Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/n21Vk59l6Oh37_sjiX-1etAbHbM.roa
File: n21Vk59l6Oh37_sjiX-1etAbHbM.roa (raw, json)
Hash identifier: ED98+zqAH4698U0FTXMHJ19MeYmwMs2BFBAdOxNLKR4=
Subject key identifier: 9F:6D:55:93:9F:65:E8:E8:77:EF:FB:23:89:7F:B5:7A:D0:1B:1D:B3
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 13F0
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/n21Vk59l6Oh37_sjiX-1etAbHbM.roa
Signing time: Mon 02 Jun 2025 16:09:13 +0000
ROA not before: Mon 02 Jun 2025 16:09:13 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5104 (0x13f0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 2 16:09:13 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=9F6D55939F65E8E877EFFB23897FB57AD01B1DB3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:c8:00:ae:af:f5:72:61:1a:77:42:d5:86:87:
13:19:6c:ea:70:76:15:67:bf:6f:4f:c0:db:64:f9:
3d:1d:09:4a:23:34:31:94:e3:ff:4b:01:c8:70:9f:
01:1e:ed:da:a1:18:6b:80:11:53:38:b5:f7:69:a1:
c7:0c:32:f0:86:a3:ca:64:7a:97:61:2f:ba:b6:d4:
f3:2b:f2:13:13:35:7d:98:e7:86:fb:c3:49:38:06:
d2:ac:8c:2d:74:19:ca:90:4c:28:e0:6d:c7:93:8c:
d7:93:67:19:08:4b:79:a4:0a:27:ae:6f:3b:43:21:
19:76:2e:5a:f3:af:a0:43:4a:6e:d1:6a:31:0f:71:
18:0a:48:f1:e7:aa:c4:c9:ba:18:61:b8:f7:94:67:
b4:a3:18:c3:df:e0:1f:5f:de:10:31:36:84:a6:c7:
80:fa:20:55:3c:91:5a:3e:6d:81:e8:c3:57:ea:11:
5a:56:39:39:48:ab:dd:43:93:1f:79:f0:53:64:97:
ae:f7:b9:36:c2:31:ae:ad:9e:5b:75:b1:7e:6c:8f:
6c:32:02:61:c1:a0:04:eb:17:5c:4d:43:f9:0e:8a:
70:cf:b0:5f:5c:3c:2e:6b:10:68:94:82:4e:b0:cd:
9a:1f:ad:46:fa:e8:af:7a:3f:d5:f3:9a:f2:8e:4c:
c1:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:6D:55:93:9F:65:E8:E8:77:EF:FB:23:89:7F:B5:7A:D0:1B:1D:B3
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/n21Vk59l6Oh37_sjiX-1etAbHbM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
29:5e:c9:40:70:96:d7:12:e6:52:9d:d7:98:58:4b:4f:c6:8b:
da:ab:89:ff:82:0f:8e:3b:4c:dd:7d:3b:c8:8e:72:b7:a2:9c:
9a:23:2e:1e:0b:ba:a7:98:c2:ce:7e:b7:32:2c:c1:79:c6:b3:
cc:93:8a:65:06:a2:cb:5e:24:b6:b0:96:7e:18:cd:1f:0f:90:
9d:ac:3e:e2:d4:57:c0:9d:ec:aa:ae:42:b7:43:e3:21:ed:bc:
9d:9b:57:f4:a5:c7:1f:f8:aa:5c:aa:4a:a0:09:d2:ad:85:27:
d5:07:3c:b5:1a:25:c4:c1:cf:8e:cf:96:60:02:3f:c3:8a:e9:
12:ec:af:dd:a0:0f:5f:f2:5d:c9:81:8d:15:19:21:5c:95:f3:
8d:c5:81:25:64:ae:71:98:e4:b1:27:3c:cc:51:db:b9:fa:d5:
f0:22:24:b3:7a:c6:4b:b9:58:04:85:14:fe:20:b7:03:65:c8:
8c:c2:58:6d:e1:ff:63:93:2c:62:63:bd:4c:a1:59:29:41:59:
db:65:b7:59:14:35:37:88:77:c2:41:97:8b:40:eb:25:08:46:
d6:79:f2:65:de:27:5a:3e:ee:3c:72:83:33:78:66:f7:f8:70:
ba:c5:3f:e2:c4:e9:8c:dd:45:37:f3:ef:e5:9c:83:84:f7:47:
8a:12:1f:17
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICE/AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDIx
NjA5MTNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDlGNkQ1NTkzOUY2NUU4
RTg3N0VGRkIyMzg5N0ZCNTdBRDAxQjFEQjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMyACur/VyYRp3QtWGhxMZbOpwdhVnv29PwNtk+T0dCUojNDGU
4/9LAchwnwEe7dqhGGuAEVM4tfdpoccMMvCGo8pkepdhL7q21PMr8hMTNX2Y54b7
w0k4BtKsjC10GcqQTCjgbceTjNeTZxkIS3mkCieubztDIRl2Llrzr6BDSm7RajEP
cRgKSPHnqsTJuhhhuPeUZ7SjGMPf4B9f3hAxNoSmx4D6IFU8kVo+bYHow1fqEVpW
OTlIq91Dkx958FNkl673uTbCMa6tnlt1sX5sj2wyAmHBoATrF1xNQ/kOinDPsF9c
PC5rEGiUgk6wzZofrUb66K96P9XzmvKOTMHlAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUn21Vk59l6Oh37/sjiX+1etAbHbMwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9uMjFWazU5bDZPaDM3X3Nq
aVgtMWV0QWJIYk0ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACleyUBwltcS5lKd15hYS0/Gi9qrif+CD447
TN19O8iOcreinJojLh4LuqeYws5+tzIswXnGs8yTimUGosteJLawln4YzR8PkJ2s
PuLUV8Cd7KquQrdD4yHtvJ2bV/Slxx/4qlyqSqAJ0q2FJ9UHPLUaJcTBz47PlmAC
P8OK6RLsr92gD1/yXcmBjRUZIVyV843FgSVkrnGY5LEnPMxR27n61fAiJLN6xku5
WASFFP4gtwNlyIzCWG3h/2OTLGJjvUyhWSlBWdtlt1kUNTeId8JBl4tA6yUIRtZ5
8mXeJ1o+7jxygzN4Zvf4cLrFP+LE6YzdRTfz7+Wcg4T3R4oSHxc=
-----END CERTIFICATE-----
Generated at Sun Jun 22 10:50:25 2025 by rpki-client