Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/x4Z4JFrGzN5jClvCafM07abz2VE.roa
File: x4Z4JFrGzN5jClvCafM07abz2VE.roa (raw, json)
Hash identifier: vn2m7130mvlaNGmdb8L3+zX2EoDz+25f8Tpv/s1220I=
Subject key identifier: C7:86:78:24:5A:C6:CC:DE:63:0A:5B:C2:69:F3:34:ED:A6:F3:D9:51
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 21E8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/x4Z4JFrGzN5jClvCafM07abz2VE.roa
Signing time: Sat 21 Jun 2025 18:41:52 +0000
ROA not before: Sat 21 Jun 2025 18:41:52 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8680 (0x21e8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 21 18:41:52 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=C78678245AC6CCDE630A5BC269F334EDA6F3D951
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:67:60:c2:bf:8b:a3:84:3a:26:40:89:0a:97:
c9:5b:6f:14:97:33:60:85:ea:30:9e:7a:9e:7e:89:
f9:9f:dd:de:a0:d8:b8:04:04:6e:e7:46:3e:58:08:
7f:8f:ce:b2:5f:30:d1:01:fd:54:96:15:ef:83:c3:
d1:df:e6:11:09:8e:fe:29:32:d6:9e:bf:6b:ef:af:
64:35:cf:79:92:8f:aa:47:dd:11:b9:c2:37:ff:39:
5d:f6:68:1a:4b:25:13:83:60:ca:b3:f9:6d:5b:14:
1b:95:c7:5a:ad:c3:7e:6d:3e:84:7e:f6:3c:5d:73:
bf:5d:c5:46:49:d9:1a:05:04:7d:ef:47:af:03:57:
96:5b:df:f4:32:72:7b:56:02:ee:77:7d:bb:7b:55:
c2:97:52:ad:30:73:56:d8:52:f3:4f:c1:ac:30:cb:
bc:f1:1f:9f:f1:1a:b6:4a:dd:c5:c1:f3:82:c3:9d:
8e:ef:4b:91:ca:bc:e3:c4:ca:4d:e5:33:30:51:bd:
5c:8a:7e:b1:b3:db:81:e7:bc:0a:52:12:a8:ba:b3:
9a:63:f2:1b:98:c2:84:e9:fe:c3:34:d0:ca:78:fd:
16:51:ee:2c:1a:75:55:55:e8:ea:cd:3c:66:ca:3f:
9d:58:89:21:2d:9c:5b:25:dc:ef:3c:4f:0b:3a:be:
23:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:86:78:24:5A:C6:CC:DE:63:0A:5B:C2:69:F3:34:ED:A6:F3:D9:51
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/x4Z4JFrGzN5jClvCafM07abz2VE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
63:34:0f:57:f9:a6:09:52:36:92:77:a8:38:98:31:0b:d2:14:
3c:03:b0:f1:82:f5:21:ad:12:40:93:0e:d8:16:35:1d:b4:8e:
9b:bd:ac:90:f8:fa:1c:ce:70:a5:fc:69:a7:ac:3d:95:a1:bc:
9e:ad:1f:8c:6c:d2:4c:05:eb:28:d4:7f:d5:61:81:39:fd:4e:
a8:31:63:8a:c1:fe:91:fd:f8:c3:91:66:95:6f:b2:9d:65:22:
66:d7:3e:cf:5d:fc:10:04:e1:c1:7c:ac:1c:cf:c4:17:89:f0:
f2:18:f2:d8:b6:a2:e0:5e:82:be:15:51:08:ac:68:cb:59:7f:
04:b3:e7:a3:ba:7e:8b:5d:6f:34:3c:be:3e:e0:33:b7:b5:0e:
cb:25:72:fd:d3:02:50:10:88:5a:cb:9d:2b:89:07:9b:38:04:
d2:f2:a8:d3:12:6a:2b:28:71:8a:94:31:d8:7e:85:51:d8:e1:
36:51:12:6c:ef:c2:59:da:df:ef:3c:f1:33:f3:44:a8:80:78:
8a:fa:a1:4b:1a:e7:a5:08:4d:2a:ce:83:ff:8f:af:5d:fd:5f:
3b:98:6f:15:40:ce:a6:0b:dc:d8:9e:78:14:57:f2:5b:85:16:
53:59:27:57:80:81:13:8c:55:f5:39:0b:55:a8:39:8e:c9:70:
c7:ee:1e:c0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIegwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjEx
ODQxNTJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEM3ODY3ODI0NUFDNkND
REU2MzBBNUJDMjY5RjMzNEVEQTZGM0Q5NTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCrZ2DCv4ujhDomQIkKl8lbbxSXM2CF6jCeep5+ifmf3d6g2LgE
BG7nRj5YCH+PzrJfMNEB/VSWFe+Dw9Hf5hEJjv4pMtaev2vvr2Q1z3mSj6pH3RG5
wjf/OV32aBpLJRODYMqz+W1bFBuVx1qtw35tPoR+9jxdc79dxUZJ2RoFBH3vR68D
V5Zb3/QycntWAu53fbt7VcKXUq0wc1bYUvNPwawwy7zxH5/xGrZK3cXB84LDnY7v
S5HKvOPEyk3lMzBRvVyKfrGz24HnvApSEqi6s5pj8huYwoTp/sM00Mp4/RZR7iwa
dVVV6OrNPGbKP51YiSEtnFsl3O88Tws6viOvAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUx4Z4JFrGzN5jClvCafM07abz2VEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni94NFo0SkZyR3pONWpDbHZD
YWZNMDdhYnoyVkUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAGM0D1f5pglSNpJ3qDiYMQvSFDwDsPGC9SGt
EkCTDtgWNR20jpu9rJD4+hzOcKX8aaesPZWhvJ6tH4xs0kwF6yjUf9VhgTn9Tqgx
Y4rB/pH9+MORZpVvsp1lImbXPs9d/BAE4cF8rBzPxBeJ8PIY8ti2ouBegr4VUQis
aMtZfwSz56O6fotdbzQ8vj7gM7e1Dsslcv3TAlAQiFrLnSuJB5s4BNLyqNMSaiso
cYqUMdh+hVHY4TZREmzvwlna3+888TPzRKiAeIr6oUsa56UITSrOg/+Pr139XzuY
bxVAzqYL3NieeBRX8luFFlNZJ1eAgROMVfU5C1WoOY7JcMfuHsA=
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:10:41 2025 by rpki-client