Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/ZEBMOZAcxIOCus576p7uT1PrJpc.roa
File: ZEBMOZAcxIOCus576p7uT1PrJpc.roa (raw, json)
Hash identifier: 1ZutsYNl5sWZOSWydDucoU3iOCI8XP9aU3qrAjCrnYM=
Subject key identifier: 64:40:4C:39:90:1C:C4:83:82:BA:CE:7B:EA:9E:EE:4F:53:EB:26:97
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0540
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ZEBMOZAcxIOCus576p7uT1PrJpc.roa
Signing time: Wed 14 May 2025 02:08:00 +0000
ROA not before: Wed 14 May 2025 02:08:00 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1344 (0x540)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 14 02:08:00 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=64404C39901CC48382BACE7BEA9EEE4F53EB2697
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:0c:b1:54:94:45:4b:2f:5d:9d:cf:9d:bb:59:
2f:48:60:28:6e:12:4d:95:7c:52:03:06:67:05:21:
00:7d:11:7e:a8:d4:9e:38:fa:df:a3:ad:e7:dd:02:
50:1f:e8:80:65:99:ad:77:be:77:75:54:dd:ee:15:
4e:6f:e6:60:98:30:91:00:c2:10:55:70:47:ad:08:
66:e9:d5:49:0d:bf:28:45:4d:e2:97:d2:4b:47:b2:
80:43:f7:95:dc:25:b7:27:d3:4d:a8:3b:bd:12:75:
85:cd:f2:48:7d:42:b5:4c:2b:6e:02:ce:8f:c1:1d:
57:6c:37:a1:52:7a:1d:6d:7a:bc:4a:a6:ec:87:3b:
ea:e5:a6:d7:6a:7f:e2:9b:9b:9b:37:90:e8:c3:41:
92:1a:a0:4b:4f:61:37:3b:b1:54:c0:70:16:83:2e:
31:7e:d8:6e:6e:4f:d9:f1:bb:6c:79:f7:13:e8:95:
82:98:a6:45:f5:f5:2b:15:87:d6:d4:74:11:a5:f5:
51:cb:9b:27:05:7f:56:c6:c0:67:ee:da:ac:88:c3:
a9:26:a3:86:84:13:62:14:fd:dc:1f:6e:cc:3c:f7:
91:9c:53:fd:69:1d:c4:9a:45:f4:93:60:c9:d4:03:
ed:2b:69:c4:49:e8:7a:f0:d1:51:2c:ac:7a:1f:0b:
81:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:40:4C:39:90:1C:C4:83:82:BA:CE:7B:EA:9E:EE:4F:53:EB:26:97
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ZEBMOZAcxIOCus576p7uT1PrJpc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
23:69:a0:14:dc:83:95:ec:72:aa:f3:f2:cb:f0:5a:9c:06:d9:
d1:2e:92:6f:89:0a:0b:45:3e:ca:11:76:a2:b2:03:9e:57:f4:
f3:d8:77:7f:b4:4c:74:80:a9:33:45:5b:85:d4:68:ae:01:d2:
07:f6:0e:a2:a2:0f:82:4b:f0:64:4d:3a:58:aa:bc:03:93:03:
3a:dc:f8:97:f5:64:e8:58:82:26:b4:a7:c8:e0:35:d3:33:2a:
ca:f6:51:b1:f9:77:88:40:e9:24:8c:66:07:bb:ae:08:26:62:
62:4e:82:48:d3:86:78:61:ba:e1:6a:1c:06:e6:f5:ed:a9:61:
4c:5f:60:31:88:b0:5c:1d:eb:2d:c1:df:b3:95:af:a5:e3:fe:
61:ac:51:83:dd:79:e3:a6:46:cb:ff:b6:49:5e:91:c4:8c:90:
53:42:d5:a4:a2:d6:a4:fd:f0:20:26:76:24:79:d0:79:3f:20:
9e:9a:13:18:b9:5a:7b:84:83:d1:3b:a3:62:48:2c:03:0f:e6:
74:9e:86:39:40:fb:bc:58:49:80:41:24:41:cf:a5:88:ee:b1:
cf:69:b8:c5:2f:63:b1:8e:b4:66:52:3c:75:92:2e:d9:76:b6:
a2:48:79:a1:f1:75:8a:b1:e4:83:85:61:54:bd:4a:1e:bc:f7:
ff:97:89:c6
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBUAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTQw
MjA4MDBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDY0NDA0QzM5OTAxQ0M0
ODM4MkJBQ0U3QkVBOUVFRTRGNTNFQjI2OTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHDLFUlEVLL12dz527WS9IYChuEk2VfFIDBmcFIQB9EX6o1J44
+t+jrefdAlAf6IBlma13vnd1VN3uFU5v5mCYMJEAwhBVcEetCGbp1UkNvyhFTeKX
0ktHsoBD95XcJbcn002oO70SdYXN8kh9QrVMK24Czo/BHVdsN6FSeh1terxKpuyH
O+rlptdqf+Kbm5s3kOjDQZIaoEtPYTc7sVTAcBaDLjF+2G5uT9nxu2x59xPolYKY
pkX19SsVh9bUdBGl9VHLmycFf1bGwGfu2qyIw6kmo4aEE2IU/dwfbsw895GcU/1p
HcSaRfSTYMnUA+0racRJ6Hrw0VEsrHofC4GLAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUZEBMOZAcxIOCus576p7uT1PrJpcwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9aRUJNT1pBY3hJT0N1czU3
NnA3dVQxUHJKcGMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACNpoBTcg5Xscqrz8svwWpwG2dEukm+JCgtF
PsoRdqKyA55X9PPYd3+0THSAqTNFW4XUaK4B0gf2DqKiD4JL8GRNOliqvAOTAzrc
+Jf1ZOhYgia0p8jgNdMzKsr2UbH5d4hA6SSMZge7rggmYmJOgkjThnhhuuFqHAbm
9e2pYUxfYDGIsFwd6y3B37OVr6Xj/mGsUYPdeeOmRsv/tklekcSMkFNC1aSi1qT9
8CAmdiR50Hk/IJ6aExi5WnuEg9E7o2JILAMP5nSehjlA+7xYSYBBJEHPpYjusc9p
uMUvY7GOtGZSPHWSLtl2tqJIeaHxdYqx5IOFYVS9Sh689/+XicY=
-----END CERTIFICATE-----
Generated at Sat Jun 21 20:24:08 2025 by rpki-client