Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/QGYPzABRICakpCMcXJRK4JCs25w.roa
File: QGYPzABRICakpCMcXJRK4JCs25w.roa (raw, json)
Hash identifier: 6lZPqWsqZDQAH0j+PhvLesORwsgsgi1/vHLvTo0eCtU=
Subject key identifier: 40:66:0F:CC:00:51:20:26:A4:A4:23:1C:5C:94:4A:E0:90:AC:DB:9C
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 03D0
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/QGYPzABRICakpCMcXJRK4JCs25w.roa
Signing time: Mon 12 May 2025 04:08:05 +0000
ROA not before: Mon 12 May 2025 04:08:05 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 976 (0x3d0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 12 04:08:05 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=40660FCC00512026A4A4231C5C944AE090ACDB9C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:cf:b1:ed:b7:c3:52:4a:52:2a:52:48:ee:ef:
45:17:3e:e7:1a:23:f5:e3:36:0e:c3:00:6d:e6:95:
ed:42:76:68:72:8b:60:61:56:76:bb:51:f0:09:be:
81:24:d0:83:c9:bc:06:45:93:f8:17:1e:c4:48:12:
b7:b9:cf:51:ff:25:d3:c0:de:e9:fa:49:2e:29:90:
e0:db:cf:42:b2:e3:bd:08:a6:1f:f8:3b:1d:81:eb:
32:61:2b:e1:1e:40:f8:dc:36:03:a1:88:a2:46:b7:
b2:ed:15:21:8b:ce:b7:4f:01:45:e4:20:49:5c:36:
bd:39:32:6a:df:3f:b8:d5:47:4f:7f:03:95:0c:04:
d5:20:16:b8:1c:dd:4d:3e:56:70:5a:28:bc:41:f4:
cf:56:88:93:58:12:fe:96:1f:da:e5:c0:1c:7c:2f:
c2:46:01:99:e2:16:2e:4d:25:07:74:ce:61:d2:23:
7a:63:f5:95:32:65:b7:a5:04:bf:17:35:49:9b:35:
85:ac:3d:1a:4c:49:76:cf:d4:27:0e:63:d3:04:fa:
bc:c0:6f:4a:1c:84:62:53:51:59:6c:4f:bd:98:e9:
57:a2:0b:39:38:5f:dc:be:3c:42:c6:67:12:64:3f:
5d:19:2b:f0:85:ad:49:fd:e8:8a:2d:4b:cd:3d:e9:
a7:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:66:0F:CC:00:51:20:26:A4:A4:23:1C:5C:94:4A:E0:90:AC:DB:9C
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/QGYPzABRICakpCMcXJRK4JCs25w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a2:3f:0d:5a:ac:e7:b0:f3:70:d6:72:da:5f:b5:35:aa:46:5f:
55:ef:24:c4:f4:37:96:f6:58:46:50:d8:d7:f1:ec:da:42:63:
1e:4f:5c:b5:f0:f2:1b:e4:be:3b:5c:36:1a:90:60:08:49:ee:
af:78:52:34:b5:f2:a6:c0:b5:39:1d:d1:a1:10:e2:ae:b5:fa:
10:a4:db:2a:42:dd:ca:8b:dc:e5:33:18:a6:4f:52:0c:7e:bd:
c6:58:7d:ed:61:68:cf:0e:dd:5a:bc:2f:6c:d7:e5:11:bf:69:
e7:93:d9:46:05:61:99:51:b5:8a:1b:7a:23:82:1d:54:32:4a:
63:88:30:0b:bc:ce:09:65:ae:b1:1d:27:d8:3c:55:c2:ba:fc:
7a:4d:2d:a3:3b:c3:0f:88:60:bc:9f:0d:27:71:b9:64:38:e4:
45:14:ba:77:f8:da:0a:92:c3:19:bc:72:19:ae:a9:36:62:fe:
55:3a:cc:cd:70:c7:43:7a:77:a0:b9:73:79:f4:86:0b:65:42:
75:59:ad:a2:62:18:29:a5:40:57:ce:2b:c7:fe:c4:80:f3:5a:
0a:f7:82:3c:9c:5a:3b:63:d1:13:bd:cb:68:28:8c:cc:39:77:
44:5a:88:56:a6:97:d6:94:8b:7e:a6:b0:a2:e2:c5:35:08:3a:
c8:54:41:8a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICA9AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTIw
NDA4MDVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDQwNjYwRkNDMDA1MTIw
MjZBNEE0MjMxQzVDOTQ0QUUwOTBBQ0RCOUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKz7Htt8NSSlIqUkju70UXPucaI/XjNg7DAG3mle1Cdmhyi2Bh
Vna7UfAJvoEk0IPJvAZFk/gXHsRIEre5z1H/JdPA3un6SS4pkODbz0Ky470Iph/4
Ox2B6zJhK+EeQPjcNgOhiKJGt7LtFSGLzrdPAUXkIElcNr05MmrfP7jVR09/A5UM
BNUgFrgc3U0+VnBaKLxB9M9WiJNYEv6WH9rlwBx8L8JGAZniFi5NJQd0zmHSI3pj
9ZUyZbelBL8XNUmbNYWsPRpMSXbP1CcOY9ME+rzAb0ochGJTUVlsT72Y6VeiCzk4
X9y+PELGZxJkP10ZK/CFrUn96IotS8096acdAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUQGYPzABRICakpCMcXJRK4JCs25wwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9RR1lQekFCUklDYWtwQ01j
WEpSSzRKQ3MyNXcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAKI/DVqs57DzcNZy2l+1NapGX1XvJMT0N5b2
WEZQ2Nfx7NpCYx5PXLXw8hvkvjtcNhqQYAhJ7q94UjS18qbAtTkd0aEQ4q61+hCk
2ypC3cqL3OUzGKZPUgx+vcZYfe1haM8O3Vq8L2zX5RG/aeeT2UYFYZlRtYobeiOC
HVQySmOIMAu8zgllrrEdJ9g8VcK6/HpNLaM7ww+IYLyfDSdxuWQ45EUUunf42gqS
wxm8chmuqTZi/lU6zM1wx0N6d6C5c3n0hgtlQnVZraJiGCmlQFfOK8f+xIDzWgr3
gjycWjtj0RO9y2gojMw5d0RaiFaml9aUi36msKLixTUIOshUQYo=
-----END CERTIFICATE-----
Generated at Thu Jun 5 20:31:21 2025 by rpki-client