Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/AK1hg5lWOfp3AGH9LWRqsBBVgvQ.roa
File: AK1hg5lWOfp3AGH9LWRqsBBVgvQ.roa (raw, json)
Hash identifier: t56snRsL75dDldPqXD8nPLsEgbyyjdahvaGAzqPIb3E=
Subject key identifier: 00:AD:61:83:99:56:39:FA:77:00:61:FD:2D:64:6A:B0:10:55:82:F4
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2298
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/AK1hg5lWOfp3AGH9LWRqsBBVgvQ.roa
Signing time: Sun 22 Jun 2025 16:41:49 +0000
ROA not before: Sun 22 Jun 2025 16:41:49 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8856 (0x2298)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 22 16:41:49 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=00AD6183995639FA770061FD2D646AB0105582F4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:42:56:56:f1:1a:31:ce:d5:2b:e6:48:c2:7c:
b0:cc:7c:e8:3d:d3:20:ec:a9:ab:8b:06:45:79:2f:
da:a3:1c:81:75:7e:17:f9:11:57:df:5f:c5:7f:9b:
0e:79:36:30:41:51:59:62:81:69:8d:97:a3:a3:51:
94:d1:04:f8:34:03:7d:61:ca:b6:29:5f:91:41:59:
6a:f8:5d:96:95:22:4d:2d:d0:44:6f:43:dc:9a:a7:
76:2f:5a:97:67:00:d7:23:3f:78:1c:41:a8:f1:2a:
58:13:9a:74:65:b4:0c:8e:4a:da:6c:e7:32:7c:fc:
df:25:bd:68:3d:d1:52:43:d4:9c:ec:d4:90:a3:e9:
f4:d0:ff:f3:ab:da:07:bd:1c:f3:a3:96:ba:8c:76:
a9:df:ae:01:f9:fc:68:65:6f:85:10:f9:b9:53:98:
2d:ed:68:8a:60:04:52:ae:fe:07:66:6a:56:b1:a5:
9a:07:0c:7f:78:42:8c:d9:88:e9:a7:37:2b:33:ad:
73:03:f7:56:6c:f3:3a:26:30:11:70:f2:fe:c0:3f:
d1:b8:33:cd:b9:e7:5b:91:13:20:58:2c:be:81:d8:
89:93:b2:d3:0b:cc:7e:54:59:30:20:ef:b4:9e:da:
23:52:f4:0c:bb:da:44:c2:02:68:96:64:26:30:f4:
87:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:AD:61:83:99:56:39:FA:77:00:61:FD:2D:64:6A:B0:10:55:82:F4
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/AK1hg5lWOfp3AGH9LWRqsBBVgvQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4c:83:60:a8:11:33:26:ec:c1:5f:1c:d2:c8:f9:c1:6d:9f:fc:
1e:48:2b:26:81:13:be:6c:57:75:95:c8:76:54:f7:06:65:a4:
bf:85:58:29:2c:c9:42:b7:5f:f9:be:ac:6d:49:88:6b:c7:c3:
b8:09:fc:b6:79:d9:ee:87:18:86:72:31:06:dd:26:9f:08:f7:
e3:d8:a2:a9:ce:a3:91:92:8b:52:dc:69:2d:e0:4e:d4:47:ef:
9c:25:dd:ff:b8:2e:8b:98:34:34:d2:37:e0:4a:d8:41:8d:4e:
7a:58:c9:13:e0:ab:79:55:b1:29:a2:ee:08:b7:18:f3:d6:d2:
d6:6e:28:13:ac:71:9c:2e:f5:dd:7a:2b:0c:00:92:4d:42:51:
cf:9c:b5:45:1e:53:4c:c1:99:b3:8b:85:e7:e8:40:60:35:ad:
1f:54:1a:19:22:77:1d:65:63:84:95:2d:e2:76:39:26:08:6e:
06:28:49:c4:c1:6d:95:24:49:f9:a5:99:bc:54:d7:cb:c7:50:
e0:b1:4e:23:ef:02:a8:f6:84:be:8c:99:12:5f:e3:ec:cf:a5:
eb:c9:ce:6e:6e:91:48:b0:08:27:f0:d2:10:fc:73:37:68:f0:
64:4a:67:6a:e7:71:d2:c1:4b:19:91:de:0b:a5:d7:7d:5d:da:
e1:6a:0d:01
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIpgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjIx
NjQxNDlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDAwQUQ2MTgzOTk1NjM5
RkE3NzAwNjFGRDJENjQ2QUIwMTA1NTgyRjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+QlZW8RoxztUr5kjCfLDMfOg90yDsqauLBkV5L9qjHIF1fhf5
EVffX8V/mw55NjBBUVligWmNl6OjUZTRBPg0A31hyrYpX5FBWWr4XZaVIk0t0ERv
Q9yap3YvWpdnANcjP3gcQajxKlgTmnRltAyOStps5zJ8/N8lvWg90VJD1Jzs1JCj
6fTQ//Or2ge9HPOjlrqMdqnfrgH5/Ghlb4UQ+blTmC3taIpgBFKu/gdmalaxpZoH
DH94QozZiOmnNyszrXMD91Zs8zomMBFw8v7AP9G4M82551uREyBYLL6B2ImTstML
zH5UWTAg77Se2iNS9Ay72kTCAmiWZCYw9Ie7AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUAK1hg5lWOfp3AGH9LWRqsBBVgvQwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9BSzFoZzVsV09mcDNBR0g5
TFdScXNCQlZndlEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAEyDYKgRMybswV8c0sj5wW2f/B5IKyaBE75s
V3WVyHZU9wZlpL+FWCksyUK3X/m+rG1JiGvHw7gJ/LZ52e6HGIZyMQbdJp8I9+PY
oqnOo5GSi1LcaS3gTtRH75wl3f+4LouYNDTSN+BK2EGNTnpYyRPgq3lVsSmi7gi3
GPPW0tZuKBOscZwu9d16KwwAkk1CUc+ctUUeU0zBmbOLhefoQGA1rR9UGhkidx1l
Y4SVLeJ2OSYIbgYoScTBbZUkSfmlmbxU18vHUOCxTiPvAqj2hL6MmRJf4+zPpevJ
zm5ukUiwCCfw0hD8czdo8GRKZ2rncdLBSxmR3gul131d2uFqDQE=
-----END CERTIFICATE-----
Generated at Sun Jul 20 19:20:08 2025 by rpki-client