Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/p7yQVW19pxfSYfj2oV8da_fCzOk.roa
File: p7yQVW19pxfSYfj2oV8da_fCzOk.roa (raw, json)
Hash identifier: 2AcMXidE4bpWO7WDDfJAMi1a7qmt1oHxwzTBCxy6qV4=
Subject key identifier: A7:BC:90:55:6D:7D:A7:17:D2:61:F8:F6:A1:5F:1D:6B:F7:C2:CC:E9
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1A20
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/p7yQVW19pxfSYfj2oV8da_fCzOk.roa
Signing time: Tue 10 Jun 2025 22:09:45 +0000
ROA not before: Tue 10 Jun 2025 22:09:45 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6688 (0x1a20)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 10 22:09:45 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=A7BC90556D7DA717D261F8F6A15F1D6BF7C2CCE9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:2a:55:21:4f:ee:4f:c3:7e:7e:09:cd:2d:6a:
a3:b1:22:b1:69:83:ee:e7:7e:c7:2e:33:7f:a9:27:
da:17:91:c8:fc:d2:1b:bf:18:df:bb:a4:10:c6:62:
b2:73:94:3d:1f:79:95:73:ed:97:cb:3a:8a:54:59:
f0:52:04:39:51:f2:17:50:a3:8c:58:88:a7:d5:e0:
65:ba:e6:1e:65:72:d9:c7:16:18:5b:0f:71:90:dc:
bd:6d:92:e1:36:e1:9c:6f:f5:99:81:5d:33:42:62:
0d:d6:cb:5b:e2:57:f9:3c:d7:b0:59:ed:bc:50:95:
74:30:1a:93:c3:9c:77:56:bc:51:5e:82:cb:60:c4:
7b:e8:d0:4e:c1:c5:53:c5:92:61:82:40:4d:26:c0:
8e:67:24:ba:ee:0d:41:91:88:ad:bd:92:98:e0:ac:
cb:bb:fd:7e:ef:e3:11:36:0a:c8:c5:ec:73:a9:21:
80:da:57:97:a1:20:d9:a5:91:b9:5e:73:66:77:85:
fa:56:de:41:04:fa:37:d2:38:c2:3f:ec:0f:2c:f9:
b5:44:00:7e:8f:16:f5:95:66:91:3e:a9:c9:7d:58:
a5:88:4f:4f:ad:42:25:be:c3:a3:ed:cf:dd:2a:ff:
bc:5c:fc:18:8f:6e:4c:5e:3d:49:dc:f5:03:7f:c9:
f5:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:BC:90:55:6D:7D:A7:17:D2:61:F8:F6:A1:5F:1D:6B:F7:C2:CC:E9
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/p7yQVW19pxfSYfj2oV8da_fCzOk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
86:67:a2:f0:84:44:63:ca:3b:37:3e:98:32:37:f3:3e:67:50:
a9:39:29:a8:2f:ce:ac:4c:90:2d:22:bb:19:5b:3b:78:4f:6e:
9c:9f:a2:a6:c3:25:00:39:f0:ee:c6:e0:79:00:d5:3e:be:1e:
fe:39:2e:79:14:50:4b:05:bd:d0:90:33:f2:3b:45:04:db:54:
6e:97:23:dc:05:19:b1:be:b7:15:62:7e:57:d2:76:50:37:9f:
0f:d1:de:e9:76:c8:ba:e3:ae:82:49:ed:e1:6f:47:79:26:c1:
7c:c3:c4:bf:26:ae:fd:20:ce:de:13:24:cc:94:12:3f:da:9b:
59:39:74:70:8c:61:20:5c:2c:cc:18:4d:2b:2a:7d:af:32:f7:
ce:33:52:c0:43:7c:1e:31:ae:12:5b:2a:07:e0:e3:36:4a:d6:
c5:76:80:79:05:01:aa:d4:36:a7:e8:37:d2:25:c4:11:85:e2:
83:d9:d7:eb:00:67:43:a6:27:b5:3a:69:f8:ba:77:44:42:62:
8d:58:3b:90:db:9d:42:56:44:8e:d7:7b:83:fc:a2:6c:bd:95:
6e:45:cd:24:f1:d1:f3:c1:56:80:4d:9c:4d:71:f0:19:3c:3d:
4c:26:82:5b:e0:4b:a5:e1:9d:b6:9c:18:b2:8e:99:b3:a4:39:
cd:a3:e4:a4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGiAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTAy
MjA5NDVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEE3QkM5MDU1NkQ3REE3
MTdEMjYxRjhGNkExNUYxRDZCRjdDMkNDRTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0KlUhT+5Pw35+Cc0taqOxIrFpg+7nfscuM3+pJ9oXkcj80hu/
GN+7pBDGYrJzlD0feZVz7ZfLOopUWfBSBDlR8hdQo4xYiKfV4GW65h5lctnHFhhb
D3GQ3L1tkuE24Zxv9ZmBXTNCYg3Wy1viV/k817BZ7bxQlXQwGpPDnHdWvFFegstg
xHvo0E7BxVPFkmGCQE0mwI5nJLruDUGRiK29kpjgrMu7/X7v4xE2CsjF7HOpIYDa
V5ehINmlkblec2Z3hfpW3kEE+jfSOMI/7A8s+bVEAH6PFvWVZpE+qcl9WKWIT0+t
QiW+w6Ptz90q/7xc/BiPbkxePUnc9QN/yfV/AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUp7yQVW19pxfSYfj2oV8da/fCzOkwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9wN3lRVlcxOXB4ZlNZZmoy
b1Y4ZGFfZkN6T2sucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIZnovCERGPKOzc+mDI38z5nUKk5KagvzqxM
kC0iuxlbO3hPbpyfoqbDJQA58O7G4HkA1T6+Hv45LnkUUEsFvdCQM/I7RQTbVG6X
I9wFGbG+txViflfSdlA3nw/R3ul2yLrjroJJ7eFvR3kmwXzDxL8mrv0gzt4TJMyU
Ej/am1k5dHCMYSBcLMwYTSsqfa8y984zUsBDfB4xrhJbKgfg4zZK1sV2gHkFAarU
NqfoN9IlxBGF4oPZ1+sAZ0OmJ7U6afi6d0RCYo1YO5DbnUJWRI7Xe4P8omy9lW5F
zSTx0fPBVoBNnE1x8Bk8PUwmglvgS6XhnbacGLKOmbOkOc2j5KQ=
-----END CERTIFICATE-----
Generated at Sat Jun 21 21:35:52 2025 by rpki-client