Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/xGIFw97pgVtatoBWS1JudG0AiT8.roa
File: xGIFw97pgVtatoBWS1JudG0AiT8.roa (raw, json)
Hash identifier: 1ic+MH1fahdIpDxu0E6KhLhp4RLWuPURBG2tsSd82eM=
Subject key identifier: C4:62:05:C3:DE:E9:81:5B:5A:B6:80:56:4B:52:6E:74:6D:00:89:3F
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0D8C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/xGIFw97pgVtatoBWS1JudG0AiT8.roa
Signing time: Sun 25 May 2025 03:38:32 +0000
ROA not before: Sun 25 May 2025 03:38:32 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3468 (0xd8c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 25 03:38:32 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=C46205C3DEE9815B5AB680564B526E746D00893F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:e1:19:b0:c5:a0:81:26:56:f2:7b:36:b3:59:
66:27:b2:66:f5:7e:2e:d9:c4:fc:da:a2:64:c7:61:
43:7b:df:51:47:25:f7:48:a2:8d:c0:59:57:69:e0:
03:a2:6c:19:2e:47:f3:ee:a8:ab:c1:05:30:5d:00:
5a:06:46:2c:6f:4f:6a:3b:18:46:3c:cb:0f:1e:c0:
86:96:1e:3a:26:83:40:f6:35:25:13:03:12:36:00:
c5:07:82:b6:ee:e1:ea:86:9f:be:07:4c:f6:91:59:
dc:8a:51:1e:61:6f:59:59:6e:c2:f7:42:0e:59:6f:
59:b2:aa:9a:4d:b6:5d:96:14:1b:4f:27:f2:07:4e:
35:96:7f:82:ef:63:a5:8e:d2:a4:c6:f1:2b:73:2b:
7c:17:b2:0d:60:18:78:23:db:19:b8:ba:a2:69:ac:
ec:67:d2:c5:fd:5c:da:9c:f3:b7:7b:97:c8:6e:e7:
9a:11:bf:0c:7d:6a:1f:e8:4e:e1:9e:cc:bf:0a:49:
2e:4a:cd:25:76:87:57:0a:64:28:cf:d7:e2:c4:b0:
1f:e0:c8:cb:55:63:b4:80:c4:39:c3:16:73:2d:7c:
46:53:8a:40:a2:b2:76:b8:03:5c:6d:ce:1c:fd:1a:
92:ea:8f:ed:51:f8:b3:74:9d:e9:cc:2c:c3:a7:5f:
bc:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:62:05:C3:DE:E9:81:5B:5A:B6:80:56:4B:52:6E:74:6D:00:89:3F
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/xGIFw97pgVtatoBWS1JudG0AiT8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
27:60:a9:3d:5e:f5:7a:24:99:65:fc:0e:46:f8:54:49:e2:87:
03:b1:3b:ff:01:6d:b8:35:3f:4e:ac:86:d9:3e:7e:b4:6e:f1:
09:ab:83:de:14:07:e4:93:e1:cb:f0:df:85:2b:c1:8d:67:d8:
8f:ab:bd:3b:a2:c1:67:65:59:dc:2d:0f:57:23:a0:d7:86:e0:
ee:ca:0a:cf:a5:ed:72:dc:58:3e:85:32:3a:7c:bf:fa:7d:6e:
67:e0:f6:84:68:73:23:3f:ec:90:60:d4:e7:48:53:57:74:16:
d9:0f:02:f3:e4:7c:74:76:fb:f0:3d:a4:3a:62:f6:6d:e8:03:
17:f4:5b:4f:a5:15:7b:fd:a5:4e:16:38:5e:29:bc:69:38:bc:
64:a5:60:67:2d:95:f8:01:7f:58:71:e5:9c:0e:05:62:a7:0f:
c1:3a:a5:05:a9:cd:94:b1:06:6d:47:53:88:d0:7e:5d:23:79:
37:73:b2:a8:f9:66:47:65:57:e8:5f:01:dd:d8:ca:d2:07:58:
9e:5d:94:0b:09:4e:df:db:74:13:ac:82:22:09:73:a5:1f:5e:
0b:2b:9d:65:2c:a0:30:e6:33:b2:49:8b:04:59:5b:11:8b:f4:
9d:d6:a7:5b:57:7b:72:2d:91:c5:d8:0c:eb:57:a8:fc:31:76:
a7:c8:ba:55
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDYwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjUw
MzM4MzJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEM0NjIwNUMzREVFOTgx
NUI1QUI2ODA1NjRCNTI2RTc0NkQwMDg5M0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCv4RmwxaCBJlbyezazWWYnsmb1fi7ZxPzaomTHYUN731FHJfdI
oo3AWVdp4AOibBkuR/PuqKvBBTBdAFoGRixvT2o7GEY8yw8ewIaWHjomg0D2NSUT
AxI2AMUHgrbu4eqGn74HTPaRWdyKUR5hb1lZbsL3Qg5Zb1myqppNtl2WFBtPJ/IH
TjWWf4LvY6WO0qTG8StzK3wXsg1gGHgj2xm4uqJprOxn0sX9XNqc87d7l8hu55oR
vwx9ah/oTuGezL8KSS5KzSV2h1cKZCjP1+LEsB/gyMtVY7SAxDnDFnMtfEZTikCi
sna4A1xtzhz9GpLqj+1R+LN0nenMLMOnX7zBAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUxGIFw97pgVtatoBWS1JudG0AiT8wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni94R0lGdzk3cGdWdGF0b0JX
UzFKdWRHMEFpVDgucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACdgqT1e9XokmWX8Dkb4VEnihwOxO/8Bbbg1
P06shtk+frRu8Qmrg94UB+ST4cvw34UrwY1n2I+rvTuiwWdlWdwtD1cjoNeG4O7K
Cs+l7XLcWD6FMjp8v/p9bmfg9oRocyM/7JBg1OdIU1d0FtkPAvPkfHR2+/A9pDpi
9m3oAxf0W0+lFXv9pU4WOF4pvGk4vGSlYGctlfgBf1hx5ZwOBWKnD8E6pQWpzZSx
Bm1HU4jQfl0jeTdzsqj5ZkdlV+hfAd3YytIHWJ5dlAsJTt/bdBOsgiIJc6UfXgsr
nWUsoDDmM7JJiwRZWxGL9J3Wp1tXe3ItkcXYDOtXqPwxdqfIulU=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:53:44 2025 by rpki-client