Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/YZmIossvpHRl4DD7ZmLmthSIBKE.roa
File: YZmIossvpHRl4DD7ZmLmthSIBKE.roa (raw, json)
Hash identifier: M69woy6GbeKjaJmrXk1Ci0JmSs3ck4SCGvtRT/i7XKk=
Subject key identifier: 61:99:88:A2:CB:2F:A4:74:65:E0:30:FB:66:62:E6:B6:14:88:04:A1
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0F38
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/YZmIossvpHRl4DD7ZmLmthSIBKE.roa
Signing time: Tue 27 May 2025 09:08:48 +0000
ROA not before: Tue 27 May 2025 09:08:48 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3896 (0xf38)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 27 09:08:48 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=619988A2CB2FA47465E030FB6662E6B6148804A1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:b1:fb:68:bd:a1:18:c9:57:37:86:bd:00:50:
61:15:37:8b:89:de:91:7e:7d:a6:01:b4:73:c3:e8:
f9:26:b0:a9:c8:63:02:a2:36:f8:23:f8:5b:04:88:
c8:e3:75:99:6a:74:98:46:82:0f:9d:9a:c4:13:b3:
ee:94:7e:ed:24:c2:cd:a8:a6:8d:0e:87:f7:b8:a0:
99:20:70:ef:4d:03:13:22:8d:7d:9a:c5:9e:c5:49:
fb:9b:8b:c5:30:b3:3d:90:e4:0c:a4:6c:22:6e:62:
d7:b4:e0:2f:6f:57:98:04:d1:ca:75:7c:78:a7:27:
b5:51:c8:eb:74:aa:12:17:b9:9e:da:66:b9:56:fa:
cd:3d:ee:29:af:ed:ff:b0:ec:37:4b:1f:63:ff:d8:
59:8b:a5:eb:7e:a4:45:36:5b:2f:05:e1:24:78:52:
17:72:3e:0d:fe:50:eb:0b:a6:c9:73:df:38:1e:75:
14:b0:09:48:c4:87:aa:96:ad:94:6d:cc:3c:ac:d0:
cd:7d:b2:a7:06:74:f1:c0:d3:e1:31:22:b0:b1:c0:
0c:7b:e3:20:a9:ce:44:3d:b6:79:f9:7f:09:05:04:
3b:08:93:18:94:25:07:ba:03:1e:83:bb:fd:3d:88:
db:ff:1e:4b:db:48:e4:02:59:47:1a:fb:7b:0c:9b:
e8:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:99:88:A2:CB:2F:A4:74:65:E0:30:FB:66:62:E6:B6:14:88:04:A1
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/YZmIossvpHRl4DD7ZmLmthSIBKE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
12:c3:31:e1:68:18:24:8b:12:30:46:93:87:66:9b:3d:63:61:
1d:70:45:6d:d0:8f:5a:86:6d:14:9a:38:eb:59:2e:d8:91:f0:
ce:d3:28:f4:e7:8f:dc:b8:bd:de:81:2b:a6:4f:be:c2:68:4f:
2c:98:3a:d7:46:ba:9c:13:89:40:31:eb:56:3e:62:cd:d9:45:
d9:a9:0d:76:4c:df:c7:30:e0:70:b8:81:ea:16:df:5a:77:0b:
41:00:11:0c:a3:a5:c0:44:07:53:0b:49:11:24:6f:bc:54:e5:
75:18:78:0f:0e:e4:c4:44:e0:62:ce:d5:85:b9:10:e0:61:f3:
a1:38:cf:ca:dc:e3:65:09:5c:a1:de:c6:50:23:a2:ea:1a:3a:
07:37:26:08:90:77:3c:55:f7:3e:c2:2b:27:d5:be:f6:63:1b:
4e:03:70:77:03:04:19:f0:80:20:50:de:72:72:1e:51:5d:42:
2e:4a:bd:dc:e5:6a:18:4b:45:43:ae:73:a0:eb:2b:b9:6f:e6:
c7:f0:41:22:8a:e5:0a:7c:de:78:e2:0b:79:b8:37:0a:d4:43:
86:51:58:91:6d:e4:54:0a:44:7c:c9:5b:b3:13:76:49:a3:9a:
38:8a:34:18:fe:67:d5:83:ff:e7:64:cd:30:51:56:3c:aa:85:
e9:7b:6f:9b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDzgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1Mjcw
OTA4NDhaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDYxOTk4OEEyQ0IyRkE0
NzQ2NUUwMzBGQjY2NjJFNkI2MTQ4ODA0QTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCnsftovaEYyVc3hr0AUGEVN4uJ3pF+faYBtHPD6PkmsKnIYwKi
Nvgj+FsEiMjjdZlqdJhGgg+dmsQTs+6Ufu0kws2opo0Oh/e4oJkgcO9NAxMijX2a
xZ7FSfubi8Uwsz2Q5AykbCJuYte04C9vV5gE0cp1fHinJ7VRyOt0qhIXuZ7aZrlW
+s097imv7f+w7DdLH2P/2FmLpet+pEU2Wy8F4SR4UhdyPg3+UOsLpslz3zgedRSw
CUjEh6qWrZRtzDys0M19sqcGdPHA0+ExIrCxwAx74yCpzkQ9tnn5fwkFBDsIkxiU
JQe6Ax6Du/09iNv/HkvbSOQCWUca+3sMm+jdAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUYZmIossvpHRl4DD7ZmLmthSIBKEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9ZWm1Jb3NzdnBIUmw0REQ3
Wm1MbXRoU0lCS0Uucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBABLDMeFoGCSLEjBGk4dmmz1jYR1wRW3Qj1qG
bRSaOOtZLtiR8M7TKPTnj9y4vd6BK6ZPvsJoTyyYOtdGupwTiUAx61Y+Ys3ZRdmp
DXZM38cw4HC4geoW31p3C0EAEQyjpcBEB1MLSREkb7xU5XUYeA8O5MRE4GLO1YW5
EOBh86E4z8rc42UJXKHexlAjouoaOgc3JgiQdzxV9z7CKyfVvvZjG04DcHcDBBnw
gCBQ3nJyHlFdQi5KvdzlahhLRUOuc6DrK7lv5sfwQSKK5Qp83njiC3m4NwrUQ4ZR
WJFt5FQKRHzJW7MTdkmjmjiKNBj+Z9WD/+dkzTBRVjyqhel7b5s=
-----END CERTIFICATE-----
Generated at Fri Jun 20 17:39:47 2025 by rpki-client