Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/9RubUIXTQwQZhm2jwtvEKpL5Fsw.roa
File: 9RubUIXTQwQZhm2jwtvEKpL5Fsw.roa (raw, json)
Hash identifier: b0Ew+YpsrP40P6JWOFiyrUmwxNWQQIOj7Nowd+J6hPo=
Subject key identifier: F5:1B:9B:50:85:D3:43:04:19:86:6D:A3:C2:DB:C4:2A:92:F9:16:CC
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2440
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/9RubUIXTQwQZhm2jwtvEKpL5Fsw.roa
Signing time: Tue 24 Jun 2025 21:42:02 +0000
ROA not before: Tue 24 Jun 2025 21:42:02 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9280 (0x2440)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 24 21:42:02 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=F51B9B5085D3430419866DA3C2DBC42A92F916CC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:70:05:48:45:53:e1:cc:93:e1:c2:eb:4f:7b:
c8:f9:3f:41:dd:82:31:55:21:28:7c:35:dc:3d:16:
3a:b8:a8:70:53:20:c0:cd:75:db:f0:30:34:81:2f:
9c:6f:dc:e5:1c:e5:8a:36:58:1f:92:b3:dd:69:f9:
dd:ed:fa:20:a1:4b:ed:66:93:5a:51:86:ce:11:bd:
06:6d:3b:09:98:50:c0:0b:4a:23:81:d0:f5:ff:31:
ed:f3:09:6d:75:58:3e:01:71:45:19:7b:39:be:f9:
37:19:d3:36:f8:d9:7e:5a:4d:59:c0:1f:25:b8:9e:
03:de:f7:55:7a:ab:71:5b:c7:6e:20:7c:80:9b:2b:
ab:77:ec:1f:4c:0f:b2:8a:55:ca:2c:03:d2:fe:6c:
e0:71:a4:13:3b:96:85:bc:51:88:e7:c9:78:7c:a0:
e7:31:79:df:c7:06:b3:5b:38:d8:df:15:0a:30:b0:
3f:8e:ad:c6:7f:85:a9:7f:cd:83:9c:b9:08:e8:09:
c8:17:a9:42:ca:87:52:48:0f:2f:88:9e:53:39:0f:
db:a1:06:80:55:1f:d1:35:d8:40:7f:3f:d7:18:e9:
3c:df:7e:fb:ec:6e:ab:7d:d6:22:fb:dc:6d:fa:00:
f4:95:7a:3e:a7:ac:20:d5:2d:bb:85:91:2d:10:ff:
db:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:1B:9B:50:85:D3:43:04:19:86:6D:A3:C2:DB:C4:2A:92:F9:16:CC
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/9RubUIXTQwQZhm2jwtvEKpL5Fsw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9f:f2:e6:be:f2:9e:a2:6b:b9:b7:3b:1b:3e:5b:3b:71:b9:f6:
e3:d1:61:b9:fd:0d:ea:2b:91:be:5a:27:12:45:d7:d7:18:94:
8c:72:28:7a:19:f2:4b:7c:74:9d:0e:4f:d7:17:18:c2:be:d1:
92:4f:c8:5a:fe:0f:74:80:9a:bf:41:dd:d3:e4:43:e8:39:9b:
88:70:22:7c:b4:16:d8:b2:7e:f3:b5:4a:ff:2e:08:ae:78:c4:
37:27:5a:fa:0c:09:82:9a:1f:5f:83:89:92:b7:28:19:da:1e:
a1:54:38:fb:ad:a2:60:37:ef:8e:5c:dc:f1:34:9b:9b:3c:e2:
46:5a:c1:16:61:11:03:87:34:55:da:c8:1f:b8:77:7f:f2:7e:
59:e6:62:df:96:8e:9e:a8:ac:8c:db:9a:b4:4d:03:40:7b:c6:
e0:d5:2b:e6:c8:52:14:5d:16:44:4e:7e:08:bf:60:ba:11:47:
fc:12:bb:14:bc:ba:26:64:5f:63:ef:f2:d5:85:8f:9a:d8:a2:
ea:09:1b:02:14:88:5f:b6:8c:f8:30:ed:42:48:32:01:41:45:
5c:f7:21:96:ed:9c:da:db:2b:19:95:1c:d9:16:83:2f:da:56:
d2:15:7b:7d:1e:7d:ad:8b:03:2f:84:dc:83:a9:21:52:0b:ef:
ae:1b:d3:91
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICJEAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjQy
MTQyMDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEY1MUI5QjUwODVEMzQz
MDQxOTg2NkRBM0MyREJDNDJBOTJGOTE2Q0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCfcAVIRVPhzJPhwutPe8j5P0HdgjFVISh8Ndw9Fjq4qHBTIMDN
ddvwMDSBL5xv3OUc5Yo2WB+Ss91p+d3t+iChS+1mk1pRhs4RvQZtOwmYUMALSiOB
0PX/Me3zCW11WD4BcUUZezm++TcZ0zb42X5aTVnAHyW4ngPe91V6q3Fbx24gfICb
K6t37B9MD7KKVcosA9L+bOBxpBM7loW8UYjnyXh8oOcxed/HBrNbONjfFQowsD+O
rcZ/hal/zYOcuQjoCcgXqULKh1JIDy+InlM5D9uhBoBVH9E12EB/P9cY6Tzffvvs
bqt91iL73G36APSVej6nrCDVLbuFkS0Q/9t1AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU9RubUIXTQwQZhm2jwtvEKpL5FswwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni85UnViVUlYVFF3UVpobTJq
d3R2RUtwTDVGc3cucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAJ/y5r7ynqJrubc7Gz5bO3G59uPRYbn9Deor
kb5aJxJF19cYlIxyKHoZ8kt8dJ0OT9cXGMK+0ZJPyFr+D3SAmr9B3dPkQ+g5m4hw
Iny0FtiyfvO1Sv8uCK54xDcnWvoMCYKaH1+DiZK3KBnaHqFUOPutomA3745c3PE0
m5s84kZawRZhEQOHNFXayB+4d3/yflnmYt+Wjp6orIzbmrRNA0B7xuDVK+bIUhRd
FkROfgi/YLoRR/wSuxS8uiZkX2Pv8tWFj5rYouoJGwIUiF+2jPgw7UJIMgFBRVz3
IZbtnNrbKxmVHNkWgy/aVtIVe30efa2LAy+E3IOpIVIL764b05E=
-----END CERTIFICATE-----
Generated at Sun Jul 20 23:16:12 2025 by rpki-client