Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/XO4dKjw4uE-Xh52NgbHd5c9Z9NI.roa
File: XO4dKjw4uE-Xh52NgbHd5c9Z9NI.roa (raw, json)
Hash identifier: qWIIxRCnf1Ax9gFMi0PLU9x2b9itCM/We4mjA2lDSxw=
Subject key identifier: 5C:EE:1D:2A:3C:38:B8:4F:97:87:9D:8D:81:B1:DD:E5:CF:59:F4:D2
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2250
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XO4dKjw4uE-Xh52NgbHd5c9Z9NI.roa
Signing time: Sun 22 Jun 2025 07:41:50 +0000
ROA not before: Sun 22 Jun 2025 07:41:50 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8784 (0x2250)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 22 07:41:50 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=5CEE1D2A3C38B84F97879D8D81B1DDE5CF59F4D2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:c2:6b:0f:68:60:75:cd:72:9c:5b:b2:fc:62:
eb:60:81:1b:63:91:8b:03:c6:b4:93:f6:d1:ec:75:
17:d8:af:18:e0:bc:a6:2b:45:b5:7b:5d:3c:a4:bc:
be:92:f7:0b:a7:e8:cc:10:0b:ad:ab:e7:b2:9f:90:
9b:12:7e:1d:9a:03:ed:23:c8:dc:a9:92:e9:b8:d8:
a3:5b:64:13:85:7b:a6:ac:b1:05:b6:61:31:9a:38:
7c:26:51:57:7e:a2:fe:6f:e6:c4:63:9c:4b:87:a5:
e8:d1:f3:23:c5:c7:f6:7d:4a:2f:c5:d5:64:09:e0:
e8:0a:97:57:c3:86:13:28:11:42:dd:2e:2f:87:36:
9b:58:51:a3:a8:45:3c:ef:61:25:e9:cd:dc:38:bb:
9a:f7:6c:97:46:ea:2b:66:7b:87:87:61:58:90:c7:
72:da:f7:6c:f2:57:87:b8:4a:d3:eb:23:ed:68:70:
e4:04:31:11:88:81:04:b7:d5:0a:5a:c1:bd:84:b5:
e1:10:fa:1b:1f:17:d4:47:7a:bc:66:c8:78:25:85:
e1:60:fb:3d:36:db:3a:35:40:e7:1a:23:bf:21:82:
da:70:0d:7b:d7:a5:05:f6:4f:88:33:94:03:d9:a3:
11:d5:61:3c:82:12:bd:d4:7e:e5:4d:50:15:96:72:
82:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:EE:1D:2A:3C:38:B8:4F:97:87:9D:8D:81:B1:DD:E5:CF:59:F4:D2
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XO4dKjw4uE-Xh52NgbHd5c9Z9NI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7b:2d:77:cc:da:32:aa:07:18:d2:ff:62:43:a0:d6:ca:39:1e:
e0:aa:ac:f8:0b:1f:9a:60:41:5a:1f:0b:3e:ff:81:f2:cf:36:
bb:9a:9a:dc:72:a7:ca:5e:6c:a4:40:8f:ab:9b:00:b7:a7:00:
92:57:92:38:5e:61:8e:e5:03:30:7d:ae:44:12:4f:0a:27:a4:
2b:f2:fb:24:22:e6:d8:a6:a3:62:7a:dd:48:d5:68:12:3c:5a:
6c:74:84:df:3c:69:bf:59:bb:10:53:e0:68:07:16:68:43:44:
dc:ea:d1:c0:71:ab:c7:77:aa:00:12:fe:da:11:d0:b1:fc:98:
12:bc:c9:76:a2:89:ae:20:3c:9e:4b:ad:d9:d9:4c:fd:fe:d3:
f8:b0:f6:6a:fd:0d:bd:c8:bb:cc:08:cf:21:0e:61:54:31:ec:
ff:bc:48:00:95:dd:37:31:57:61:b9:d1:e0:63:b0:10:d6:e6:
c0:2a:72:44:74:7f:36:34:dc:d7:81:b6:ac:2b:15:9d:28:7b:
e5:e7:d5:dd:cf:93:10:b5:76:b8:69:7e:c0:d2:df:ea:d5:f1:
af:83:4f:99:17:70:c2:e8:45:b2:0c:98:1d:f8:1e:6d:76:76:
d1:13:71:b3:2e:14:27:67:1e:98:b9:8a:25:97:52:16:82:98:
b8:aa:c1:41
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIlAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjIw
NzQxNTBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDVDRUUxRDJBM0MzOEI4
NEY5Nzg3OUQ4RDgxQjFEREU1Q0Y1OUY0RDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0wmsPaGB1zXKcW7L8YutggRtjkYsDxrST9tHsdRfYrxjgvKYr
RbV7XTykvL6S9wun6MwQC62r57KfkJsSfh2aA+0jyNypkum42KNbZBOFe6assQW2
YTGaOHwmUVd+ov5v5sRjnEuHpejR8yPFx/Z9Si/F1WQJ4OgKl1fDhhMoEULdLi+H
NptYUaOoRTzvYSXpzdw4u5r3bJdG6itme4eHYViQx3La92zyV4e4StPrI+1ocOQE
MRGIgQS31Qpawb2EteEQ+hsfF9RHerxmyHglheFg+z022zo1QOcaI78hgtpwDXvX
pQX2T4gzlAPZoxHVYTyCEr3UfuVNUBWWcoJjAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUXO4dKjw4uE+Xh52NgbHd5c9Z9NIwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9YTzRkS2p3NHVFLVhoNTJO
Z2JIZDVjOVo5Tkkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAHstd8zaMqoHGNL/YkOg1so5HuCqrPgLH5pg
QVofCz7/gfLPNruamtxyp8pebKRAj6ubALenAJJXkjheYY7lAzB9rkQSTwonpCvy
+yQi5timo2J63UjVaBI8Wmx0hN88ab9ZuxBT4GgHFmhDRNzq0cBxq8d3qgAS/toR
0LH8mBK8yXaiia4gPJ5LrdnZTP3+0/iw9mr9Db3Iu8wIzyEOYVQx7P+8SACV3Tcx
V2G50eBjsBDW5sAqckR0fzY03NeBtqwrFZ0oe+Xn1d3PkxC1drhpfsDS3+rV8a+D
T5kXcMLoRbIMmB34Hm12dtETcbMuFCdnHpi5iiWXUhaCmLiqwUE=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:49:36 2025 by rpki-client