Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/_PBAZ50GW8wN1ZSyc2N8-_Gwpwg.roa
File: _PBAZ50GW8wN1ZSyc2N8-_Gwpwg.roa (raw, json)
Hash identifier: vrfJGfLVcUjkwYl9ZYjVTCxX9Eoo6B9hZR+EBQj1M2M=
Subject key identifier: FC:F0:40:67:9D:06:5B:CC:0D:D5:94:B2:73:63:7C:FB:F1:B0:A7:08
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0EC4
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/_PBAZ50GW8wN1ZSyc2N8-_Gwpwg.roa
Signing time: Mon 26 May 2025 18:38:43 +0000
ROA not before: Mon 26 May 2025 18:38:43 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3780 (0xec4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 26 18:38:43 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=FCF040679D065BCC0DD594B273637CFBF1B0A708
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:96:dc:0c:32:85:64:1c:4f:52:77:19:d2:53:
c7:b2:bd:14:36:c3:35:9a:1c:c1:43:0e:3a:2e:b8:
10:3e:d2:ed:cc:97:4a:08:c6:f4:1c:1c:4f:d3:00:
15:db:51:cf:88:de:dc:71:2f:30:96:b0:b0:8d:28:
00:1b:4c:cb:71:01:99:0b:a2:d9:85:e4:21:45:45:
1a:fe:0c:33:2e:71:52:ee:82:8e:55:79:74:47:c1:
f0:d9:4c:48:a5:d9:17:5e:4d:37:76:6d:62:8a:d1:
7d:c6:90:f0:45:e0:53:73:21:44:d5:d6:08:21:25:
75:10:56:7d:25:52:1c:cc:8d:90:80:0b:10:01:04:
4b:dc:61:81:c5:82:b1:f4:f4:dd:3d:93:80:20:6b:
cc:fb:95:0a:58:af:b1:b0:9f:7f:67:95:90:15:ac:
47:66:60:33:bc:7b:59:af:23:ca:96:d6:dc:9a:ee:
11:5b:25:ab:b6:57:b4:a5:e7:87:28:5a:26:e7:36:
5d:5d:75:af:fb:15:6a:f6:62:40:e4:93:2c:cb:17:
5c:4f:ca:f0:7a:ab:ab:69:5b:0e:1e:a3:d2:84:00:
e8:1e:37:0c:ce:2b:d3:e7:2c:d7:3a:b7:9b:5e:bd:
8d:f4:76:64:13:db:3d:73:e5:64:f0:94:9c:e4:61:
a8:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:F0:40:67:9D:06:5B:CC:0D:D5:94:B2:73:63:7C:FB:F1:B0:A7:08
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/_PBAZ50GW8wN1ZSyc2N8-_Gwpwg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
32:f5:dd:6f:40:49:7a:e8:96:8f:21:60:32:4a:36:0f:d1:58:
dc:2e:55:a9:42:2d:4b:60:fb:2f:6c:69:1f:e8:d3:7f:16:ed:
4f:6b:e3:df:8e:f8:61:07:81:b9:9f:b5:d0:2f:fe:ae:fb:37:
11:ff:47:0e:1a:76:6a:d2:ef:b9:c6:2c:94:30:23:8b:ec:8d:
88:6d:37:49:3d:ba:33:2c:27:0d:30:fb:fc:71:53:70:45:88:
51:95:e4:35:69:e4:e6:2e:3c:05:0d:1d:b0:ff:1a:9c:85:d9:
02:c4:0a:4a:e6:c8:bb:9b:c4:f4:08:8d:19:9e:82:55:2a:e7:
9a:fe:29:ee:d8:ed:29:01:4c:c3:60:25:ee:a6:c4:83:f9:22:
7d:19:5d:63:56:4b:ea:25:91:b9:5b:84:65:93:78:16:04:cd:
92:8e:f7:5f:ba:2c:2a:e1:fc:2e:ca:55:dd:65:c6:11:de:91:
9a:ba:f0:d5:81:01:06:b4:68:06:2d:c6:40:76:3f:53:1e:0b:
6c:3a:6c:ef:01:7b:5e:3c:8f:44:c0:1d:8e:7f:e3:1a:2c:36:
8f:3a:73:42:b0:1b:3e:ec:52:f6:16:af:e9:35:e3:97:5f:c0:
9c:a4:7a:e1:cd:45:bd:01:d8:cb:02:32:26:25:55:28:1a:ed:
9a:19:0a:b2
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDsQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjYx
ODM4NDNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEZDRjA0MDY3OUQwNjVC
Q0MwREQ1OTRCMjczNjM3Q0ZCRjFCMEE3MDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDfltwMMoVkHE9SdxnSU8eyvRQ2wzWaHMFDDjouuBA+0u3Ml0oI
xvQcHE/TABXbUc+I3txxLzCWsLCNKAAbTMtxAZkLotmF5CFFRRr+DDMucVLugo5V
eXRHwfDZTEil2RdeTTd2bWKK0X3GkPBF4FNzIUTV1gghJXUQVn0lUhzMjZCACxAB
BEvcYYHFgrH09N09k4Aga8z7lQpYr7Gwn39nlZAVrEdmYDO8e1mvI8qW1tya7hFb
Jau2V7Sl54coWibnNl1dda/7FWr2YkDkkyzLF1xPyvB6q6tpWw4eo9KEAOgeNwzO
K9PnLNc6t5tevY30dmQT2z1z5WTwlJzkYaj7AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU/PBAZ50GW8wN1ZSyc2N8+/GwpwgwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9fUEJBWjUwR1c4d04xWlN5
YzJOOC1fR3dwd2cucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBADL13W9ASXrolo8hYDJKNg/RWNwuValCLUtg
+y9saR/o038W7U9r49+O+GEHgbmftdAv/q77NxH/Rw4admrS77nGLJQwI4vsjYht
N0k9ujMsJw0w+/xxU3BFiFGV5DVp5OYuPAUNHbD/GpyF2QLECkrmyLubxPQIjRme
glUq55r+Ke7Y7SkBTMNgJe6mxIP5In0ZXWNWS+olkblbhGWTeBYEzZKO91+6LCrh
/C7KVd1lxhHekZq68NWBAQa0aAYtxkB2P1MeC2w6bO8Be148j0TAHY5/4xosNo86
c0KwGz7sUvYWr+k145dfwJykeuHNRb0B2MsCMiYlVSga7ZoZCrI=
-----END CERTIFICATE-----
Generated at Sat Jun 21 01:54:42 2025 by rpki-client