Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/krXz5lZY10Xk8jmrh-7P4zyHdfE.roa
File: krXz5lZY10Xk8jmrh-7P4zyHdfE.roa (raw, json)
Hash identifier: CtAbgCdNIxVGWGEtjRQKzrSkQVuD/8AqnrFKfZ4L+3s=
Subject key identifier: 92:B5:F3:E6:56:58:D7:45:E4:F2:39:AB:87:EE:CF:E3:3C:87:75:F1
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1CD4
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/krXz5lZY10Xk8jmrh-7P4zyHdfE.roa
Signing time: Sat 14 Jun 2025 12:39:55 +0000
ROA not before: Sat 14 Jun 2025 12:39:55 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7380 (0x1cd4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 14 12:39:55 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=92B5F3E65658D745E4F239AB87EECFE33C8775F1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:0d:fd:31:d9:ba:62:d6:34:3e:f6:82:21:20:
bf:89:47:24:5b:f9:f5:3a:d6:db:51:81:55:54:4b:
55:d4:90:74:5c:7c:48:e4:7b:dd:3d:d1:c4:65:81:
91:d8:bc:02:00:04:97:19:6e:e4:cc:82:4b:02:fa:
46:c9:d9:4f:49:be:25:1e:91:60:fc:2c:d7:57:68:
bb:67:73:ff:f4:7a:c6:c9:48:b1:b1:e3:ab:24:54:
66:db:a9:53:08:e4:59:5b:f6:9c:af:2e:db:aa:ab:
a0:bf:7e:43:46:b0:b2:2c:a7:f9:12:cf:f1:9b:65:
d1:34:3d:fe:76:cf:88:db:27:de:be:8d:20:14:40:
89:16:02:88:00:c0:79:0c:91:26:78:04:fa:eb:18:
67:9f:69:57:ec:2d:82:35:09:56:38:3e:71:8e:f4:
b1:e8:39:02:39:ac:a8:cc:64:41:27:58:e4:f1:29:
c3:c9:3c:13:25:68:4a:49:d8:36:7b:b6:7d:1a:cd:
3b:e8:b8:7d:ed:05:39:5f:22:f5:d1:e1:c1:92:00:
01:c4:0e:cd:b7:ef:7e:14:a9:aa:1f:54:a1:2f:3a:
8b:14:af:7e:8c:41:e6:52:cf:24:1d:6e:7b:36:fd:
67:db:b9:11:5f:d5:78:42:55:17:8b:07:04:0f:f7:
e9:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:B5:F3:E6:56:58:D7:45:E4:F2:39:AB:87:EE:CF:E3:3C:87:75:F1
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/krXz5lZY10Xk8jmrh-7P4zyHdfE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
28:ad:21:42:b2:80:78:da:50:23:04:bd:4a:f2:3a:d0:3e:f8:
a7:14:8c:ab:a9:de:9d:93:7a:39:4b:7e:f6:5b:39:17:af:ea:
33:4a:af:39:19:5b:6a:61:0e:28:54:b4:df:f4:44:3c:54:7d:
a3:41:7e:4c:5d:b6:1a:41:5e:ee:35:b3:d0:14:fd:cb:36:56:
4d:bd:25:58:c2:f7:6a:ed:49:57:31:17:9a:12:14:80:14:e8:
b3:7a:29:18:a3:c4:fd:57:0d:6b:d3:c7:7d:6a:be:02:00:50:
2a:a9:e8:9e:9b:38:31:3f:18:9e:9b:3b:dd:c1:57:6b:ce:4e:
18:15:7a:b0:ab:f7:a3:84:27:c0:c7:0e:8e:51:97:72:6e:52:
54:72:04:27:d4:ce:b7:b5:ce:df:23:82:16:7c:cd:5d:df:67:
ef:4a:59:78:11:25:2f:ed:81:90:4c:82:cc:81:a5:28:0a:92:
00:84:d2:bd:ec:10:98:49:52:b4:3a:13:14:dc:31:6a:e2:5b:
65:a1:84:6e:26:40:df:63:99:44:11:32:94:d2:bc:2c:f4:ca:
cb:08:7c:22:7d:1b:eb:d7:51:a1:35:aa:c8:e4:62:e5:27:2b:
05:e9:94:00:cf:6f:13:db:2a:5d:48:bc:a0:29:ce:b4:c5:9b:
09:7d:6c:bd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHNQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTQx
MjM5NTVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDkyQjVGM0U2NTY1OEQ3
NDVFNEYyMzlBQjg3RUVDRkUzM0M4Nzc1RjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxDf0x2bpi1jQ+9oIhIL+JRyRb+fU61ttRgVVUS1XUkHRcfEjk
e9090cRlgZHYvAIABJcZbuTMgksC+kbJ2U9JviUekWD8LNdXaLtnc//0esbJSLGx
46skVGbbqVMI5Flb9pyvLtuqq6C/fkNGsLIsp/kSz/GbZdE0Pf52z4jbJ96+jSAU
QIkWAogAwHkMkSZ4BPrrGGefaVfsLYI1CVY4PnGO9LHoOQI5rKjMZEEnWOTxKcPJ
PBMlaEpJ2DZ7tn0azTvouH3tBTlfIvXR4cGSAAHEDs23734UqaofVKEvOosUr36M
QeZSzyQdbns2/WfbuRFf1XhCVReLBwQP9+mrAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUkrXz5lZY10Xk8jmrh+7P4zyHdfEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9rclh6NWxaWTEwWGs4am1y
aC03UDR6eUhkZkUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACitIUKygHjaUCMEvUryOtA++KcUjKup3p2T
ejlLfvZbORev6jNKrzkZW2phDihUtN/0RDxUfaNBfkxdthpBXu41s9AU/cs2Vk29
JVjC92rtSVcxF5oSFIAU6LN6KRijxP1XDWvTx31qvgIAUCqp6J6bODE/GJ6bO93B
V2vOThgVerCr96OEJ8DHDo5Rl3JuUlRyBCfUzre1zt8jghZ8zV3fZ+9KWXgRJS/t
gZBMgsyBpSgKkgCE0r3sEJhJUrQ6ExTcMWriW2WhhG4mQN9jmUQRMpTSvCz0yssI
fCJ9G+vXUaE1qsjkYuUnKwXplADPbxPbKl1IvKApzrTFmwl9bL0=
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:07:12 2025 by rpki-client