Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/I8S3D6KGnIdgwb-sff8t4SQ9mqs.roa
File: I8S3D6KGnIdgwb-sff8t4SQ9mqs.roa (raw, json)
Hash identifier: evBwv9kQlIdvNkpfEPDFpTelIVIFSLis23tZTbgRMZE=
Subject key identifier: 23:C4:B7:0F:A2:86:9C:87:60:C1:BF:AC:7D:FF:2D:E1:24:3D:9A:AB
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1F30
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/I8S3D6KGnIdgwb-sff8t4SQ9mqs.roa
Signing time: Tue 17 Jun 2025 16:10:17 +0000
ROA not before: Tue 17 Jun 2025 16:10:17 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7984 (0x1f30)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 17 16:10:17 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=23C4B70FA2869C8760C1BFAC7DFF2DE1243D9AAB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:2e:e3:99:3b:38:de:af:26:77:d3:cf:e8:3b:
78:03:37:52:3a:d8:4c:8c:f0:28:68:d4:a8:d8:69:
aa:a1:fc:24:18:de:11:85:41:06:5a:17:d0:bb:00:
90:0d:35:7e:61:59:6d:0b:0a:4a:47:2b:f3:85:61:
3c:7d:24:44:f6:cd:90:fc:95:a0:f2:74:52:d3:dc:
a3:8b:23:39:d9:17:bc:71:ea:96:77:00:80:1a:af:
a6:f7:c0:10:79:51:8e:78:d6:da:41:7d:8c:9b:37:
84:3a:b7:1b:d1:01:40:9f:1c:cf:c4:1c:60:37:5b:
0d:80:e7:4c:67:11:cc:b2:d4:d0:36:19:48:ea:7f:
b9:b8:0a:eb:4c:8e:70:66:62:23:47:2c:fb:a6:20:
c8:f2:ce:9d:e0:8c:5d:7b:c4:f3:1a:9e:d2:a9:e8:
15:1d:9c:8d:56:27:0e:88:fb:8c:96:a6:58:c5:6b:
5a:8d:70:88:af:13:d0:e6:ff:0d:5d:d1:b8:34:fa:
41:17:0e:b0:c0:23:c6:46:17:8e:e9:1e:42:22:f8:
4c:7e:17:fd:f6:8b:a5:7e:4f:13:91:a0:1c:17:29:
8f:82:b9:a9:e7:61:93:8a:0a:7c:97:9e:f6:69:e8:
f9:7d:b1:34:82:1d:a9:1c:86:9f:d6:d7:8c:00:96:
b5:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:C4:B7:0F:A2:86:9C:87:60:C1:BF:AC:7D:FF:2D:E1:24:3D:9A:AB
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/I8S3D6KGnIdgwb-sff8t4SQ9mqs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5a:d2:a3:fc:92:e8:c4:30:1d:e9:bb:36:59:91:d6:09:a6:b4:
26:49:f8:45:8f:9d:4c:7f:a7:a7:39:34:78:b7:30:df:a7:e1:
a9:62:5d:ac:2c:28:0c:fd:5e:4a:c0:4e:5d:67:56:9d:4a:0b:
9d:4e:e8:04:80:f0:84:d8:95:fd:56:7a:1f:ee:7c:b0:91:ac:
72:4b:03:40:72:83:df:5e:71:cb:a0:71:53:37:19:15:7f:68:
3b:33:50:d4:4f:b2:02:c8:df:68:6a:c4:48:ba:3b:74:2b:ca:
3d:13:d5:5f:d7:e3:16:8c:50:de:48:89:dc:c5:d3:37:35:8b:
1b:18:19:1c:62:72:47:29:80:de:72:be:1f:9c:58:c6:3d:86:
f1:0d:78:31:1b:ac:a7:91:fa:6b:6e:58:c5:37:3e:21:f4:b0:
8d:2e:e8:c0:75:1f:61:62:af:24:59:a5:ea:36:4a:a9:6c:b9:
71:15:3f:ff:6d:a2:a9:20:0c:1a:ec:5b:b6:2c:f8:a3:b9:51:
8a:8c:63:4f:ff:be:1a:66:ba:15:66:e9:7a:04:ca:55:53:be:
9a:db:f5:cd:3a:82:ab:29:b1:8b:69:86:1c:29:fc:df:93:ef:
36:89:08:c2:e9:3e:b3:f7:e3:e4:37:b6:94:7f:01:fc:70:ed:
f1:e7:f2:d2
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHzAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTcx
NjEwMTdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDIzQzRCNzBGQTI4NjlD
ODc2MEMxQkZBQzdERkYyREUxMjQzRDlBQUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4LuOZOzjeryZ308/oO3gDN1I62EyM8Cho1KjYaaqh/CQY3hGF
QQZaF9C7AJANNX5hWW0LCkpHK/OFYTx9JET2zZD8laDydFLT3KOLIznZF7xx6pZ3
AIAar6b3wBB5UY541tpBfYybN4Q6txvRAUCfHM/EHGA3Ww2A50xnEcyy1NA2GUjq
f7m4CutMjnBmYiNHLPumIMjyzp3gjF17xPMantKp6BUdnI1WJw6I+4yWpljFa1qN
cIivE9Dm/w1d0bg0+kEXDrDAI8ZGF47pHkIi+Ex+F/32i6V+TxORoBwXKY+Cuann
YZOKCnyXnvZp6Pl9sTSCHakchp/W14wAlrWTAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUI8S3D6KGnIdgwb+sff8t4SQ9mqswHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9JOFMzRDZLR25JZGd3Yi1z
ZmY4dDRTUTltcXMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAFrSo/yS6MQwHem7NlmR1gmmtCZJ+EWPnUx/
p6c5NHi3MN+n4aliXawsKAz9XkrATl1nVp1KC51O6ASA8ITYlf1Weh/ufLCRrHJL
A0Byg99eccugcVM3GRV/aDszUNRPsgLI32hqxEi6O3Qryj0T1V/X4xaMUN5IidzF
0zc1ixsYGRxickcpgN5yvh+cWMY9hvENeDEbrKeR+mtuWMU3PiH0sI0u6MB1H2Fi
ryRZpeo2SqlsuXEVP/9toqkgDBrsW7Ys+KO5UYqMY0//vhpmuhVm6XoEylVTvprb
9c06gqspsYtphhwp/N+T7zaJCMLpPrP34+Q3tpR/Afxw7fHn8tI=
-----END CERTIFICATE-----
Generated at Mon Jul 21 03:03:37 2025 by rpki-client