Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/YXHCBjfvtpeoWv_mLznJ9enYJk8.roa
File: YXHCBjfvtpeoWv_mLznJ9enYJk8.roa (raw, json)
Hash identifier: H/aluPw3dKGZhmUAz+uHpW3Jy2YUHOy7FSHiguN3oVU=
Subject key identifier: 61:71:C2:06:37:EF:B6:97:A8:5A:FF:E6:2F:39:C9:F5:E9:D8:26:4F
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2418
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/YXHCBjfvtpeoWv_mLznJ9enYJk8.roa
Signing time: Tue 24 Jun 2025 16:42:00 +0000
ROA not before: Tue 24 Jun 2025 16:42:00 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9240 (0x2418)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 24 16:42:00 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=6171C20637EFB697A85AFFE62F39C9F5E9D8264F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:a8:ff:64:4d:c5:d0:d3:04:f5:0d:03:62:96:
cb:2f:b7:88:51:cf:92:45:7e:cd:c4:e6:4d:9b:cd:
88:80:47:31:c6:d2:6b:e3:85:8a:4d:10:82:a2:c5:
22:3b:46:d7:a2:d2:5f:c8:fd:c9:5a:9d:39:4a:86:
c7:2a:cf:4a:e2:50:c6:d5:22:49:7b:72:25:31:16:
8a:e2:b5:e6:5e:49:0f:24:0b:b1:73:32:9f:b4:f6:
8f:51:ef:bd:af:94:3a:65:d8:a2:c9:21:b5:5c:89:
0c:c9:1d:c1:f8:ea:cb:cb:20:dc:2a:89:54:48:57:
46:05:59:b8:0b:85:80:9e:10:00:d0:c5:0c:5f:d1:
b2:4f:33:27:b1:a7:1b:6e:44:02:4a:8d:20:0b:20:
44:60:e7:2b:34:f7:a2:af:56:0b:f6:a1:73:93:6d:
2e:a4:d7:ef:38:b9:65:fa:3b:4a:2a:32:39:83:fd:
09:3f:f7:5e:10:31:0f:38:1a:80:76:32:3c:b8:48:
f3:98:65:a0:22:d4:df:8e:76:27:02:9d:f3:b3:c0:
79:de:81:61:b9:22:ee:c0:05:76:be:d6:db:3c:32:
5f:e0:d1:f1:5d:2d:94:a4:b4:94:ff:fc:39:67:72:
3c:a1:50:89:c8:86:ee:73:91:ee:56:a5:ae:98:09:
d8:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:71:C2:06:37:EF:B6:97:A8:5A:FF:E6:2F:39:C9:F5:E9:D8:26:4F
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/YXHCBjfvtpeoWv_mLznJ9enYJk8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3f:2d:98:61:5d:02:cd:6f:44:33:61:dc:aa:77:d6:de:cc:dd:
ec:18:d6:4f:fa:72:b6:8f:23:86:6a:b3:31:fd:a3:f7:85:77:
37:4d:de:24:95:d5:a0:c2:fa:26:75:53:e3:eb:2f:e2:a5:70:
72:af:b7:12:4a:6c:f2:10:4d:5b:70:83:f4:75:64:ff:bc:c5:
8c:e3:be:57:2c:5f:e1:40:2f:04:7d:63:8a:18:c1:b1:7c:90:
9a:42:d9:0b:a7:29:76:a3:ae:07:43:a7:50:36:69:0a:fd:0d:
5e:05:b4:f5:18:7c:96:bb:6a:e4:78:d5:1f:b2:19:d0:35:04:
60:ac:8c:70:52:b5:20:09:26:24:66:13:bc:ad:ca:32:b5:af:
d7:c5:58:03:bd:da:8c:53:0e:90:c7:1b:81:82:05:90:24:21:
19:3c:ce:a6:65:32:26:43:4a:62:08:06:74:d0:bb:6a:ac:2e:
89:87:b9:da:76:0c:df:7c:3f:d3:c2:cd:01:87:88:7f:00:50:
5c:2a:2f:c5:41:fd:08:0d:3b:3b:cd:79:47:f9:d0:a5:cf:4c:
6e:0c:19:d4:c9:b0:47:34:bd:1e:6f:70:60:6c:cc:c1:ff:e7:
07:04:39:2f:f8:2f:54:3a:19:6c:55:ea:3d:31:db:90:4b:67:
6e:40:e7:93
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICJBgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjQx
NjQyMDBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDYxNzFDMjA2MzdFRkI2
OTdBODVBRkZFNjJGMzlDOUY1RTlEODI2NEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSqP9kTcXQ0wT1DQNilssvt4hRz5JFfs3E5k2bzYiARzHG0mvj
hYpNEIKixSI7Rtei0l/I/clanTlKhscqz0riUMbVIkl7ciUxForiteZeSQ8kC7Fz
Mp+09o9R772vlDpl2KLJIbVciQzJHcH46svLINwqiVRIV0YFWbgLhYCeEADQxQxf
0bJPMyexpxtuRAJKjSALIERg5ys096KvVgv2oXOTbS6k1+84uWX6O0oqMjmD/Qk/
914QMQ84GoB2Mjy4SPOYZaAi1N+OdicCnfOzwHnegWG5Iu7ABXa+1ts8Ml/g0fFd
LZSktJT//DlncjyhUInIhu5zke5Wpa6YCdjZAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUYXHCBjfvtpeoWv/mLznJ9enYJk8wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9ZWEhDQmpmdnRwZW9Xdl9t
THpuSjllbllKazgucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAD8tmGFdAs1vRDNh3Kp31t7M3ewY1k/6craP
I4ZqszH9o/eFdzdN3iSV1aDC+iZ1U+PrL+KlcHKvtxJKbPIQTVtwg/R1ZP+8xYzj
vlcsX+FALwR9Y4oYwbF8kJpC2QunKXajrgdDp1A2aQr9DV4FtPUYfJa7auR41R+y
GdA1BGCsjHBStSAJJiRmE7ytyjK1r9fFWAO92oxTDpDHG4GCBZAkIRk8zqZlMiZD
SmIIBnTQu2qsLomHudp2DN98P9PCzQGHiH8AUFwqL8VB/QgNOzvNeUf50KXPTG4M
GdTJsEc0vR5vcGBszMH/5wcEOS/4L1Q6GWxV6j0x25BLZ25A55M=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:43:07 2025 by rpki-client