Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/XZPFTDf7gDo7fIfXC-z3UfT7bSg.roa
File: XZPFTDf7gDo7fIfXC-z3UfT7bSg.roa (raw, json)
Hash identifier: MRasOcCWoEYQojo3kkd3/s1ikmEJWuGOaRz6qzrnB9Y=
Subject key identifier: 5D:93:C5:4C:37:FB:80:3A:3B:7C:87:D7:0B:EC:F7:51:F4:FB:6D:28
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1DB4
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XZPFTDf7gDo7fIfXC-z3UfT7bSg.roa
Signing time: Sun 15 Jun 2025 16:39:59 +0000
ROA not before: Sun 15 Jun 2025 16:39:59 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7604 (0x1db4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 15 16:39:59 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=5D93C54C37FB803A3B7C87D70BECF751F4FB6D28
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:0e:42:6a:67:a4:26:96:6d:3d:45:90:10:cd:
c8:c7:b0:99:f8:41:5a:cb:87:c4:9f:ff:9b:0f:e9:
f4:7d:76:a8:f1:7f:97:0d:89:cb:17:15:76:db:f2:
3e:f3:68:2f:3f:16:b7:b9:f5:d0:2b:1d:a7:ad:46:
70:ef:40:07:4b:d5:59:e0:60:a5:91:a0:35:f7:b2:
46:9c:37:eb:ae:3f:b9:d5:77:13:bf:f1:1f:24:87:
a0:84:27:c8:4e:e7:51:b0:9d:eb:e2:6a:ad:39:ba:
c4:e5:1a:36:90:5d:7e:4a:6d:05:6b:a0:92:f2:24:
e8:6e:92:d3:13:97:db:a1:90:e5:e8:73:db:36:59:
ec:7b:4d:dc:50:4b:53:57:f7:fc:2d:da:1b:b1:1d:
63:2c:59:2e:22:61:93:53:be:a6:44:54:b7:2c:d5:
fd:da:dd:aa:32:2f:a7:44:fa:ff:c5:97:bd:31:62:
5b:12:5e:5e:04:2c:2e:3a:5e:6e:60:4a:af:da:9b:
35:52:90:d9:8f:49:98:89:d0:8c:95:6c:c4:d2:1c:
48:83:bc:48:3a:5d:01:0c:ae:50:8a:d4:0f:f4:bd:
82:31:75:d7:9b:79:78:8d:f0:07:67:ab:60:2c:9a:
c0:42:7b:24:05:ac:62:87:2b:70:d9:dc:18:03:c3:
be:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:93:C5:4C:37:FB:80:3A:3B:7C:87:D7:0B:EC:F7:51:F4:FB:6D:28
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XZPFTDf7gDo7fIfXC-z3UfT7bSg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
88:19:69:93:36:a6:27:c7:b3:12:02:34:91:eb:4f:7b:a9:ec:
e6:4f:cc:6d:8c:8e:f4:fe:1f:41:3e:55:ca:30:ca:40:49:fe:
55:48:4a:bf:a8:68:f5:3a:c3:ff:bd:0d:d0:f6:d0:c4:fb:b8:
d2:ba:bc:44:14:8e:e1:13:62:8a:39:50:5a:98:cb:7a:6e:57:
ab:31:9b:7f:c3:3a:22:31:a7:7d:b3:be:c9:69:8e:2f:7c:5a:
9c:74:27:4b:d5:f0:83:0b:dd:d8:65:5f:c8:cb:7e:18:9f:3f:
6a:a3:f2:f9:8c:0d:38:4e:25:5f:14:69:7a:8f:7a:dd:6d:25:
51:e9:31:57:ae:59:cd:36:3f:32:5e:29:56:bf:52:79:3c:e6:
12:0f:0f:c0:b7:c2:ba:75:a0:78:e9:66:12:48:3a:dc:79:01:
85:d6:66:dd:60:76:8b:d8:de:c0:9c:c7:13:f5:2b:8d:2c:5e:
b6:0a:e1:e5:3e:73:bf:e2:46:c0:db:74:a5:67:2a:a5:ff:d9:
96:22:af:5a:49:43:e8:4b:cf:46:73:0f:91:09:04:3b:c9:3d:
3f:46:a8:3e:9b:56:45:6e:7b:41:d3:ab:88:4f:e0:b6:bc:d4:
e7:10:8a:f2:4c:73:21:76:cf:63:79:b4:15:21:16:fb:ff:3d:
c8:ca:f7:5c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHbQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTUx
NjM5NTlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDVEOTNDNTRDMzdGQjgw
M0EzQjdDODdENzBCRUNGNzUxRjRGQjZEMjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDkDkJqZ6Qmlm09RZAQzcjHsJn4QVrLh8Sf/5sP6fR9dqjxf5cN
icsXFXbb8j7zaC8/Fre59dArHaetRnDvQAdL1VngYKWRoDX3skacN+uuP7nVdxO/
8R8kh6CEJ8hO51Gwneviaq05usTlGjaQXX5KbQVroJLyJOhuktMTl9uhkOXoc9s2
Wex7TdxQS1NX9/wt2huxHWMsWS4iYZNTvqZEVLcs1f3a3aoyL6dE+v/Fl70xYlsS
Xl4ELC46Xm5gSq/amzVSkNmPSZiJ0IyVbMTSHEiDvEg6XQEMrlCK1A/0vYIxddeb
eXiN8Adnq2AsmsBCeyQFrGKHK3DZ3BgDw75NAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUXZPFTDf7gDo7fIfXC+z3UfT7bSgwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9YWlBGVERmN2dEbzdmSWZY
Qy16M1VmVDdiU2cucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIgZaZM2pifHsxICNJHrT3up7OZPzG2MjvT+
H0E+VcowykBJ/lVISr+oaPU6w/+9DdD20MT7uNK6vEQUjuETYoo5UFqYy3puV6sx
m3/DOiIxp32zvslpji98Wpx0J0vV8IML3dhlX8jLfhifP2qj8vmMDThOJV8UaXqP
et1tJVHpMVeuWc02PzJeKVa/Unk85hIPD8C3wrp1oHjpZhJIOtx5AYXWZt1gdovY
3sCcxxP1K40sXrYK4eU+c7/iRsDbdKVnKqX/2ZYir1pJQ+hLz0ZzD5EJBDvJPT9G
qD6bVkVue0HTq4hP4La81OcQivJMcyF2z2N5tBUhFvv/PcjK91w=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:56:54 2025 by rpki-client