Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/dB20deBzLWcIQ4TtfuY9U00OvVY.roa
File: dB20deBzLWcIQ4TtfuY9U00OvVY.roa (raw, json)
Hash identifier: C7dNS23zDMZevqHCyPsG7kLLu5heSc95Ui7TP+VQ+Rg=
Subject key identifier: 74:1D:B4:75:E0:73:2D:67:08:43:84:ED:7E:E6:3D:53:4D:0E:BD:56
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1B24
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/dB20deBzLWcIQ4TtfuY9U00OvVY.roa
Signing time: Thu 12 Jun 2025 06:39:50 +0000
ROA not before: Thu 12 Jun 2025 06:39:50 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6948 (0x1b24)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 12 06:39:50 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=741DB475E0732D67084384ED7EE63D534D0EBD56
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:bd:c8:3a:27:17:45:3c:0f:db:dd:d4:94:28:
20:40:f9:60:8a:2a:4e:9f:f9:d2:16:14:28:83:71:
35:f8:27:d0:2c:3c:df:1c:d1:fb:a4:a3:65:ed:7d:
57:71:02:38:b9:22:16:b2:17:2a:6b:d3:3e:df:38:
17:1e:cf:06:4d:5b:b5:30:1f:58:cf:52:0c:3f:e6:
4e:72:dc:14:1e:d1:28:e5:86:65:9f:9d:22:04:1b:
84:b9:1c:73:a9:9b:f4:04:98:4b:f0:86:58:1f:f5:
64:c1:b3:1d:b6:c9:f6:92:b8:9e:78:22:94:e0:a4:
7e:18:00:17:4a:dc:26:f7:eb:a7:0c:19:1f:d0:c9:
25:54:e9:2c:c0:ee:b3:fb:ba:2f:18:5c:5c:a5:d1:
ca:45:ec:4f:f7:49:0b:a7:1f:0f:00:97:e7:ad:93:
ee:39:1f:55:d9:aa:3f:9c:b6:d4:26:bf:89:0f:1d:
57:8c:5d:8a:73:0a:97:9b:04:3a:e8:3b:03:37:7b:
12:b7:67:5c:25:bb:63:4a:16:4e:e4:2e:8c:49:9f:
db:0e:bb:18:5f:21:2b:4d:a6:f4:ba:82:3c:c0:d0:
e6:ea:d6:dd:8b:77:e2:b1:b9:5f:04:4e:04:41:6c:
46:93:bf:44:18:40:cb:61:f0:06:17:13:21:9f:8b:
c3:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:1D:B4:75:E0:73:2D:67:08:43:84:ED:7E:E6:3D:53:4D:0E:BD:56
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/dB20deBzLWcIQ4TtfuY9U00OvVY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
78:64:08:ec:c1:09:5f:00:3c:d5:36:38:1a:07:73:a8:9d:b6:
1d:9c:ac:41:d2:09:2f:da:e3:86:9a:1e:a2:a6:71:51:2f:8f:
0c:2e:d6:46:78:c4:04:9a:bb:96:63:3e:eb:4d:ec:bd:f6:99:
b7:0f:04:d5:72:86:d5:6b:eb:2b:36:b6:84:8f:93:0e:9d:a0:
ed:76:dd:27:41:11:4f:5a:bf:8a:e4:e5:dd:0e:0f:d6:94:c9:
bd:15:25:82:3f:32:9b:17:5b:38:78:63:bc:70:17:fa:04:6b:
1e:d8:c6:18:66:e0:dd:79:3d:26:25:00:17:96:f8:f5:a9:27:
15:bb:f3:c0:0e:d5:27:2a:5e:ab:5c:64:0d:1f:2b:d9:d6:44:
c0:2e:24:52:d4:3e:47:41:1d:ec:2a:99:3f:ba:1b:a9:46:d4:
9a:7b:79:37:9b:85:b3:fc:38:16:62:87:aa:ad:5d:81:70:10:
b4:45:c5:db:b2:a1:9c:39:3f:65:02:eb:2a:1c:93:44:2f:d3:
29:42:02:b2:ec:d0:d6:a1:08:4d:83:c6:5d:08:c0:9d:26:f3:
3e:f5:62:7e:0f:97:86:0b:42:21:3e:5b:d5:1b:01:54:da:2d:
0b:7f:6a:bf:4b:17:ec:7c:32:27:4b:c6:a4:d9:38:8d:87:ec:
8a:8c:f7:5f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGyQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTIw
NjM5NTBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDc0MURCNDc1RTA3MzJE
NjcwODQzODRFRDdFRTYzRDUzNEQwRUJENTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/vcg6JxdFPA/b3dSUKCBA+WCKKk6f+dIWFCiDcTX4J9AsPN8c
0fuko2XtfVdxAji5IhayFypr0z7fOBcezwZNW7UwH1jPUgw/5k5y3BQe0SjlhmWf
nSIEG4S5HHOpm/QEmEvwhlgf9WTBsx22yfaSuJ54IpTgpH4YABdK3Cb366cMGR/Q
ySVU6SzA7rP7ui8YXFyl0cpF7E/3SQunHw8Al+etk+45H1XZqj+cttQmv4kPHVeM
XYpzCpebBDroOwM3exK3Z1wlu2NKFk7kLoxJn9sOuxhfIStNpvS6gjzA0Obq1t2L
d+KxuV8ETgRBbEaTv0QYQMth8AYXEyGfi8MdAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUdB20deBzLWcIQ4TtfuY9U00OvVYwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9kQjIwZGVCekxXY0lRNFR0
ZnVZOVUwME92Vlkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAHhkCOzBCV8APNU2OBoHc6idth2crEHSCS/a
44aaHqKmcVEvjwwu1kZ4xASau5ZjPutN7L32mbcPBNVyhtVr6ys2toSPkw6doO12
3SdBEU9av4rk5d0OD9aUyb0VJYI/MpsXWzh4Y7xwF/oEax7Yxhhm4N15PSYlABeW
+PWpJxW788AO1ScqXqtcZA0fK9nWRMAuJFLUPkdBHewqmT+6G6lG1Jp7eTebhbP8
OBZih6qtXYFwELRFxduyoZw5P2UC6yock0Qv0ylCArLs0NahCE2Dxl0IwJ0m8z71
Yn4Pl4YLQiE+W9UbAVTaLQt/ar9LF+x8MidLxqTZOI2H7IqM918=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:56:24 2025 by rpki-client