Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/X3eUz5vY1W7V-8ZWPJWLizC3OMM.roa
File: X3eUz5vY1W7V-8ZWPJWLizC3OMM.roa (raw, json)
Hash identifier: MQO6pItLtjXKXaM8sgBQ7fVBQupSzEm0KtP20qMu/Bk=
Subject key identifier: 5F:77:94:CF:9B:D8:D5:6E:D5:FB:C6:56:3C:95:8B:8B:30:B7:38:C3
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2264
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/X3eUz5vY1W7V-8ZWPJWLizC3OMM.roa
Signing time: Sun 22 Jun 2025 10:11:50 +0000
ROA not before: Sun 22 Jun 2025 10:11:50 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8804 (0x2264)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 22 10:11:50 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=5F7794CF9BD8D56ED5FBC6563C958B8B30B738C3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:12:b5:21:8a:27:e3:fd:5d:56:2f:89:c4:ea:
da:f1:3f:42:1d:18:56:32:ae:8c:63:bf:ea:d5:a9:
39:c9:52:d0:95:ad:de:55:f5:54:97:c6:90:d5:46:
24:54:59:e9:de:53:ef:13:d1:e1:11:02:02:80:09:
43:04:e9:1b:19:29:e7:35:29:19:f0:8d:f8:be:9b:
8c:b8:da:52:20:9d:2a:1e:2b:26:6a:11:b2:ba:e9:
28:6a:ea:24:db:e5:1f:97:55:a0:33:b7:64:68:72:
49:29:f0:d9:0f:9d:bd:1c:b0:b7:0c:50:bc:0e:c5:
ea:09:c4:eb:0e:ec:5e:c9:f5:16:61:e6:65:a8:9a:
13:20:e5:99:70:81:f1:a3:e6:1b:b4:50:35:44:e1:
98:27:04:0e:52:6e:c4:1a:db:03:1e:f5:c5:94:46:
6d:9a:c5:20:7c:c8:99:75:bf:73:f7:c6:de:ba:e9:
96:51:ed:fb:19:b3:b1:46:7a:73:e6:42:79:59:3a:
7c:ca:50:e1:91:8b:71:00:e9:e8:25:9d:91:0f:02:
2f:b9:67:8a:65:b4:79:66:25:1c:63:ee:20:eb:07:
47:be:80:6d:bc:c5:44:da:69:6d:0a:5d:a2:05:7b:
3b:fb:53:e7:b6:c7:5e:6d:5d:74:8d:e0:71:7c:b0:
42:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:77:94:CF:9B:D8:D5:6E:D5:FB:C6:56:3C:95:8B:8B:30:B7:38:C3
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/X3eUz5vY1W7V-8ZWPJWLizC3OMM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
73:c4:12:7c:60:70:30:fa:b2:23:25:79:53:1d:73:24:a3:90:
2b:98:da:f7:c9:9f:95:18:10:97:f7:5a:7e:92:89:2c:d4:a3:
e7:36:c0:bb:63:4a:12:27:47:38:01:b0:be:b7:12:ed:b1:01:
4d:3c:a5:f0:64:4f:77:5f:79:b8:48:61:6e:48:4f:6c:15:54:
1b:a0:5b:7f:bb:5e:0e:16:77:e4:f9:0a:62:38:9c:8a:b4:28:
a9:fd:98:58:fb:84:4b:e2:11:d2:4a:70:50:0a:bd:21:c7:52:
16:7c:ea:cc:6f:c8:7c:d0:b9:95:e8:16:59:2d:6d:7b:77:95:
76:bb:5f:91:28:76:ee:66:18:67:82:b3:d2:b5:24:d8:18:3e:
8e:79:33:49:77:55:75:5d:d9:2a:bf:31:e9:94:58:14:f7:1e:
d3:0c:64:82:f3:33:4d:10:24:15:52:df:9c:9b:eb:fa:d9:9d:
71:a2:7d:eb:2e:ae:6c:fd:bf:31:b3:bc:06:8c:00:1c:e4:30:
58:5b:be:64:dd:e0:b0:cf:61:ac:ed:2f:6f:17:a3:4c:a7:21:
d4:4f:fd:df:cf:06:9d:f2:6e:15:96:1a:c0:97:c3:f3:7b:32:
80:06:72:98:c9:02:99:a8:69:44:69:0a:90:33:99:84:47:ab:
33:87:3b:9f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICImQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjIx
MDExNTBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDVGNzc5NENGOUJEOEQ1
NkVENUZCQzY1NjNDOTU4QjhCMzBCNzM4QzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDfErUhiifj/V1WL4nE6trxP0IdGFYyroxjv+rVqTnJUtCVrd5V
9VSXxpDVRiRUWeneU+8T0eERAgKACUME6RsZKec1KRnwjfi+m4y42lIgnSoeKyZq
EbK66Shq6iTb5R+XVaAzt2Rockkp8NkPnb0csLcMULwOxeoJxOsO7F7J9RZh5mWo
mhMg5ZlwgfGj5hu0UDVE4ZgnBA5SbsQa2wMe9cWURm2axSB8yJl1v3P3xt666ZZR
7fsZs7FGenPmQnlZOnzKUOGRi3EA6eglnZEPAi+5Z4pltHlmJRxj7iDrB0e+gG28
xUTaaW0KXaIFezv7U+e2x15tXXSN4HF8sEJ5AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUX3eUz5vY1W7V+8ZWPJWLizC3OMMwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9YM2VVejV2WTFXN1YtOFpX
UEpXTGl6QzNPTU0ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAHPEEnxgcDD6siMleVMdcySjkCuY2vfJn5UY
EJf3Wn6SiSzUo+c2wLtjShInRzgBsL63Eu2xAU08pfBkT3dfebhIYW5IT2wVVBug
W3+7Xg4Wd+T5CmI4nIq0KKn9mFj7hEviEdJKcFAKvSHHUhZ86sxvyHzQuZXoFlkt
bXt3lXa7X5Eodu5mGGeCs9K1JNgYPo55M0l3VXVd2Sq/MemUWBT3HtMMZILzM00Q
JBVS35yb6/rZnXGifesurmz9vzGzvAaMABzkMFhbvmTd4LDPYaztL28Xo0ynIdRP
/d/PBp3ybhWWGsCXw/N7MoAGcpjJApmoaURpCpAzmYRHqzOHO58=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:52:13 2025 by rpki-client