Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/TtgpH3HBCFE8GpOBPCO-dkPprnc.roa
File: TtgpH3HBCFE8GpOBPCO-dkPprnc.roa (raw, json)
Hash identifier: ZKCwAGjG3kSW7qURIyjiIveMVcYze1X1g5q/m6LBUpU=
Subject key identifier: 4E:D8:29:1F:71:C1:08:51:3C:1A:93:81:3C:23:BE:76:43:E9:AE:77
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1840
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/TtgpH3HBCFE8GpOBPCO-dkPprnc.roa
Signing time: Sun 08 Jun 2025 10:09:35 +0000
ROA not before: Sun 08 Jun 2025 10:09:35 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6208 (0x1840)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 8 10:09:35 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=4ED8291F71C108513C1A93813C23BE7643E9AE77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:b1:d4:36:f9:8e:10:54:54:f4:a4:4f:fd:8e:
31:9b:c4:93:e6:16:d8:25:92:6e:f5:15:f5:e6:69:
65:1d:20:b4:a9:38:d0:9d:1a:c5:9d:e0:c7:94:41:
5b:dd:ba:cc:a4:63:96:26:67:c6:43:69:5d:11:5b:
15:97:56:28:3d:58:81:c5:7e:6b:61:66:85:83:6a:
c1:83:37:2c:4f:cd:f8:20:68:7b:94:dc:0f:4d:d9:
48:06:e5:e0:43:fe:cd:1b:1f:9f:7f:c3:6d:63:88:
25:f8:b0:46:47:d6:32:21:b6:78:aa:f3:53:73:59:
81:71:65:8d:95:a9:ed:1f:9e:c0:7a:41:32:f9:3a:
87:b0:2b:8b:44:cb:5c:67:0a:23:fd:18:bf:e9:cc:
ce:39:d2:55:2f:12:53:bd:4c:0c:1b:63:a8:17:dd:
84:63:1f:50:92:2d:7d:aa:bc:cc:7e:4d:b3:e9:68:
0c:ab:6e:32:0f:19:4c:7c:68:75:e3:08:c1:09:a9:
c2:ff:68:94:3b:84:c7:7e:fa:fb:cf:fe:c3:9a:0b:
d5:20:e8:a4:cf:5c:21:78:ac:73:b1:2e:45:8c:4e:
73:4a:d7:6a:3c:31:bc:cc:e5:7d:9c:5f:e2:5a:c8:
bd:44:7d:fb:d9:42:2f:98:ff:52:6a:2a:93:1b:23:
54:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:D8:29:1F:71:C1:08:51:3C:1A:93:81:3C:23:BE:76:43:E9:AE:77
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/TtgpH3HBCFE8GpOBPCO-dkPprnc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
01:e3:e6:35:6f:30:14:78:43:3d:bd:92:e9:8f:29:d1:c6:ff:
39:db:f3:51:aa:cc:06:ba:81:f8:66:9e:ea:74:2f:f2:14:c9:
dd:f2:87:9d:34:1b:01:f6:69:e9:6f:c7:c7:8a:bb:c0:0b:be:
d1:3e:45:90:d0:f4:26:b2:c4:c4:4d:27:cf:3e:e4:2e:23:0c:
f1:9d:a7:00:eb:86:b3:f1:70:b8:b4:26:83:0d:d9:2f:18:1f:
82:ee:33:e8:97:57:ca:d6:02:ad:c7:71:9a:7a:1e:89:c9:65:
87:0e:70:93:5f:00:a2:d1:59:62:71:bf:e2:15:10:78:49:66:
8d:74:82:4d:c5:3f:5d:4e:0d:1b:8a:ee:19:a9:0d:b7:49:89:
5c:f3:cd:91:cc:d3:d0:7d:74:ed:fa:84:d3:fe:2b:f5:d3:48:
3a:08:e8:9b:a2:d9:b6:e5:c3:7d:e5:67:dc:60:8a:a5:35:fe:
10:c6:c3:ac:88:d8:9f:fa:f8:90:93:50:e8:8d:d1:b5:d4:2e:
6d:ff:f6:7e:74:7d:cd:6a:83:3e:73:4c:cd:4f:11:9f:0b:72:
d7:9f:92:a4:34:2d:ca:5a:47:e3:34:20:c2:96:d8:99:04:33:
36:81:4b:d5:20:16:cd:5c:0a:69:fb:31:19:b1:25:b2:69:17:
cb:48:c4:22
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGEAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDgx
MDA5MzVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDRFRDgyOTFGNzFDMTA4
NTEzQzFBOTM4MTNDMjNCRTc2NDNFOUFFNzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4sdQ2+Y4QVFT0pE/9jjGbxJPmFtglkm71FfXmaWUdILSpONCd
GsWd4MeUQVvdusykY5YmZ8ZDaV0RWxWXVig9WIHFfmthZoWDasGDNyxPzfggaHuU
3A9N2UgG5eBD/s0bH59/w21jiCX4sEZH1jIhtniq81NzWYFxZY2Vqe0fnsB6QTL5
OoewK4tEy1xnCiP9GL/pzM450lUvElO9TAwbY6gX3YRjH1CSLX2qvMx+TbPpaAyr
bjIPGUx8aHXjCMEJqcL/aJQ7hMd++vvP/sOaC9Ug6KTPXCF4rHOxLkWMTnNK12o8
MbzM5X2cX+JayL1EffvZQi+Y/1JqKpMbI1SLAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUTtgpH3HBCFE8GpOBPCO+dkPprncwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9UdGdwSDNIQkNGRThHcE9C
UENPLWRrUHBybmMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAAHj5jVvMBR4Qz29kumPKdHG/znb81GqzAa6
gfhmnup0L/IUyd3yh500GwH2aelvx8eKu8ALvtE+RZDQ9CayxMRNJ88+5C4jDPGd
pwDrhrPxcLi0JoMN2S8YH4LuM+iXV8rWAq3HcZp6HonJZYcOcJNfAKLRWWJxv+IV
EHhJZo10gk3FP11ODRuK7hmpDbdJiVzzzZHM09B9dO36hNP+K/XTSDoI6Jui2bbl
w33lZ9xgiqU1/hDGw6yI2J/6+JCTUOiN0bXULm3/9n50fc1qgz5zTM1PEZ8Lctef
kqQ0LcpaR+M0IMKW2JkEMzaBS9UgFs1cCmn7MRmxJbJpF8tIxCI=
-----END CERTIFICATE-----
Generated at Sun Jul 20 19:09:28 2025 by rpki-client