Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/NZ1FNXI25YkFHNAG5gAg8U7mb0U.roa
File: NZ1FNXI25YkFHNAG5gAg8U7mb0U.roa (raw, json)
Hash identifier: wn0ol4lENaD6zAlfR7VtpjSChq/ZfxAO/WFXVLth9Mo=
Subject key identifier: 35:9D:45:35:72:36:E5:89:05:1C:D0:06:E6:00:20:F1:4E:E6:6F:45
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0DF4
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/NZ1FNXI25YkFHNAG5gAg8U7mb0U.roa
Signing time: Sun 25 May 2025 16:38:55 +0000
ROA not before: Sun 25 May 2025 16:38:55 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3572 (0xdf4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 25 16:38:55 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=359D45357236E589051CD006E60020F14EE66F45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:12:e2:12:5a:34:dd:7d:fb:2c:30:39:f1:fa:
da:49:62:6c:1c:a4:f8:3d:9b:8d:f4:53:17:94:92:
86:bd:e3:a6:be:31:9b:79:eb:93:10:88:e2:e7:90:
8d:bc:87:11:c5:cc:82:ed:14:9c:ec:87:4b:cd:84:
65:cd:75:9b:ec:05:b7:bc:a8:b3:79:e7:44:83:c6:
eb:48:33:82:49:82:87:4e:84:9d:5d:63:04:e5:c0:
b0:23:67:63:2b:c5:17:f9:ab:ee:d0:6c:e9:51:35:
36:79:ac:f3:94:54:e0:61:7f:d6:bd:a3:55:51:c4:
4f:ee:a5:76:08:e8:37:01:d9:d6:3d:87:b2:44:8b:
4b:f2:22:36:e8:62:74:97:41:1c:49:95:be:44:dc:
e0:57:dc:41:eb:5a:fb:3d:29:5a:61:d9:f6:4e:aa:
b8:54:59:01:96:7a:60:e2:ac:76:26:55:7a:5b:c6:
b8:8f:d6:89:6c:67:27:7a:3a:60:45:61:ff:40:ea:
69:c8:22:87:66:9c:92:d7:cb:5e:f2:a4:30:d7:c2:
c2:b8:c5:60:10:fc:07:a1:16:34:49:7c:47:c0:14:
78:3e:72:4e:5d:4b:a1:89:7a:74:3f:cb:d1:07:7f:
f7:7b:f8:ec:99:51:40:e2:14:88:1b:a1:84:6d:21:
66:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:9D:45:35:72:36:E5:89:05:1C:D0:06:E6:00:20:F1:4E:E6:6F:45
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/NZ1FNXI25YkFHNAG5gAg8U7mb0U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
31:63:0e:df:3f:76:af:15:0b:45:33:da:59:4e:e8:a2:b6:e7:
35:6b:5d:b9:0c:ee:18:5e:05:e1:70:31:84:96:80:a2:86:00:
ef:ce:7d:34:e2:ea:cc:80:57:eb:7c:58:3e:c0:1a:cd:59:92:
c4:bf:89:e6:2f:9e:ba:7e:41:7f:18:0a:51:99:eb:55:ab:c5:
f3:c2:7a:64:d9:61:8e:cf:1a:03:1a:d0:86:42:80:72:0b:92:
46:db:66:a9:9b:2b:ff:ef:c7:d0:07:bb:ed:44:30:0d:2a:a9:
9e:ac:2e:e9:16:09:fa:e9:6d:9a:ca:ac:80:3e:b7:1c:62:ee:
11:1a:31:6e:78:88:c8:9c:57:3b:27:d2:8f:72:66:17:f8:66:
de:aa:32:25:0e:00:76:4b:03:1b:65:64:48:11:9c:a8:a6:56:
43:f4:62:bc:77:80:c9:72:20:31:6c:94:1a:ca:43:cb:96:55:
6a:57:d3:66:62:0d:bb:e2:4c:c8:b3:06:df:38:65:f4:9c:56:
49:5c:f8:29:52:1e:a4:ca:2f:e1:8a:8f:92:3a:03:65:b6:64:
9a:50:cc:2f:a1:68:e9:e8:4f:26:38:ce:61:26:3c:5a:61:ca:
fc:20:7f:0a:09:fc:0d:11:90:6b:58:ce:77:c4:1f:cc:21:cc:
39:c6:e0:f5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDfQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjUx
NjM4NTVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDM1OUQ0NTM1NzIzNkU1
ODkwNTFDRDAwNkU2MDAyMEYxNEVFNjZGNDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMEuISWjTdffssMDnx+tpJYmwcpPg9m430UxeUkoa946a+MZt5
65MQiOLnkI28hxHFzILtFJzsh0vNhGXNdZvsBbe8qLN550SDxutIM4JJgodOhJ1d
YwTlwLAjZ2MrxRf5q+7QbOlRNTZ5rPOUVOBhf9a9o1VRxE/upXYI6DcB2dY9h7JE
i0vyIjboYnSXQRxJlb5E3OBX3EHrWvs9KVph2fZOqrhUWQGWemDirHYmVXpbxriP
1olsZyd6OmBFYf9A6mnIIodmnJLXy17ypDDXwsK4xWAQ/AehFjRJfEfAFHg+ck5d
S6GJenQ/y9EHf/d7+OyZUUDiFIgboYRtIWbpAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUNZ1FNXI25YkFHNAG5gAg8U7mb0UwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9OWjFGTlhJMjVZa0ZITkFH
NWdBZzhVN21iMFUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBADFjDt8/dq8VC0Uz2llO6KK25zVrXbkM7hhe
BeFwMYSWgKKGAO/OfTTi6syAV+t8WD7AGs1ZksS/ieYvnrp+QX8YClGZ61WrxfPC
emTZYY7PGgMa0IZCgHILkkbbZqmbK//vx9AHu+1EMA0qqZ6sLukWCfrpbZrKrIA+
txxi7hEaMW54iMicVzsn0o9yZhf4Zt6qMiUOAHZLAxtlZEgRnKimVkP0Yrx3gMly
IDFslBrKQ8uWVWpX02ZiDbviTMizBt84ZfScVklc+ClSHqTKL+GKj5I6A2W2ZJpQ
zC+haOnoTyY4zmEmPFphyvwgfwoJ/A0RkGtYznfEH8whzDnG4PU=
-----END CERTIFICATE-----
Generated at Mon Jul 21 13:41:11 2025 by rpki-client