Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/YkYXeQBEr0ID7jmQ9Ya0N6Rw4IY.roa
File: YkYXeQBEr0ID7jmQ9Ya0N6Rw4IY.roa (raw, json)
Hash identifier: 1y4+tLG0hSGzMyZODzbcOok1WVvXVpffqvzSDZiMU6o=
Subject key identifier: 62:46:17:79:00:44:AF:42:03:EE:39:90:F5:86:B4:37:A4:70:E0:86
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1564
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/YkYXeQBEr0ID7jmQ9Ya0N6Rw4IY.roa
Signing time: Wed 04 Jun 2025 14:39:21 +0000
ROA not before: Wed 04 Jun 2025 14:39:21 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5476 (0x1564)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 4 14:39:21 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=624617790044AF4203EE3990F586B437A470E086
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:d6:1c:05:23:d5:6e:c3:6e:ee:2d:42:e0:b5:
e9:bd:1b:68:27:04:b9:bf:67:0a:6b:77:a9:04:9d:
37:2e:4d:a3:dc:a6:29:b2:0a:b3:72:1e:4c:13:b9:
c3:f4:15:c0:23:35:11:04:b2:e6:11:f6:7b:82:eb:
07:19:66:91:ce:5d:25:07:a7:b1:5b:d9:68:63:26:
1b:03:37:64:0f:8a:c2:d0:67:71:d5:32:dc:70:ff:
c2:ca:cc:95:5f:42:d9:3e:00:a7:c1:e1:68:7b:c6:
88:f8:47:50:72:04:00:09:23:ac:60:05:b4:a7:93:
fd:21:ff:c0:ff:2e:fc:30:d3:41:78:18:0f:60:d2:
22:28:9a:de:bc:a4:e0:f2:7a:0a:bb:b1:3f:2f:40:
ae:2b:6b:6f:06:97:5b:88:33:29:fe:76:03:8d:0a:
98:ff:95:ad:a8:bf:41:bd:00:de:c2:00:82:12:57:
36:d3:06:e6:c2:5b:44:99:87:e3:ae:4d:8b:7d:ea:
39:19:ea:b8:c7:6c:08:d4:e7:2f:b0:69:5a:d0:a1:
bc:43:ad:85:86:7a:7d:7c:db:4a:c9:ae:cf:fc:0d:
a6:7c:ee:0f:50:3b:4f:de:9a:4c:f4:49:2f:2d:ec:
11:50:46:7b:3c:62:69:de:45:1b:e6:36:14:92:eb:
72:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:46:17:79:00:44:AF:42:03:EE:39:90:F5:86:B4:37:A4:70:E0:86
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/YkYXeQBEr0ID7jmQ9Ya0N6Rw4IY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6b:60:1a:f0:9a:05:e7:c1:45:5b:b5:1d:3d:00:7f:21:39:ab:
be:a9:99:5a:be:7a:21:20:d4:45:48:7f:ae:6e:cd:0c:25:e6:
1e:1d:68:b6:75:35:b0:ff:fb:7c:61:ca:7e:d4:13:e4:9a:3b:
b5:73:2d:83:5e:e2:62:83:f5:b5:1b:9d:08:92:d3:27:21:29:
3d:41:f1:7a:e3:e3:c0:67:b5:13:c8:91:cd:a7:2f:96:cf:eb:
44:f9:76:75:7e:54:cb:df:94:63:d7:eb:17:a8:28:09:48:24:
84:11:3b:82:42:ef:f0:fb:9f:ab:d1:f4:5b:93:a9:a9:ec:f0:
04:c8:e8:dd:1c:ee:ec:0e:86:51:d5:5b:63:e1:34:72:38:ea:
e9:77:f1:9c:ef:de:46:c4:f0:b0:4d:0f:77:20:63:1d:45:39:
58:8b:83:92:a0:b2:5a:74:fd:b2:7d:06:02:e2:c8:f4:0e:f1:
b2:83:26:a4:18:b9:88:7d:7d:c2:ef:71:5c:cb:3d:3e:9c:cd:
ea:d9:85:a0:c0:c3:29:17:c8:2d:73:d2:30:bc:54:ed:1a:e1:
35:1b:bc:2b:ea:dc:32:2a:6f:b2:b3:ce:f5:7c:86:33:56:f5:
1f:67:83:a3:5d:c8:60:b0:25:f8:67:82:05:ee:f2:34:c7:0f:
bc:48:d0:f1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFWQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDQx
NDM5MjFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDYyNDYxNzc5MDA0NEFG
NDIwM0VFMzk5MEY1ODZCNDM3QTQ3MEUwODYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCh1hwFI9Vuw27uLULgtem9G2gnBLm/Zwprd6kEnTcuTaPcpimy
CrNyHkwTucP0FcAjNREEsuYR9nuC6wcZZpHOXSUHp7Fb2WhjJhsDN2QPisLQZ3HV
Mtxw/8LKzJVfQtk+AKfB4Wh7xoj4R1ByBAAJI6xgBbSnk/0h/8D/Lvww00F4GA9g
0iIomt68pODyegq7sT8vQK4ra28Gl1uIMyn+dgONCpj/la2ov0G9AN7CAIISVzbT
BubCW0SZh+OuTYt96jkZ6rjHbAjU5y+waVrQobxDrYWGen1820rJrs/8DaZ87g9Q
O0/emkz0SS8t7BFQRns8YmneRRvmNhSS63JDAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUYkYXeQBEr0ID7jmQ9Ya0N6Rw4IYwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9Za1lYZVFCRXIwSUQ3am1R
OVlhME42Unc0SVkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAGtgGvCaBefBRVu1HT0AfyE5q76pmVq+eiEg
1EVIf65uzQwl5h4daLZ1NbD/+3xhyn7UE+SaO7VzLYNe4mKD9bUbnQiS0ychKT1B
8Xrj48BntRPIkc2nL5bP60T5dnV+VMvflGPX6xeoKAlIJIQRO4JC7/D7n6vR9FuT
qans8ATI6N0c7uwOhlHVW2PhNHI46ul38Zzv3kbE8LBND3cgYx1FOViLg5Kgslp0
/bJ9BgLiyPQO8bKDJqQYuYh9fcLvcVzLPT6czerZhaDAwykXyC1z0jC8VO0a4TUb
vCvq3DIqb7KzzvV8hjNW9R9ng6NdyGCwJfhnggXu8jTHD7xI0PE=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:18:40 2025 by rpki-client