Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/MsQr1BJ6sd5u2fCG8ntSlUJpl0U.roa
File: MsQr1BJ6sd5u2fCG8ntSlUJpl0U.roa (raw, json)
Hash identifier: rt2vR/71LXZqSsIWvP6YwqnEZf11oFNBykGbcTvLw48=
Subject key identifier: 32:C4:2B:D4:12:7A:B1:DE:6E:D9:F0:86:F2:7B:52:95:42:69:97:45
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0E8C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/MsQr1BJ6sd5u2fCG8ntSlUJpl0U.roa
Signing time: Mon 26 May 2025 11:39:02 +0000
ROA not before: Mon 26 May 2025 11:39:02 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3724 (0xe8c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 26 11:39:02 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=32C42BD4127AB1DE6ED9F086F27B529542699745
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:29:ca:ae:c9:63:2a:35:b7:8b:c6:8a:17:59:
d7:15:d5:51:03:7f:e0:d2:d6:bd:f1:4e:a3:eb:de:
d0:d8:0d:f6:3e:c6:e1:5c:9a:39:33:96:3c:b8:7f:
db:55:74:83:00:1f:ef:89:16:b8:48:7a:c9:e1:bf:
3e:a8:81:e0:09:1a:c5:8d:ca:70:fa:5e:7d:de:3f:
4f:46:a3:ce:ba:81:3e:84:40:dc:7e:62:95:b1:47:
d9:c5:e6:62:8e:33:d6:2e:9d:b4:ee:4d:b6:b9:9c:
25:ff:ab:3c:bc:57:c4:21:ff:41:b5:5f:cf:b5:43:
ba:7e:fd:b5:fd:b9:b6:82:04:5e:d7:70:cc:bc:76:
20:f7:85:5d:47:53:43:d6:0b:bc:56:52:09:03:09:
0d:99:53:f0:c2:ae:1a:19:05:27:b0:e2:a9:28:1d:
f1:77:db:c8:a5:5b:24:3e:0c:8a:43:9e:f5:ba:30:
da:01:79:c6:b2:43:6e:3c:2e:c1:76:6e:86:8b:46:
ce:dd:61:e4:78:00:af:ed:05:8a:80:d9:77:85:ad:
c5:33:60:8b:9e:e6:00:f2:f8:4b:11:96:fa:29:82:
2d:9d:19:fe:a3:48:9f:a9:e2:00:7e:ed:e4:f5:f1:
5b:f9:eb:9f:72:ea:cc:83:1f:ca:0f:1a:a2:17:33:
2b:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:C4:2B:D4:12:7A:B1:DE:6E:D9:F0:86:F2:7B:52:95:42:69:97:45
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/MsQr1BJ6sd5u2fCG8ntSlUJpl0U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7a:6d:a2:fd:85:b4:38:95:a4:ab:74:16:62:a1:25:b0:13:66:
8a:f7:56:3d:66:1e:32:2d:77:cf:c8:cb:80:35:fc:91:ef:fb:
96:5f:04:ab:98:d2:40:1b:da:96:4d:ad:06:60:4c:4a:c5:0d:
53:15:c4:b9:4a:b2:a8:ac:ad:44:e4:68:e0:78:88:41:7a:74:
69:dc:4d:dd:78:9c:24:27:de:43:e8:33:06:41:21:61:f7:e6:
a6:7e:9e:2b:ff:14:6c:ed:5e:16:77:3a:54:9b:d2:2c:f7:43:
4f:6a:71:61:9d:49:d6:44:13:de:06:f5:d2:a1:4f:54:14:c6:
c9:76:c3:a5:2c:c0:54:f9:34:26:d6:89:e7:5b:9f:ad:64:a3:
0b:30:eb:11:93:0e:61:0e:51:f1:99:b3:93:db:11:0d:64:15:
86:72:b3:6e:1f:a2:ff:03:aa:75:41:57:b5:48:ec:6b:d9:c2:
70:ad:38:b3:91:c7:7c:1e:b1:5f:f7:96:b6:5f:c5:d7:14:3d:
3b:6e:47:59:b4:02:ac:1e:c5:40:b3:d1:50:8d:c9:d0:d8:08:
7a:04:74:c2:48:8f:7f:60:ae:cd:e9:bd:81:8f:56:4e:b3:f7:
b0:c2:c8:2e:17:13:06:c5:55:74:52:41:30:de:28:ec:42:34:
86:0c:7b:b9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDowwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjYx
MTM5MDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDMyQzQyQkQ0MTI3QUIx
REU2RUQ5RjA4NkYyN0I1Mjk1NDI2OTk3NDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/KcquyWMqNbeLxooXWdcV1VEDf+DS1r3xTqPr3tDYDfY+xuFc
mjkzljy4f9tVdIMAH++JFrhIesnhvz6ogeAJGsWNynD6Xn3eP09Go866gT6EQNx+
YpWxR9nF5mKOM9YunbTuTba5nCX/qzy8V8Qh/0G1X8+1Q7p+/bX9ubaCBF7XcMy8
diD3hV1HU0PWC7xWUgkDCQ2ZU/DCrhoZBSew4qkoHfF328ilWyQ+DIpDnvW6MNoB
ecayQ248LsF2boaLRs7dYeR4AK/tBYqA2XeFrcUzYIue5gDy+EsRlvopgi2dGf6j
SJ+p4gB+7eT18Vv5659y6syDH8oPGqIXMyuNAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUMsQr1BJ6sd5u2fCG8ntSlUJpl0UwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9Nc1FyMUJKNnNkNXUyZkNH
OG50U2xVSnBsMFUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAHptov2FtDiVpKt0FmKhJbATZor3Vj1mHjIt
d8/Iy4A1/JHv+5ZfBKuY0kAb2pZNrQZgTErFDVMVxLlKsqisrUTkaOB4iEF6dGnc
Td14nCQn3kPoMwZBIWH35qZ+niv/FGztXhZ3OlSb0iz3Q09qcWGdSdZEE94G9dKh
T1QUxsl2w6UswFT5NCbWiedbn61kowsw6xGTDmEOUfGZs5PbEQ1kFYZys24fov8D
qnVBV7VI7GvZwnCtOLORx3wesV/3lrZfxdcUPTtuR1m0AqwexUCz0VCNydDYCHoE
dMJIj39grs3pvYGPVk6z97DCyC4XEwbFVXRSQTDeKOxCNIYMe7k=
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:06:37 2025 by rpki-client