Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/M4MJlhN7q7worYOIbee20GhTlMY.roa
File: M4MJlhN7q7worYOIbee20GhTlMY.roa (raw, json)
Hash identifier: brthkZzyhUkrU8ccro7otSthd+JGsf8/Xwis4S7EZhM=
Subject key identifier: 33:83:09:96:13:7B:AB:BC:28:AD:83:88:6D:E7:B6:D0:68:53:94:C6
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1A90
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/M4MJlhN7q7worYOIbee20GhTlMY.roa
Signing time: Wed 11 Jun 2025 12:09:45 +0000
ROA not before: Wed 11 Jun 2025 12:09:45 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6800 (0x1a90)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 11 12:09:45 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=33830996137BABBC28AD83886DE7B6D0685394C6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:96:fa:64:c3:2f:a9:e7:e2:a3:97:99:04:86:
bf:13:9e:4a:cb:62:c2:77:b4:d3:2e:46:fe:d9:bc:
ef:13:fc:b4:fd:81:4f:96:f5:0d:5c:af:70:bd:31:
c1:d2:de:e7:32:97:ea:b3:a8:39:70:da:64:96:2d:
9b:a1:69:30:a3:61:3d:26:8b:9c:0a:9d:44:9d:da:
fc:18:66:50:80:e3:96:05:11:0f:0e:52:56:d3:62:
2a:33:2a:b7:f9:9b:ec:87:7b:59:27:5f:47:a9:84:
05:ca:2b:e0:4d:72:80:6e:a6:bd:8a:9a:99:c0:32:
1a:1c:d7:b1:8d:84:01:ae:4f:bb:2f:4e:51:a5:a0:
7f:31:60:45:11:8c:dd:ec:cb:bb:31:4b:67:ba:79:
de:51:77:17:9e:10:02:9a:b8:6c:22:ae:f9:f7:1c:
b0:b7:23:76:38:00:39:d6:17:00:8a:35:d0:9a:f0:
ea:6e:ac:8c:4b:f5:3c:b3:3d:67:52:6e:8e:06:a7:
f2:2f:fd:08:0c:d6:78:56:8e:7c:fb:82:1e:74:49:
97:1a:33:b2:07:f3:8a:98:28:b2:55:34:00:3b:82:
94:13:0a:7e:a0:f9:52:bb:87:b4:b9:3d:e2:df:9e:
fb:34:dc:f4:1f:4a:83:7c:88:01:fc:b2:f2:6b:b3:
31:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:83:09:96:13:7B:AB:BC:28:AD:83:88:6D:E7:B6:D0:68:53:94:C6
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/M4MJlhN7q7worYOIbee20GhTlMY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
10:e9:4a:d8:2b:3d:23:9c:55:c9:db:b0:26:98:ef:63:40:5f:
33:dd:76:9d:2e:5a:26:18:b9:5e:da:d0:5a:c7:ab:ea:80:3a:
94:9b:cb:ac:08:20:58:fb:7a:e2:bc:7b:af:d7:3c:2f:8b:1f:
01:e6:67:c7:30:6b:b4:03:88:05:c3:7d:dd:16:01:0c:65:87:
55:7a:7c:97:70:75:7a:f4:40:0f:72:cd:e7:46:fd:e6:21:7a:
d2:53:51:9d:24:af:ea:04:d7:71:fb:58:c7:ad:1c:3a:ef:52:
fc:dd:32:83:95:87:6d:bd:c2:a0:1a:71:38:ed:62:96:be:4c:
77:ce:72:af:19:5c:4e:7b:71:e1:78:03:c8:ba:92:dc:fc:cd:
16:80:65:02:5a:64:af:84:58:de:3f:76:58:4c:ce:7c:53:fb:
38:34:05:b1:24:47:99:ff:ee:88:f8:ce:38:47:07:1e:85:1e:
dd:bd:1b:4c:0e:16:4b:50:8a:ba:e0:6a:d4:29:4b:c4:a8:34:
c8:10:e1:0a:71:2b:b3:4b:2d:42:54:e9:5e:70:db:16:7f:da:
35:60:eb:4e:01:b3:3e:92:f9:50:38:33:66:08:0d:36:48:e8:
27:c1:43:ca:fe:09:0c:91:82:e4:0d:09:3e:e1:78:87:f7:63:
34:90:61:f8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGpAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTEx
MjA5NDVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDMzODMwOTk2MTM3QkFC
QkMyOEFEODM4ODZERTdCNkQwNjg1Mzk0QzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0lvpkwy+p5+Kjl5kEhr8TnkrLYsJ3tNMuRv7ZvO8T/LT9gU+W
9Q1cr3C9McHS3ucyl+qzqDlw2mSWLZuhaTCjYT0mi5wKnUSd2vwYZlCA45YFEQ8O
UlbTYiozKrf5m+yHe1knX0ephAXKK+BNcoBupr2KmpnAMhoc17GNhAGuT7svTlGl
oH8xYEURjN3sy7sxS2e6ed5RdxeeEAKauGwirvn3HLC3I3Y4ADnWFwCKNdCa8Opu
rIxL9TyzPWdSbo4Gp/Iv/QgM1nhWjnz7gh50SZcaM7IH84qYKLJVNAA7gpQTCn6g
+VK7h7S5PeLfnvs03PQfSoN8iAH8svJrszFrAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUM4MJlhN7q7worYOIbee20GhTlMYwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9NNE1KbGhON3E3d29yWU9J
YmVlMjBHaFRsTVkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBABDpStgrPSOcVcnbsCaY72NAXzPddp0uWiYY
uV7a0FrHq+qAOpSby6wIIFj7euK8e6/XPC+LHwHmZ8cwa7QDiAXDfd0WAQxlh1V6
fJdwdXr0QA9yzedG/eYhetJTUZ0kr+oE13H7WMetHDrvUvzdMoOVh229wqAacTjt
Ypa+THfOcq8ZXE57ceF4A8i6ktz8zRaAZQJaZK+EWN4/dlhMznxT+zg0BbEkR5n/
7oj4zjhHBx6FHt29G0wOFktQirrgatQpS8SoNMgQ4QpxK7NLLUJU6V5w2xZ/2jVg
604Bsz6S+VA4M2YIDTZI6CfBQ8r+CQyRguQNCT7heIf3YzSQYfg=
-----END CERTIFICATE-----
Generated at Mon Jul 21 03:03:35 2025 by rpki-client