Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/Tku4lfMbT8xCbDQOmD15ks-UrZM.roa
File: Tku4lfMbT8xCbDQOmD15ks-UrZM.roa (raw, json)
Hash identifier: M5AJuXJNV3ISOqOjLBvLBfrM1FA9bxwHj38j5jhR0SQ=
Subject key identifier: 4E:4B:B8:95:F3:1B:4F:CC:42:6C:34:0E:98:3D:79:92:CF:94:AD:93
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1E48
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Tku4lfMbT8xCbDQOmD15ks-UrZM.roa
Signing time: Mon 16 Jun 2025 11:09:59 +0000
ROA not before: Mon 16 Jun 2025 11:09:59 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7752 (0x1e48)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 16 11:09:59 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=4E4BB895F31B4FCC426C340E983D7992CF94AD93
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:88:3a:ee:5d:06:f1:1b:3d:5a:70:81:64:c8:
67:9f:ca:9a:72:ba:e4:05:16:ba:fd:83:81:4a:c7:
e7:74:4c:a3:c9:d6:35:93:8e:16:7f:d5:67:df:ad:
82:70:77:f8:55:dd:e8:eb:85:04:64:1d:0f:a2:4e:
b0:18:32:3c:bf:dc:ba:4a:f4:29:90:1e:02:06:27:
0c:90:90:2e:41:32:24:d5:3a:01:f1:90:7c:9a:2e:
73:e0:ca:e1:0b:c8:23:d8:38:29:c0:8d:63:0c:0f:
0e:af:cc:db:2d:69:a1:e1:69:11:05:38:c4:f6:b2:
7d:d5:19:77:dd:d9:be:45:fe:d0:18:9c:31:10:64:
37:c4:1b:58:6e:58:8c:81:af:7d:9f:95:0e:a3:64:
10:a5:05:6b:93:0b:7d:0a:c3:d0:a3:ed:50:e7:2b:
dc:67:3d:51:2e:78:2c:a1:6d:1e:0a:29:95:c0:f7:
dc:aa:4e:31:cb:4b:3b:e1:db:c0:51:d9:9b:33:40:
b7:c4:01:50:1f:37:d7:e4:79:18:3d:d7:2a:38:28:
40:43:98:f1:11:81:50:d1:0e:1a:cb:fb:59:cb:ec:
f3:8d:e9:70:c5:07:d7:e1:50:f9:5c:50:9b:c7:3f:
80:bd:63:92:89:62:b1:4d:06:88:b4:cc:75:86:56:
5b:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:4B:B8:95:F3:1B:4F:CC:42:6C:34:0E:98:3D:79:92:CF:94:AD:93
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Tku4lfMbT8xCbDQOmD15ks-UrZM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
af:d3:f2:20:3b:30:c6:a7:9b:c8:54:2a:5c:45:7c:fd:51:c9:
b3:c2:67:6d:58:8f:bd:b0:9f:a6:7d:3e:4a:50:4d:fd:18:74:
a2:b7:37:5e:c7:d6:2b:15:ff:a6:d8:e4:2e:c3:f0:6b:05:62:
34:39:36:24:0e:40:aa:4f:cf:f2:69:a6:b5:97:8c:d5:e7:0a:
9b:69:b0:aa:29:dd:5e:fe:99:50:9c:05:ce:d0:86:9e:fd:a0:
a4:cf:d1:c7:13:43:9b:92:7a:f5:88:76:ac:6b:90:15:e6:02:
de:b0:77:4a:75:d7:2e:21:e1:6b:cc:4e:1b:c9:2f:5f:08:0e:
0a:7a:1c:5e:b7:82:5e:ac:a1:48:b0:5f:ad:07:47:72:d4:72:
52:19:6b:94:79:78:26:84:a5:41:d8:11:14:6d:84:be:ea:ee:
81:6a:5b:33:c9:2f:0e:80:fc:3c:15:4a:cd:2e:fa:ad:65:0f:
11:d2:73:31:f2:1d:07:6b:6e:e5:8a:1c:fd:6d:93:b5:1b:1b:
07:a6:64:94:05:5c:58:6a:e7:c5:3d:75:c6:e7:6f:96:12:cc:
0e:77:cc:99:56:1b:a1:53:1c:7a:1d:88:80:c2:d4:b1:79:72:
3b:12:12:22:2a:75:98:03:06:32:6c:a1:db:1b:5c:68:76:8c:
f2:98:47:3d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHkgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTYx
MTA5NTlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDRFNEJCODk1RjMxQjRG
Q0M0MjZDMzQwRTk4M0Q3OTkyQ0Y5NEFEOTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDiDruXQbxGz1acIFkyGefyppyuuQFFrr9g4FKx+d0TKPJ1jWT
jhZ/1WffrYJwd/hV3ejrhQRkHQ+iTrAYMjy/3LpK9CmQHgIGJwyQkC5BMiTVOgHx
kHyaLnPgyuELyCPYOCnAjWMMDw6vzNstaaHhaREFOMT2sn3VGXfd2b5F/tAYnDEQ
ZDfEG1huWIyBr32flQ6jZBClBWuTC30Kw9Cj7VDnK9xnPVEueCyhbR4KKZXA99yq
TjHLSzvh28BR2ZszQLfEAVAfN9fkeRg91yo4KEBDmPERgVDRDhrL+1nL7PON6XDF
B9fhUPlcUJvHP4C9Y5KJYrFNBoi0zHWGVltjAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUTku4lfMbT8xCbDQOmD15ks+UrZMwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9Ua3U0bGZNYlQ4eENiRFFP
bUQxNWtzLVVyWk0ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAK/T8iA7MManm8hUKlxFfP1RybPCZ21Yj72w
n6Z9PkpQTf0YdKK3N17H1isV/6bY5C7D8GsFYjQ5NiQOQKpPz/JpprWXjNXnCptp
sKop3V7+mVCcBc7Qhp79oKTP0ccTQ5uSevWIdqxrkBXmAt6wd0p11y4h4WvMThvJ
L18IDgp6HF63gl6soUiwX60HR3LUclIZa5R5eCaEpUHYERRthL7q7oFqWzPJLw6A
/DwVSs0u+q1lDxHSczHyHQdrbuWKHP1tk7UbGwemZJQFXFhq58U9dcbnb5YSzA53
zJlWG6FTHHodiIDC1LF5cjsSEiIqdZgDBjJsodsbXGh2jPKYRz0=
-----END CERTIFICATE-----
Generated at Sun Jul 20 19:01:21 2025 by rpki-client