Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/fjRllcQar8UqiK3axHmEEV7DxTE.roa
File: fjRllcQar8UqiK3axHmEEV7DxTE.roa (raw, json)
Hash identifier: V/INuGLq1JwDyGiMHBZou4vQF7tsl81HrVKc03SbQvU=
Subject key identifier: 7E:34:65:95:C4:1A:AF:C5:2A:88:AD:DA:C4:79:84:11:5E:C3:C5:31
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1BEC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/fjRllcQar8UqiK3axHmEEV7DxTE.roa
Signing time: Fri 13 Jun 2025 07:39:52 +0000
ROA not before: Fri 13 Jun 2025 07:39:52 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7148 (0x1bec)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 13 07:39:52 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=7E346595C41AAFC52A88ADDAC47984115EC3C531
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:40:ed:77:ff:57:d7:bc:5b:57:35:a5:ee:bb:
e7:11:ac:9c:a8:bc:6d:5a:d1:47:3c:00:cc:47:46:
ae:a1:ad:fb:b7:df:ce:84:02:e6:11:8e:1c:a1:9e:
2e:37:e3:83:2d:3b:68:60:62:6d:ff:9a:bb:3a:19:
31:9f:a1:1a:3a:03:70:b5:3f:8f:72:ab:93:3e:30:
5a:ee:0c:6a:66:38:e6:e2:68:aa:00:03:e7:7a:11:
57:d2:29:86:3c:79:6b:e8:e8:fa:4f:f4:5c:63:33:
9c:68:26:16:d7:a9:3b:d0:35:95:6f:0f:a4:63:f8:
a8:b8:9d:42:cc:16:96:9e:08:d5:c8:5a:41:19:f9:
8d:57:c8:56:09:f1:40:68:b5:32:ba:f4:eb:91:2a:
46:70:38:b3:8e:65:7f:8e:26:8d:68:c9:ad:a6:a3:
3a:8e:f1:d8:1e:51:7c:76:67:15:d8:45:cb:64:aa:
1f:ac:9f:66:9d:cb:46:be:fb:05:1f:d0:b6:1e:97:
04:d5:93:02:f3:3e:3f:73:b5:69:c3:f0:5c:c5:cc:
4a:8f:5d:33:6f:f1:67:0f:87:88:b5:d0:a4:b9:7f:
97:05:e5:f0:83:e6:a4:8c:e7:1a:e0:1f:9a:87:37:
e7:8c:21:c3:89:91:1f:a5:ef:27:73:30:d6:03:01:
c3:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:34:65:95:C4:1A:AF:C5:2A:88:AD:DA:C4:79:84:11:5E:C3:C5:31
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/fjRllcQar8UqiK3axHmEEV7DxTE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8c:33:40:32:e8:f0:90:85:94:01:d8:0d:54:14:1b:3b:9e:12:
f5:49:70:87:22:e7:4e:26:f1:80:9d:a2:33:64:95:51:c9:50:
a8:95:18:a0:ed:97:22:e5:4b:e4:2b:a1:17:8b:c7:44:b4:f1:
17:e0:2d:b1:34:d3:5b:1d:b2:18:a0:15:35:18:f5:62:cd:d9:
47:28:5f:17:c3:17:20:bf:b2:7f:0f:13:df:e7:2a:0c:a3:45:
fa:27:5c:c2:54:2e:94:ea:f2:3a:b3:66:71:40:90:2e:02:0d:
16:8c:00:14:a9:64:df:3e:a9:71:20:9a:36:05:02:88:60:0c:
9e:65:f4:09:5f:67:a6:73:b3:8f:0c:d4:2f:8b:e0:a1:2d:72:
49:3b:96:5f:0a:78:bb:d5:44:e5:be:54:66:c1:83:e4:bb:20:
ed:c1:25:93:ac:aa:93:e5:21:44:f7:4c:b9:28:d2:d8:62:35:
d1:04:d8:04:c1:1a:14:10:1c:ee:d6:4b:ff:68:63:db:83:f3:
2e:1b:98:72:c5:9e:54:70:ea:91:50:39:db:96:d3:05:0f:ea:
e2:68:6d:9e:6d:9e:c9:8f:47:21:65:ee:8f:f6:88:c7:c9:61:
06:52:87:86:90:e4:e5:51:54:1c:6a:87:58:91:bd:cb:fc:20:
20:91:15:e6
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICG+wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTMw
NzM5NTJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDdFMzQ2NTk1QzQxQUFG
QzUyQTg4QUREQUM0Nzk4NDExNUVDM0M1MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCfQO13/1fXvFtXNaXuu+cRrJyovG1a0Uc8AMxHRq6hrfu3386E
AuYRjhyhni4344MtO2hgYm3/mrs6GTGfoRo6A3C1P49yq5M+MFruDGpmOObiaKoA
A+d6EVfSKYY8eWvo6PpP9FxjM5xoJhbXqTvQNZVvD6Rj+Ki4nULMFpaeCNXIWkEZ
+Y1XyFYJ8UBotTK69OuRKkZwOLOOZX+OJo1oya2mozqO8dgeUXx2ZxXYRctkqh+s
n2ady0a++wUf0LYelwTVkwLzPj9ztWnD8FzFzEqPXTNv8WcPh4i10KS5f5cF5fCD
5qSM5xrgH5qHN+eMIcOJkR+l7ydzMNYDAcN1AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUfjRllcQar8UqiK3axHmEEV7DxTEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9malJsbGNRYXI4VXFpSzNh
eEhtRUVWN0R4VEUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIwzQDLo8JCFlAHYDVQUGzueEvVJcIci504m
8YCdojNklVHJUKiVGKDtlyLlS+QroReLx0S08RfgLbE001sdshigFTUY9WLN2Uco
XxfDFyC/sn8PE9/nKgyjRfonXMJULpTq8jqzZnFAkC4CDRaMABSpZN8+qXEgmjYF
AohgDJ5l9AlfZ6Zzs48M1C+L4KEtckk7ll8KeLvVROW+VGbBg+S7IO3BJZOsqpPl
IUT3TLko0thiNdEE2ATBGhQQHO7WS/9oY9uD8y4bmHLFnlRw6pFQOduW0wUP6uJo
bZ5tnsmPRyFl7o/2iMfJYQZSh4aQ5OVRVBxqh1iRvcv8ICCRFeY=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:57:11 2025 by rpki-client