Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/LBqky0saFQcJqxSglq5ArLMScd0.roa
File: LBqky0saFQcJqxSglq5ArLMScd0.roa (raw, json)
Hash identifier: 5QwjpuX5df3IpXFqNYpfYdJmbtxrBaBGxj+oByEIq7c=
Subject key identifier: 2C:1A:A4:CB:4B:1A:15:07:09:AB:14:A0:96:AE:40:AC:B3:12:71:DD
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1DBC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LBqky0saFQcJqxSglq5ArLMScd0.roa
Signing time: Sun 15 Jun 2025 17:39:59 +0000
ROA not before: Sun 15 Jun 2025 17:39:59 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7612 (0x1dbc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 15 17:39:59 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=2C1AA4CB4B1A150709AB14A096AE40ACB31271DD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:2a:f6:62:8c:1e:79:e1:b9:06:2a:2e:c4:53:
dd:11:a2:c7:b6:dd:91:0b:d6:d8:fa:02:fe:75:72:
dc:46:1d:e2:2a:bc:66:5c:e4:75:68:54:cd:75:ba:
de:7b:e0:ef:fb:16:e8:5b:e7:48:66:c6:95:35:8b:
8d:a3:25:63:80:22:37:da:d5:08:4a:65:8c:14:b7:
99:ab:4a:bd:1a:93:93:5c:64:f1:00:c8:c5:3c:d1:
c6:0a:7d:6c:49:86:e9:59:9a:5e:fe:47:ba:f6:2c:
a9:6c:a3:4b:15:d2:55:02:a5:72:3c:08:14:27:d9:
8e:25:71:9a:79:78:47:4d:01:5f:d4:aa:49:08:67:
2c:43:58:eb:eb:0f:a5:66:84:d6:61:a2:c4:d2:aa:
96:32:70:fa:05:b0:b2:d2:b6:1a:f4:66:f9:a1:84:
4a:b6:5f:3e:5b:47:51:b1:a9:cf:f4:2f:5a:98:e8:
47:c8:84:dd:c2:5c:6e:c0:e9:5a:42:96:46:e6:3a:
1b:4c:c4:db:7e:a6:49:bb:07:7e:74:ac:73:10:48:
54:a1:84:6b:e4:0f:79:69:94:c9:97:d5:bd:a2:44:
b1:c5:2a:9f:04:34:a4:86:f5:69:40:7d:c2:a9:f0:
28:da:dd:14:67:4f:ee:8e:d6:58:05:bd:87:dd:2a:
7f:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:1A:A4:CB:4B:1A:15:07:09:AB:14:A0:96:AE:40:AC:B3:12:71:DD
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LBqky0saFQcJqxSglq5ArLMScd0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
02:b3:dc:0c:93:46:3a:a4:85:7c:e1:43:8b:03:74:d4:65:e2:
f9:6d:ac:fe:8a:89:8c:e7:7e:e6:62:02:09:29:ab:f7:c7:7e:
45:45:11:8c:1e:f9:68:c9:ad:29:0f:7e:84:d4:f0:50:fa:6b:
e8:2a:94:13:33:0f:81:7c:2e:bc:1c:b2:50:32:ee:f2:d7:d9:
56:14:c9:b8:fe:fc:fa:c8:3e:c9:3f:41:04:78:78:87:80:54:
1d:cf:fe:48:c0:0d:0e:32:f4:a5:4f:c9:63:89:1c:e9:6f:76:
2d:15:2b:81:64:1b:87:bb:8b:0f:37:59:15:0f:56:80:8e:ff:
f8:2d:0f:8c:c5:81:a5:4d:5f:e7:51:68:5a:35:dd:4b:a4:a9:
40:62:98:f1:00:8e:aa:bb:30:f8:f1:f6:0d:a7:92:00:86:1b:
0c:b9:88:92:7e:87:9e:a4:5d:43:a3:d5:fc:ca:48:0d:f3:80:
07:b7:77:ef:06:d1:bb:1d:ad:d2:44:c6:4b:a8:24:17:17:9e:
07:e4:60:7c:a4:55:56:95:bb:de:57:ec:ad:eb:a1:fe:e4:8e:
7c:82:25:e6:4d:01:24:5c:4a:0c:1c:1b:d1:c1:59:3a:61:18:
be:d2:a3:19:2f:9d:f4:a8:bb:b8:25:bc:60:95:ec:5a:0f:a5:
ed:21:6e:93
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHbwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTUx
NzM5NTlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDJDMUFBNENCNEIxQTE1
MDcwOUFCMTRBMDk2QUU0MEFDQjMxMjcxREQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDaKvZijB554bkGKi7EU90Rose23ZEL1tj6Av51ctxGHeIqvGZc
5HVoVM11ut574O/7Fuhb50hmxpU1i42jJWOAIjfa1QhKZYwUt5mrSr0ak5NcZPEA
yMU80cYKfWxJhulZml7+R7r2LKlso0sV0lUCpXI8CBQn2Y4lcZp5eEdNAV/UqkkI
ZyxDWOvrD6VmhNZhosTSqpYycPoFsLLSthr0ZvmhhEq2Xz5bR1Gxqc/0L1qY6EfI
hN3CXG7A6VpClkbmOhtMxNt+pkm7B350rHMQSFShhGvkD3lplMmX1b2iRLHFKp8E
NKSG9WlAfcKp8Cja3RRnT+6O1lgFvYfdKn/lAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQULBqky0saFQcJqxSglq5ArLMScd0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9MQnFreTBzYUZRY0pxeFNn
bHE1QXJMTVNjZDAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAAKz3AyTRjqkhXzhQ4sDdNRl4vltrP6KiYzn
fuZiAgkpq/fHfkVFEYwe+WjJrSkPfoTU8FD6a+gqlBMzD4F8LrwcslAy7vLX2VYU
ybj+/PrIPsk/QQR4eIeAVB3P/kjADQ4y9KVPyWOJHOlvdi0VK4FkG4e7iw83WRUP
VoCO//gtD4zFgaVNX+dRaFo13UukqUBimPEAjqq7MPjx9g2nkgCGGwy5iJJ+h56k
XUOj1fzKSA3zgAe3d+8G0bsdrdJExkuoJBcXngfkYHykVVaVu95X7K3rof7kjnyC
JeZNASRcSgwcG9HBWTphGL7SoxkvnfSou7glvGCV7FoPpe0hbpM=
-----END CERTIFICATE-----
Generated at Sun Jul 20 19:04:03 2025 by rpki-client