Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/st2dpOQll7AGfS-wQpYdXAh_V1Q.roa
File: st2dpOQll7AGfS-wQpYdXAh_V1Q.roa (raw, json)
Hash identifier: cI+TrpI4EIFlLFTAMLRnH+PfVJHVUSMhThdASpXeDF8=
Subject key identifier: B2:DD:9D:A4:E4:25:97:B0:06:7D:2F:B0:42:96:1D:5C:08:7F:57:54
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1BD8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/st2dpOQll7AGfS-wQpYdXAh_V1Q.roa
Signing time: Fri 13 Jun 2025 05:21:02 +0000
ROA not before: Fri 13 Jun 2025 05:21:02 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7128 (0x1bd8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 13 05:21:02 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=B2DD9DA4E42597B0067D2FB042961D5C087F5754
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:70:cc:aa:7e:6e:96:93:23:a5:6b:47:70:ce:
53:e6:a4:93:8a:e0:8f:66:f9:e7:91:07:82:da:42:
1b:b1:bc:df:fd:98:31:de:80:b2:9a:34:92:73:3f:
ba:ef:6f:47:52:53:da:cc:79:5d:ec:69:aa:a3:ca:
d1:14:72:ad:e4:36:6a:4a:1d:f3:26:32:3b:b3:dd:
8f:db:56:07:03:b9:0e:80:16:d7:fd:46:d9:fc:5b:
ff:74:ea:4c:94:17:3e:00:c0:e3:79:16:ea:04:c8:
4d:7c:a5:60:db:d6:b6:1a:18:94:dc:58:5c:3e:4c:
19:87:db:e6:78:47:95:54:0c:ec:10:e8:5b:be:1a:
2f:bc:40:8e:3f:7e:c7:ce:8e:a2:b0:3f:a5:f0:fd:
32:86:ae:71:45:02:c7:fa:60:4e:44:2d:f6:63:d8:
66:17:7d:6e:3b:9b:4b:a4:c7:bb:69:a9:e9:f2:7d:
1d:9c:dd:1a:f2:11:6c:d2:86:40:c3:0c:ef:b9:c8:
24:ca:84:a1:e7:e2:73:bb:a4:e0:03:63:fa:00:81:
1c:87:0f:ae:c6:10:d7:49:c6:f3:f3:ba:3d:e4:8d:
b8:21:95:ab:73:0d:bc:1a:5e:56:cc:6c:d7:2f:00:
b3:7a:58:49:e5:20:15:1c:df:7d:21:53:61:ea:78:
f7:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:DD:9D:A4:E4:25:97:B0:06:7D:2F:B0:42:96:1D:5C:08:7F:57:54
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/st2dpOQll7AGfS-wQpYdXAh_V1Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
58:84:cb:fd:a9:f5:02:f6:87:ea:ad:76:6d:db:fe:cc:4c:d2:
53:1c:9b:19:d3:e3:ad:7a:7e:cd:7d:81:c1:50:fa:de:85:ec:
f4:39:7f:09:88:10:05:34:46:47:11:c2:17:28:06:e7:89:8d:
93:2a:66:a6:f1:9e:6b:cd:28:b3:0b:7a:88:ea:fa:51:ea:bc:
f8:f1:85:29:b1:95:9b:a1:a1:06:d8:e4:b0:a4:74:a8:19:36:
c6:f8:5c:b0:aa:b9:c3:d7:96:e8:a4:13:d0:f0:d2:e0:1f:bb:
46:7a:eb:95:75:cc:2f:5f:95:c7:7c:df:e7:20:ce:d2:f7:fd:
3a:1f:c2:9b:17:33:69:c2:55:75:68:b4:b3:42:51:56:e2:c4:
cd:25:19:aa:d7:23:f0:86:e4:c9:e5:00:99:01:50:65:01:ca:
8b:fa:3b:38:76:da:fa:61:bf:41:c5:99:42:71:78:0c:64:b1:
cf:5b:a6:b0:96:27:81:2e:38:18:bc:85:a0:17:e2:34:07:40:
44:33:7c:50:d3:54:ef:c8:61:b4:42:7a:48:86:23:e0:6a:d9:
3d:ab:c8:0b:3c:41:4b:76:83:eb:c3:39:3e:99:e1:3f:05:79:
49:d0:11:29:21:58:50:b2:cd:28:a6:c6:ec:3a:86:2d:2f:73:
ca:1a:f2:7b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICG9gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTMw
NTIxMDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEIyREQ5REE0RTQyNTk3
QjAwNjdEMkZCMDQyOTYxRDVDMDg3RjU3NTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHcMyqfm6WkyOla0dwzlPmpJOK4I9m+eeRB4LaQhuxvN/9mDHe
gLKaNJJzP7rvb0dSU9rMeV3saaqjytEUcq3kNmpKHfMmMjuz3Y/bVgcDuQ6AFtf9
Rtn8W/906kyUFz4AwON5FuoEyE18pWDb1rYaGJTcWFw+TBmH2+Z4R5VUDOwQ6Fu+
Gi+8QI4/fsfOjqKwP6Xw/TKGrnFFAsf6YE5ELfZj2GYXfW47m0ukx7tpqenyfR2c
3RryEWzShkDDDO+5yCTKhKHn4nO7pOADY/oAgRyHD67GENdJxvPzuj3kjbghlatz
DbwaXlbMbNcvALN6WEnlIBUc330hU2HqePf9AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUst2dpOQll7AGfS+wQpYdXAh/V1QwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9zdDJkcE9RbGw3QUdmUy13
UXBZZFhBaF9WMVEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAFiEy/2p9QL2h+qtdm3b/sxM0lMcmxnT4616
fs19gcFQ+t6F7PQ5fwmIEAU0RkcRwhcoBueJjZMqZqbxnmvNKLMLeojq+lHqvPjx
hSmxlZuhoQbY5LCkdKgZNsb4XLCqucPXluikE9Dw0uAfu0Z665V1zC9flcd83+cg
ztL3/TofwpsXM2nCVXVotLNCUVbixM0lGarXI/CG5MnlAJkBUGUByov6Ozh22vph
v0HFmUJxeAxksc9bprCWJ4EuOBi8haAX4jQHQEQzfFDTVO/IYbRCekiGI+Bq2T2r
yAs8QUt2g+vDOT6Z4T8FeUnQESkhWFCyzSimxuw6hi0vc8oa8ns=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:20:35 2025 by rpki-client