Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/yUvn8MQ75-PrZfUYEy40-6TizjM.roa
File: yUvn8MQ75-PrZfUYEy40-6TizjM.roa (raw, json)
Hash identifier: YKX/uMwcjbyS1xixbOmjp4omrUXHOPtio3KwWQGk+mI=
Subject key identifier: C9:4B:E7:F0:C4:3B:E7:E3:EB:65:F5:18:13:2E:34:FB:A4:E2:CE:33
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1724
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/yUvn8MQ75-PrZfUYEy40-6TizjM.roa
Signing time: Fri 06 Jun 2025 22:39:28 +0000
ROA not before: Fri 06 Jun 2025 22:39:28 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5924 (0x1724)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 6 22:39:28 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=C94BE7F0C43BE7E3EB65F518132E34FBA4E2CE33
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:c8:a4:7c:6a:72:53:4a:a4:86:02:d1:0c:63:
23:0c:b4:ab:a0:45:b3:f2:ba:bc:94:df:ef:ab:e3:
93:8d:cc:b0:58:ff:10:6b:27:21:c7:63:62:a1:ac:
70:34:25:88:a5:42:89:22:c6:a4:73:92:8f:f0:ed:
4f:d7:25:31:6d:58:f2:73:c5:fe:a1:e8:fc:a3:b6:
b7:62:bc:fe:f9:c5:16:94:d9:5a:72:97:ef:6c:90:
45:db:dd:b2:0a:d9:1c:4b:02:8f:af:95:9d:d0:63:
e9:51:15:ca:0e:9f:88:94:d7:b0:bb:20:34:f8:60:
05:29:d6:1f:b3:5f:9c:a3:a2:ea:71:70:91:9f:97:
fd:7c:be:18:d8:fb:ab:70:5b:ec:d5:b8:7d:2a:9c:
ea:10:79:31:9c:ad:e2:34:bb:18:9e:8f:e8:65:09:
f1:a8:eb:99:03:f0:b5:13:60:40:36:fe:0a:fa:50:
b9:c2:bd:ac:88:88:16:3b:cb:04:90:2e:6d:e6:f5:
de:5f:33:cd:cb:c6:17:5b:17:59:d8:a2:de:04:ac:
7e:3c:c2:fe:59:8c:ae:00:8e:94:0d:65:ed:94:7d:
be:eb:a7:4f:6e:d5:62:8a:d9:29:bf:96:ee:1a:36:
d3:48:82:6e:2b:de:72:16:82:2b:30:26:45:6c:b4:
89:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:4B:E7:F0:C4:3B:E7:E3:EB:65:F5:18:13:2E:34:FB:A4:E2:CE:33
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/yUvn8MQ75-PrZfUYEy40-6TizjM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8c:4a:0e:38:b7:8a:dc:c2:c7:33:4a:61:af:3c:01:2d:ec:bb:
93:41:60:5d:8c:f2:be:e1:ee:84:fd:12:0a:10:a5:e2:fb:bb:
ee:fe:67:9c:73:dd:30:9c:29:8e:5c:a9:f3:e4:c9:58:6b:b1:
b9:d4:f5:43:d8:41:ed:45:b9:6a:50:a0:31:0f:4f:8d:ee:58:
ef:ef:fb:a9:00:7f:bc:ad:ee:21:93:00:60:8f:23:5b:8c:93:
ff:da:ba:ae:72:a1:35:19:81:c5:83:c2:55:c9:fb:b2:be:ec:
3c:15:38:44:17:d9:9d:82:ac:d6:f9:a0:35:8b:08:0a:cf:c0:
31:72:c9:03:34:d1:bb:48:2d:c3:07:ab:87:3a:68:6b:23:f8:
2f:e0:64:6e:99:28:41:1b:68:82:f0:5b:8c:0d:0e:31:b2:bb:
99:7a:ad:e0:65:7f:90:e0:45:6d:a4:57:a3:cc:c1:40:f1:fe:
54:b5:f8:98:c2:87:87:da:92:d1:4b:ad:84:b7:89:9c:57:4d:
27:1d:6b:d1:37:14:06:32:b2:03:30:83:b1:9a:71:23:ea:61:
df:53:74:07:da:48:80:86:d6:f9:84:f0:5b:12:25:0f:4e:53:
44:de:d4:45:57:ad:eb:33:71:8b:66:b6:3e:34:cb:ed:25:00:
7d:25:c3:21
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFyQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDYy
MjM5MjhaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEM5NEJFN0YwQzQzQkU3
RTNFQjY1RjUxODEzMkUzNEZCQTRFMkNFMzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOyKR8anJTSqSGAtEMYyMMtKugRbPyuryU3++r45ONzLBY/xBr
JyHHY2KhrHA0JYilQokixqRzko/w7U/XJTFtWPJzxf6h6PyjtrdivP75xRaU2Vpy
l+9skEXb3bIK2RxLAo+vlZ3QY+lRFcoOn4iU17C7IDT4YAUp1h+zX5yjoupxcJGf
l/18vhjY+6twW+zVuH0qnOoQeTGcreI0uxiej+hlCfGo65kD8LUTYEA2/gr6ULnC
vayIiBY7ywSQLm3m9d5fM83LxhdbF1nYot4ErH48wv5ZjK4AjpQNZe2Ufb7rp09u
1WKK2Sm/lu4aNtNIgm4r3nIWgiswJkVstIlpAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUyUvn8MQ75+PrZfUYEy40+6TizjMwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni95VXZuOE1RNzUtUHJaZlVZ
RXk0MC02VGl6ak0ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIxKDji3itzCxzNKYa88AS3su5NBYF2M8r7h
7oT9EgoQpeL7u+7+Z5xz3TCcKY5cqfPkyVhrsbnU9UPYQe1FuWpQoDEPT43uWO/v
+6kAf7yt7iGTAGCPI1uMk//auq5yoTUZgcWDwlXJ+7K+7DwVOEQX2Z2CrNb5oDWL
CArPwDFyyQM00btILcMHq4c6aGsj+C/gZG6ZKEEbaILwW4wNDjGyu5l6reBlf5Dg
RW2kV6PMwUDx/lS1+JjCh4faktFLrYS3iZxXTScda9E3FAYysgMwg7GacSPqYd9T
dAfaSICG1vmE8FsSJQ9OU0Te1EVXreszcYtmtj40y+0lAH0lwyE=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:55:15 2025 by rpki-client