Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/xyc13nfE6ZTFt8w74EE7iXygVwU.roa
File: xyc13nfE6ZTFt8w74EE7iXygVwU.roa (raw, json)
Hash identifier: ruMwEzrwWlQ74BwQVLfw6EaS1ZaKXoKm7vOsyYd9MKs=
Subject key identifier: C7:27:35:DE:77:C4:E9:94:C5:B7:CC:3B:E0:41:3B:89:7C:A0:57:05
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0B78
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/xyc13nfE6ZTFt8w74EE7iXygVwU.roa
Signing time: Thu 22 May 2025 09:08:57 +0000
ROA not before: Thu 22 May 2025 09:08:57 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2936 (0xb78)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 22 09:08:57 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=C72735DE77C4E994C5B7CC3BE0413B897CA05705
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:95:2c:0e:83:2b:99:d3:80:e5:dd:66:96:9f:
5e:36:d7:32:3b:83:5f:6f:95:5c:59:6e:80:35:72:
74:e1:a9:d3:f0:72:5f:09:84:e2:d4:8d:43:6c:15:
14:33:04:44:68:d0:7f:93:fb:5e:3a:2e:46:17:c4:
75:59:52:e5:a0:98:6d:24:00:c5:e0:3b:f8:fd:8f:
b5:2f:74:03:51:86:bc:df:e6:d6:01:64:2e:d6:71:
51:d9:fd:63:c3:f8:10:14:ab:a5:ac:2b:12:50:4b:
6f:17:c9:62:39:4a:d6:33:6d:ec:03:38:86:68:13:
61:ab:f5:cd:ec:13:1b:29:2e:d0:4a:24:f2:c4:62:
27:9f:ec:f7:5c:77:c5:82:6a:99:44:67:70:3e:9c:
04:9e:1f:bc:27:03:1b:43:7c:18:dc:df:97:03:c6:
11:db:9f:dc:08:15:39:ea:d2:b1:e2:70:f3:aa:f1:
f2:f9:df:cf:a0:6a:d3:e1:45:f8:b4:19:89:57:5a:
f7:66:50:4a:2d:f1:1a:1f:ba:4d:6a:ed:6b:38:6b:
b4:09:ca:67:e3:6a:cc:63:ce:a5:12:ae:c3:b3:bb:
79:53:5f:ce:03:a1:e7:ec:c5:91:ac:23:64:0f:6c:
d9:bc:8e:c4:a0:fa:32:23:d5:7a:e9:8d:02:1e:d2:
2c:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:27:35:DE:77:C4:E9:94:C5:B7:CC:3B:E0:41:3B:89:7C:A0:57:05
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/xyc13nfE6ZTFt8w74EE7iXygVwU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3d:89:fc:1c:bf:c1:a9:16:8b:aa:fe:9f:e7:7d:49:ec:e1:36:
bc:d2:d0:7f:a5:8b:91:d8:23:e2:b0:d7:5a:c7:3f:9f:7e:29:
95:14:11:34:db:42:db:e2:d0:32:a4:0e:ff:08:25:aa:cd:21:
86:3f:11:e2:ef:49:48:2e:c0:bc:02:96:e3:ed:c2:93:af:df:
d0:59:fc:fc:98:3d:b9:22:f7:bd:a2:3f:87:22:f3:0a:52:82:
f0:2d:0b:4a:c9:de:b5:58:9b:4a:23:9a:d3:62:58:8e:91:87:
45:08:81:43:2c:dd:b0:bd:c9:64:02:53:b4:79:4a:59:44:de:
9e:4c:bf:9e:ea:e1:95:51:41:0d:fc:89:0c:37:03:f6:c2:26:
3c:65:c4:b4:c0:27:f5:98:d3:01:2b:5f:1c:8b:0b:6c:df:2a:
0d:95:ec:e8:35:7e:a6:b0:a8:01:92:db:ac:28:b8:da:41:8a:
17:7e:15:50:06:ad:a5:f1:a2:ac:52:19:6e:c2:8b:04:7d:d7:
f6:fd:8f:58:94:60:1d:40:1c:95:17:05:05:4b:67:c2:29:b2:
28:75:ef:58:93:19:7c:9e:ae:d4:83:a0:8b:33:f1:ff:0e:96:
b6:d2:13:96:e2:d7:5d:34:d9:70:62:bf:8a:ec:ce:d5:a1:16:
80:76:41:e2
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICC3gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjIw
OTA4NTdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEM3MjczNURFNzdDNEU5
OTRDNUI3Q0MzQkUwNDEzQjg5N0NBMDU3MDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDTlSwOgyuZ04Dl3WaWn1421zI7g19vlVxZboA1cnThqdPwcl8J
hOLUjUNsFRQzBERo0H+T+146LkYXxHVZUuWgmG0kAMXgO/j9j7UvdANRhrzf5tYB
ZC7WcVHZ/WPD+BAUq6WsKxJQS28XyWI5StYzbewDOIZoE2Gr9c3sExspLtBKJPLE
Yief7Pdcd8WCaplEZ3A+nASeH7wnAxtDfBjc35cDxhHbn9wIFTnq0rHicPOq8fL5
38+gatPhRfi0GYlXWvdmUEot8Rofuk1q7Ws4a7QJymfjasxjzqUSrsOzu3lTX84D
oefsxZGsI2QPbNm8jsSg+jIj1XrpjQIe0iwnAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUxyc13nfE6ZTFt8w74EE7iXygVwUwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni94eWMxM25mRTZaVEZ0OHc3
NEVFN2lYeWdWd1Uucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAD2J/By/wakWi6r+n+d9SezhNrzS0H+li5HY
I+Kw11rHP59+KZUUETTbQtvi0DKkDv8IJarNIYY/EeLvSUguwLwCluPtwpOv39BZ
/PyYPbki972iP4ci8wpSgvAtC0rJ3rVYm0ojmtNiWI6Rh0UIgUMs3bC9yWQCU7R5
SllE3p5Mv57q4ZVRQQ38iQw3A/bCJjxlxLTAJ/WY0wErXxyLC2zfKg2V7Og1fqaw
qAGS26wouNpBihd+FVAGraXxoqxSGW7CiwR91/b9j1iUYB1AHJUXBQVLZ8Ipsih1
71iTGXyertSDoIsz8f8OlrbSE5bi11002XBiv4rsztWhFoB2QeI=
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:43:02 2025 by rpki-client