Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/ZWdazLfH_XwBfoNvHlnPhOK4ZQ0.roa
File: ZWdazLfH_XwBfoNvHlnPhOK4ZQ0.roa (raw, json)
Hash identifier: TCTsaUuPio0OLYeFFItbcxWknMvDP1moCahgSgvnjmE=
Subject key identifier: 65:67:5A:CC:B7:C7:FD:7C:01:7E:83:6F:1E:59:CF:84:E2:B8:65:0D
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1B30
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ZWdazLfH_XwBfoNvHlnPhOK4ZQ0.roa
Signing time: Thu 12 Jun 2025 08:09:54 +0000
ROA not before: Thu 12 Jun 2025 08:09:54 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6960 (0x1b30)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 12 08:09:54 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=65675ACCB7C7FD7C017E836F1E59CF84E2B8650D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:91:25:bc:25:60:68:91:25:b2:37:8c:d0:8d:
91:cd:3f:31:a8:a7:9c:a4:d7:36:f6:86:d7:f6:d2:
62:38:0b:a3:79:b7:12:b2:77:7e:58:5e:7f:9a:ec:
29:2a:63:7c:25:73:73:16:f3:92:d8:61:04:60:90:
10:78:29:86:f4:ac:0d:78:ca:07:92:17:63:92:34:
5a:1b:3d:ed:bc:ee:41:59:88:ba:b8:19:d9:55:7c:
49:a5:49:0e:eb:62:45:1e:e2:e8:78:28:49:26:bf:
b4:1b:d5:11:c9:7b:8f:b8:2e:e8:d2:b0:a0:4e:7d:
30:54:a1:f0:e4:d0:58:62:54:47:4c:ea:f3:e2:fa:
ef:3a:e5:35:15:07:e1:1b:7e:2e:3f:ff:7d:59:a6:
9e:02:01:5a:0d:b1:66:cb:e0:bd:63:3c:00:6c:4b:
0b:f4:d8:47:c6:05:08:2b:d9:35:eb:67:29:a4:06:
fd:08:c5:c2:7c:16:4b:c2:8e:63:14:e0:ba:b6:70:
79:f2:77:d5:0d:1d:93:20:ec:f4:c4:49:92:ba:b4:
77:69:4e:e6:b1:02:e1:4e:d9:67:b4:de:a2:f6:e9:
14:37:75:4e:b7:83:03:32:06:4c:c3:a1:a2:85:23:
3a:64:a3:62:56:e8:73:af:7f:3e:9e:89:cb:d2:ab:
ab:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:67:5A:CC:B7:C7:FD:7C:01:7E:83:6F:1E:59:CF:84:E2:B8:65:0D
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ZWdazLfH_XwBfoNvHlnPhOK4ZQ0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
25:a3:bd:78:d9:d8:22:91:8e:16:60:05:b1:5b:05:3c:88:33:
d3:70:f7:84:82:8a:96:e3:0d:8f:70:32:47:ec:b4:d7:e2:3c:
20:7f:81:53:fe:df:f7:f1:b6:09:ed:3d:9f:0f:0e:56:5c:95:
71:54:0c:71:e8:85:4a:1a:77:c4:9f:e5:66:08:df:3a:ef:b7:
1a:48:17:27:7e:fa:77:61:c0:c5:28:ea:3e:c8:92:72:65:98:
22:bd:fa:35:40:53:8c:fd:53:48:59:0c:8d:f2:29:eb:6a:1e:
f5:94:e0:8a:73:93:32:8f:aa:18:94:12:9e:47:76:19:d7:39:
f5:f6:34:c5:01:7a:dd:96:a8:21:20:36:ce:4c:13:b0:b3:27:
e9:a4:21:5f:c9:db:b8:70:6c:de:f6:8c:c6:9a:e5:a6:73:8e:
82:7b:8a:80:50:bd:49:76:49:70:74:cf:87:3a:03:f9:eb:f0:
5a:22:e8:1b:9d:3d:12:59:b5:37:31:6a:0b:0f:56:64:ac:ff:
89:67:91:d1:74:12:98:ad:ce:c7:6e:4f:62:ad:1c:f6:32:ac:
82:15:e3:81:6e:03:dd:e8:56:72:31:d9:57:a2:72:85:c3:5d:
f5:4f:aa:d2:7a:c0:17:59:b6:a6:b9:8f:b5:e6:46:d9:87:bb:
88:06:76:ec
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGzAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTIw
ODA5NTRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDY1Njc1QUNDQjdDN0ZE
N0MwMTdFODM2RjFFNTlDRjg0RTJCODY1MEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLkSW8JWBokSWyN4zQjZHNPzGop5yk1zb2htf20mI4C6N5txKy
d35YXn+a7CkqY3wlc3MW85LYYQRgkBB4KYb0rA14ygeSF2OSNFobPe287kFZiLq4
GdlVfEmlSQ7rYkUe4uh4KEkmv7Qb1RHJe4+4LujSsKBOfTBUofDk0FhiVEdM6vPi
+u865TUVB+Ebfi4//31Zpp4CAVoNsWbL4L1jPABsSwv02EfGBQgr2TXrZymkBv0I
xcJ8FkvCjmMU4Lq2cHnyd9UNHZMg7PTESZK6tHdpTuaxAuFO2We03qL26RQ3dU63
gwMyBkzDoaKFIzpko2JW6HOvfz6eicvSq6sTAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUZWdazLfH/XwBfoNvHlnPhOK4ZQ0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9aV2RhekxmSF9Yd0Jmb052
SGxuUGhPSzRaUTAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACWjvXjZ2CKRjhZgBbFbBTyIM9Nw94SCipbj
DY9wMkfstNfiPCB/gVP+3/fxtgntPZ8PDlZclXFUDHHohUoad8Sf5WYI3zrvtxpI
Fyd++ndhwMUo6j7IknJlmCK9+jVAU4z9U0hZDI3yKetqHvWU4IpzkzKPqhiUEp5H
dhnXOfX2NMUBet2WqCEgNs5ME7CzJ+mkIV/J27hwbN72jMaa5aZzjoJ7ioBQvUl2
SXB0z4c6A/nr8Foi6BudPRJZtTcxagsPVmSs/4lnkdF0EpitzsduT2KtHPYyrIIV
44FuA93oVnIx2VeicoXDXfVPqtJ6wBdZtqa5j7XmRtmHu4gGduw=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:40:22 2025 by rpki-client