmk1R2RzV2lreVNw
eFd3c1h0dHlvMWcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAD5tRrLrq6lGJrKbld9v3JkkApMBftjFV2Th
07lUnXewdYWXppDRLU5KjmnPDNy1uaJg0+gsw9nJkNUZsVQCPbS0wD60h0YJtMYr
EVaxKmiBdXp4UU8XTm2jcm0qrhIbh00xON0EeZpGGcIWOYSqVERL5JmOgF+IhXyi
QsrOWsGWE7ZYLAQctMlFcetk54qTy0iRQaD2UMwVpxepmCf/zGfsliZwuSQ6G4Eo
2upQaW3JuEH62Cc5lo9FJGMJ/xjBV3Jyp5Se+1GSabmTIzpKDK4EIRTIcyAm3A8Y
x2WkBXdWcBQuhuTaNTiwhAznwdQbmb7PjVYxCye7sUMKFM76Wf8=
-----END CERTIFICATE-----
Generated at Fri Jun 20 11:42:43 2025 by rpki-client