Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/zR23SZwnbHKWWGC0SAvTikSjkoU.roa
File: zR23SZwnbHKWWGC0SAvTikSjkoU.roa (raw, json)
Hash identifier: 65E6Y6tC2YmMWyW5/xCjQv7YTbAqpw0nrdA8Jpo9U8c=
Subject key identifier: CD:1D:B7:49:9C:27:6C:72:96:58:60:B4:48:0B:D3:8A:44:A3:92:85
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1940
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/zR23SZwnbHKWWGC0SAvTikSjkoU.roa
Signing time: Mon 09 Jun 2025 18:09:46 +0000
ROA not before: Mon 09 Jun 2025 18:09:46 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6464 (0x1940)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 9 18:09:46 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=CD1DB7499C276C72965860B4480BD38A44A39285
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:d5:62:31:16:8e:fd:86:20:25:66:f0:e6:81:
f8:3f:20:ac:18:ad:d3:be:08:af:56:9e:49:d1:ec:
4a:de:b6:5c:19:80:80:65:ea:34:9b:e7:0d:bd:13:
7d:ef:c9:4a:84:dc:23:3f:24:a0:d7:81:d0:2d:0e:
57:a6:c8:5c:05:34:4a:e4:a2:8c:24:25:4b:e8:0e:
a4:20:a3:bb:40:b9:ba:2c:06:a2:b3:52:d4:08:ca:
71:0c:e5:ca:99:63:9f:77:da:0c:ca:72:4f:d4:bd:
1b:41:fe:6b:0d:48:bf:fd:77:75:bf:0d:c3:15:c0:
66:ff:75:7a:d2:ac:9e:e3:87:68:0a:7a:35:09:bb:
e6:5c:80:56:31:ec:4b:b3:9a:ef:58:ac:26:ef:b0:
bd:2b:85:d8:cf:8e:82:77:d6:cb:bb:0c:11:0c:a2:
7c:25:6e:58:41:bb:a2:cf:51:51:9e:e8:18:ea:0e:
51:8d:05:9e:df:06:e2:93:b4:6f:ff:bc:dd:27:20:
f1:49:1c:70:b3:45:a8:6b:06:1a:79:65:03:17:e1:
d7:ab:3b:48:7a:41:9c:c4:ae:df:8d:b8:f2:0f:48:
b6:c9:39:35:cd:a7:f9:ed:72:9c:d3:37:7f:32:58:
62:e5:b7:ef:24:7a:c4:5b:02:4a:a9:95:1b:38:0c:
6f:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:1D:B7:49:9C:27:6C:72:96:58:60:B4:48:0B:D3:8A:44:A3:92:85
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/zR23SZwnbHKWWGC0SAvTikSjkoU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6f:1a:01:9d:0c:8a:c9:0c:aa:d7:30:d8:c5:04:47:4b:70:19:
eb:8a:1d:67:2f:5b:bf:22:84:85:a2:79:52:12:46:92:4c:67:
b9:b0:32:e5:46:44:d3:aa:70:ef:85:61:1d:a2:4d:ee:10:fd:
6c:37:35:32:dd:8d:fa:52:8a:ae:cc:6e:b9:be:84:1b:7f:34:
83:8a:12:f6:fd:a5:c4:9a:d9:28:20:46:59:31:77:31:5a:b2:
cc:19:be:8f:59:aa:84:3a:33:f4:e7:49:0e:f6:55:45:06:d6:
bb:5b:b4:75:cc:89:e2:7b:25:25:ae:78:44:a9:17:6c:0b:04:
84:93:ca:94:4d:e9:55:f4:72:3b:fa:2a:a8:34:a1:ad:30:d1:
8a:51:56:a7:26:de:ee:f2:7f:6c:48:05:fd:92:16:d3:3d:d2:
39:58:a0:5f:93:b4:82:15:68:2c:82:cb:34:5e:cd:8f:44:46:
2e:af:d2:08:d1:75:fe:d8:ec:91:b1:8c:d5:f8:fa:88:37:2f:
25:82:2c:34:a8:dd:3e:94:2d:a5:c6:67:26:41:bb:ec:b3:43:
66:f4:6d:fb:40:36:8d:4d:8b:c0:51:20:45:1d:aa:9f:32:84:
d4:ad:81:56:42:94:d5:f8:6e:68:25:3b:b9:1e:04:94:b9:a2:
e1:52:a3:36
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGUAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDkx
ODA5NDZaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKENEMURCNzQ5OUMyNzZD
NzI5NjU4NjBCNDQ4MEJEMzhBNDRBMzkyODUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/1WIxFo79hiAlZvDmgfg/IKwYrdO+CK9WnknR7EretlwZgIBl
6jSb5w29E33vyUqE3CM/JKDXgdAtDlemyFwFNErkoowkJUvoDqQgo7tAubosBqKz
UtQIynEM5cqZY5932gzKck/UvRtB/msNSL/9d3W/DcMVwGb/dXrSrJ7jh2gKejUJ
u+ZcgFYx7Euzmu9YrCbvsL0rhdjPjoJ31su7DBEMonwlblhBu6LPUVGe6BjqDlGN
BZ7fBuKTtG//vN0nIPFJHHCzRahrBhp5ZQMX4derO0h6QZzErt+NuPIPSLbJOTXN
p/ntcpzTN38yWGLlt+8kesRbAkqplRs4DG8vAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUzR23SZwnbHKWWGC0SAvTikSjkoUwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni96UjIzU1p3bmJIS1dXR0Mw
U0F2VGlrU2prb1Uucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAG8aAZ0MiskMqtcw2MUER0twGeuKHWcvW78i
hIWieVISRpJMZ7mwMuVGRNOqcO+FYR2iTe4Q/Ww3NTLdjfpSiq7Mbrm+hBt/NIOK
Evb9pcSa2SggRlkxdzFasswZvo9ZqoQ6M/TnSQ72VUUG1rtbtHXMieJ7JSWueESp
F2wLBISTypRN6VX0cjv6Kqg0oa0w0YpRVqcm3u7yf2xIBf2SFtM90jlYoF+TtIIV
aCyCyzRezY9ERi6v0gjRdf7Y7JGxjNX4+og3LyWCLDSo3T6ULaXGZyZBu+yzQ2b0
bftANo1Ni8BRIEUdqp8yhNStgVZClNX4bmglO7keBJS5ouFSozY=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:57:10 2025 by rpki-client