Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/mnzrqdMEEuy7L22DDTVQ5am7QA8.roa
File: mnzrqdMEEuy7L22DDTVQ5am7QA8.roa (raw, json)
Hash identifier: AKn+9mM+BOgK0l964l9LrMhOLONADhdQ3+dzYB5XO3A=
Subject key identifier: 9A:7C:EB:A9:D3:04:12:EC:BB:2F:6D:83:0D:35:50:E5:A9:BB:40:0F
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0B3C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/mnzrqdMEEuy7L22DDTVQ5am7QA8.roa
Signing time: Thu 22 May 2025 01:38:22 +0000
ROA not before: Thu 22 May 2025 01:38:22 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2876 (0xb3c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 22 01:38:22 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=9A7CEBA9D30412ECBB2F6D830D3550E5A9BB400F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:bf:41:22:4d:68:09:71:a9:2b:2e:da:eb:d8:
2e:f0:09:26:70:29:50:66:ee:80:95:ba:8f:fc:ef:
46:a6:9c:5d:c6:ef:77:7f:37:01:84:e1:ec:58:9a:
e5:b5:ad:29:9b:d9:b5:5e:a3:f6:04:ee:e7:8a:2f:
9c:ac:ba:bd:ae:c4:9d:2f:cb:ef:4e:ba:98:98:c2:
68:3c:12:7d:38:87:44:bc:6f:88:5f:63:63:2c:9d:
f7:1e:ea:49:06:61:37:36:dc:cb:15:26:76:50:74:
33:46:b8:4b:3a:e8:61:ea:52:ff:28:7a:f8:ea:e8:
ff:51:a3:a0:c5:e1:a1:79:6e:ca:42:ad:89:be:a4:
e3:37:7e:58:16:91:c7:99:d6:19:97:6e:8d:23:2b:
3e:81:00:0a:1d:7e:2b:06:b4:28:a8:16:07:18:44:
8f:ba:f3:9c:fc:27:8a:1b:d5:3d:4a:62:6a:e3:b6:
fa:af:70:45:55:34:54:d7:2f:b6:f4:6d:20:f3:aa:
38:46:48:a4:4b:49:1f:45:18:eb:05:18:09:9b:21:
b6:ea:f9:ec:c8:9a:f7:85:19:eb:5d:7b:f8:32:ff:
33:c5:88:f4:93:a3:0d:63:38:42:90:16:00:f7:7f:
df:df:65:c3:53:0b:db:51:9e:d8:d5:4b:3d:7a:12:
c3:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:7C:EB:A9:D3:04:12:EC:BB:2F:6D:83:0D:35:50:E5:A9:BB:40:0F
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/mnzrqdMEEuy7L22DDTVQ5am7QA8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
02:df:c5:62:ad:ea:62:94:33:86:0a:dd:bc:be:36:55:42:41:
97:8a:fc:b0:d3:35:a9:31:c8:79:dd:b3:18:3b:3a:56:0d:32:
b2:00:80:e6:10:b9:ea:12:a9:85:38:40:a8:b9:1a:2f:a8:de:
24:9c:21:b7:75:ea:ba:cf:77:89:86:91:87:73:fa:80:3d:3d:
7f:53:17:7c:1e:8c:55:ac:d3:2c:3c:05:e9:3a:6b:8b:24:23:
2e:98:fa:db:a4:0b:59:36:cf:de:d1:6b:c8:57:02:15:0c:3f:
00:e3:0e:96:9d:6a:7a:0a:eb:6e:ef:49:72:ab:6f:1f:ce:76:
54:6a:24:f1:4d:1b:a1:ad:f5:5b:80:31:09:d7:0c:82:2a:4e:
c2:7a:f0:ee:06:98:6e:38:7d:62:4c:a2:72:97:80:85:e7:59:
84:1e:bd:0a:3e:3b:68:26:1b:9a:29:50:5c:82:77:8c:ca:da:
83:d6:63:42:8b:71:8e:b4:27:53:a4:8b:11:b3:ec:e9:6d:e2:
34:8b:37:a6:b8:3f:4e:d6:3e:e5:e5:2e:30:b2:16:d6:d4:0f:
14:65:af:7e:c8:cf:7d:84:45:b0:43:1a:28:f5:2b:2d:ac:bb:
12:00:2e:bb:1a:07:57:31:92:83:2c:09:c2:3b:d9:68:34:30:
4a:13:cf:66
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICCzwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjIw
MTM4MjJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDlBN0NFQkE5RDMwNDEy
RUNCQjJGNkQ4MzBEMzU1MEU1QTlCQjQwMEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAv0EiTWgJcakrLtrr2C7wCSZwKVBm7oCVuo/870amnF3G73d/
NwGE4exYmuW1rSmb2bVeo/YE7ueKL5ysur2uxJ0vy+9OupiYwmg8En04h0S8b4hf
Y2Msnfce6kkGYTc23MsVJnZQdDNGuEs66GHqUv8oevjq6P9Ro6DF4aF5bspCrYm+
pOM3flgWkceZ1hmXbo0jKz6BAAodfisGtCioFgcYRI+685z8J4ob1T1KYmrjtvqv
cEVVNFTXL7b0bSDzqjhGSKRLSR9FGOsFGAmbIbbq+ezImveFGetde/gy/zPFiPST
ow1jOEKQFgD3f9/fZcNTC9tRntjVSz16EsM3AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUmnzrqdMEEuy7L22DDTVQ5am7QA8wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9tbnpycWRNRUV1eTdMMjJE
RFRWUTVhbTdRQTgucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAALfxWKt6mKUM4YK3by+NlVCQZeK/LDTNakx
yHndsxg7OlYNMrIAgOYQueoSqYU4QKi5Gi+o3iScIbd16rrPd4mGkYdz+oA9PX9T
F3wejFWs0yw8Bek6a4skIy6Y+tukC1k2z97Ra8hXAhUMPwDjDpadanoK627vSXKr
bx/OdlRqJPFNG6Gt9VuAMQnXDIIqTsJ68O4GmG44fWJMonKXgIXnWYQevQo+O2gm
G5opUFyCd4zK2oPWY0KLcY60J1OkixGz7Olt4jSLN6a4P07WPuXlLjCyFtbUDxRl
r37Iz32ERbBDGij1Ky2suxIALrsaB1cxkoMsCcI72Wg0MEoTz2Y=
-----END CERTIFICATE-----
Generated at Sat Jun 21 23:00:21 2025 by rpki-client