Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/vTxMX8eTYdo0V23avCZGBIHg75I.roa
File: vTxMX8eTYdo0V23avCZGBIHg75I.roa (raw, json)
Hash identifier: PA9ZxCKXiUXdGIZ4bf+7grlz37t0Bsh+bUGPSx2KXD0=
Subject key identifier: BD:3C:4C:5F:C7:93:61:DA:34:57:6D:DA:BC:26:46:04:81:E0:EF:92
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 136C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/vTxMX8eTYdo0V23avCZGBIHg75I.roa
Signing time: Sun 01 Jun 2025 23:39:13 +0000
ROA not before: Sun 01 Jun 2025 23:39:13 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4972 (0x136c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 1 23:39:13 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=BD3C4C5FC79361DA34576DDABC26460481E0EF92
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:1b:0b:63:ec:18:3c:91:b1:c1:08:11:2c:54:
4b:15:a2:e3:ab:43:f2:54:21:c0:2c:12:db:8e:1b:
ff:13:4b:42:dc:45:32:2c:1d:d1:2e:5d:e5:2d:1c:
f9:60:f4:82:a1:fc:df:a8:8b:aa:53:0d:6f:d6:20:
89:64:16:d3:41:5c:7a:43:9f:a1:40:76:8c:3f:69:
df:96:0a:dd:1b:3c:63:18:6c:3c:d5:60:11:32:22:
93:18:dc:14:7f:2f:91:08:52:7c:14:1b:9d:46:e8:
01:c0:e6:f9:d9:16:30:18:5b:da:59:35:af:9b:a7:
c7:0f:86:67:56:6f:3a:3e:f8:21:04:da:22:a2:42:
83:f8:ac:0b:f1:02:2a:ee:d9:6d:42:a6:0d:cf:d6:
0b:37:7d:b8:af:d0:25:53:da:ce:7f:ab:00:f4:59:
a3:42:9f:49:53:02:41:ac:6b:de:0c:8e:d7:df:19:
29:6d:2b:0f:b0:58:ee:a6:04:8f:b2:79:db:09:5b:
a8:55:5b:f2:fa:7f:e2:a3:9a:a3:cd:25:16:81:63:
dc:f5:21:ec:41:f8:6b:58:a4:c1:e0:eb:01:e3:7d:
c9:41:7e:80:e3:82:36:13:66:2b:25:0b:88:0d:7f:
70:f4:4a:73:cc:db:30:91:71:60:f2:55:1e:09:f7:
ed:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:3C:4C:5F:C7:93:61:DA:34:57:6D:DA:BC:26:46:04:81:E0:EF:92
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/vTxMX8eTYdo0V23avCZGBIHg75I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8d:7d:41:1b:23:8c:8d:19:6c:99:36:04:6b:b9:f5:e4:25:95:
32:6a:59:93:b8:d6:ad:14:c0:26:f7:4c:90:ac:0a:dc:ff:e4:
7c:a3:44:fa:1d:64:84:9d:4d:96:3b:14:1d:39:9d:b9:d3:ee:
37:3e:0a:84:9b:5c:e5:54:bc:df:86:d3:59:de:d4:17:ae:10:
aa:03:24:91:fe:0f:e5:22:59:3a:c6:1a:23:7f:d8:b6:b8:42:
47:db:cd:48:9b:ac:69:ca:fc:43:eb:b6:0f:9d:8d:41:08:51:
0c:31:6c:7d:5a:20:b0:30:af:9f:34:82:89:ec:0d:97:53:92:
e2:92:0a:68:c3:40:23:4d:2a:31:d4:c9:e2:25:32:25:b7:c9:
e5:7e:94:10:86:d0:63:26:4a:ab:30:9d:e5:af:6b:78:38:ae:
c0:11:c4:ed:5f:67:c6:a6:c0:22:49:28:04:e1:62:e6:97:f6:
ed:01:5d:fd:bd:56:f0:bd:8d:34:fb:80:22:b1:0f:0c:a2:85:
ef:a6:a0:0b:b4:84:25:c5:e7:00:58:fa:9f:d3:ec:8f:04:a3:
03:aa:eb:9b:95:a5:ed:97:b2:77:fd:1c:c3:cd:8d:96:ab:6f:
16:6f:00:ef:28:9b:d6:80:13:32:3e:dc:c9:63:77:2c:e9:f1:
4e:49:9e:72
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICE2wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDEy
MzM5MTNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEJEM0M0QzVGQzc5MzYx
REEzNDU3NkREQUJDMjY0NjA0ODFFMEVGOTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDcGwtj7Bg8kbHBCBEsVEsVouOrQ/JUIcAsEtuOG/8TS0LcRTIs
HdEuXeUtHPlg9IKh/N+oi6pTDW/WIIlkFtNBXHpDn6FAdow/ad+WCt0bPGMYbDzV
YBEyIpMY3BR/L5EIUnwUG51G6AHA5vnZFjAYW9pZNa+bp8cPhmdWbzo++CEE2iKi
QoP4rAvxAiru2W1Cpg3P1gs3fbiv0CVT2s5/qwD0WaNCn0lTAkGsa94MjtffGSlt
Kw+wWO6mBI+yedsJW6hVW/L6f+KjmqPNJRaBY9z1IexB+GtYpMHg6wHjfclBfoDj
gjYTZislC4gNf3D0SnPM2zCRcWDyVR4J9+03AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUvTxMX8eTYdo0V23avCZGBIHg75IwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni92VHhNWDhlVFlkbzBWMjNh
dkNaR0JJSGc3NUkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAI19QRsjjI0ZbJk2BGu59eQllTJqWZO41q0U
wCb3TJCsCtz/5HyjRPodZISdTZY7FB05nbnT7jc+CoSbXOVUvN+G01ne1BeuEKoD
JJH+D+UiWTrGGiN/2La4QkfbzUibrGnK/EPrtg+djUEIUQwxbH1aILAwr580gons
DZdTkuKSCmjDQCNNKjHUyeIlMiW3yeV+lBCG0GMmSqswneWva3g4rsARxO1fZ8am
wCJJKAThYuaX9u0BXf29VvC9jTT7gCKxDwyihe+moAu0hCXF5wBY+p/T7I8EowOq
65uVpe2Xsnf9HMPNjZarbxZvAO8om9aAEzI+3Mljdyzp8U5JnnI=
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:36:25 2025 by rpki-client