Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/YfDFOhnLYCNveE2lAVUftdQ7wSU.roa
File: YfDFOhnLYCNveE2lAVUftdQ7wSU.roa (raw, json)
Hash identifier: 6q8nAzLhZ7iyIL8O3Bgxs05UIYgBjKycKP1WmXbFe7Q=
Subject key identifier: 61:F0:C5:3A:19:CB:60:23:6F:78:4D:A5:01:55:1F:B5:D4:3B:C1:25
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1BC8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/YfDFOhnLYCNveE2lAVUftdQ7wSU.roa
Signing time: Fri 13 Jun 2025 03:32:24 +0000
ROA not before: Fri 13 Jun 2025 03:32:24 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7112 (0x1bc8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 13 03:32:24 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=61F0C53A19CB60236F784DA501551FB5D43BC125
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:2b:7f:f4:0a:48:3d:1e:d0:32:21:b3:b9:3b:
54:48:0b:e0:83:33:a7:79:3e:98:04:e4:05:8d:04:
b3:fb:7f:8e:a2:74:5a:7c:63:bd:c2:be:44:83:58:
60:e4:2d:c7:51:1d:c5:44:90:40:04:d3:fa:53:7e:
ff:4b:1e:f7:99:48:da:c4:b4:93:c3:d2:5b:78:34:
27:ca:11:db:00:d6:16:9b:33:0e:15:45:8d:c4:28:
a8:58:d8:90:4e:e4:1e:4a:e8:78:48:be:fa:0c:bd:
a4:53:fe:c2:02:39:7b:00:92:b5:32:e6:cf:ba:e4:
95:08:63:06:7b:60:b6:0d:33:b8:2f:7e:8b:1a:3d:
a6:a3:cf:61:90:8b:6c:4b:fc:88:82:47:8a:6a:d1:
09:27:11:d4:63:d8:8e:50:fa:f0:95:23:b8:19:28:
5e:14:50:50:11:a6:eb:42:b0:30:2c:df:12:93:df:
76:6b:ef:3d:fd:7b:bb:f3:30:54:59:99:e5:b1:b5:
1b:79:a3:e7:7d:51:e8:cc:3b:4a:12:0d:8c:ca:ed:
49:71:f0:22:39:e3:f4:ac:d4:20:d6:a0:9d:6d:2d:
c1:d6:70:28:46:75:cc:62:74:02:80:4a:85:42:27:
99:3d:fb:2f:e3:01:47:ce:d0:83:c8:8b:b5:95:d0:
e8:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:F0:C5:3A:19:CB:60:23:6F:78:4D:A5:01:55:1F:B5:D4:3B:C1:25
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/YfDFOhnLYCNveE2lAVUftdQ7wSU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
10:51:b3:54:9f:2b:b2:a6:f7:cd:78:ef:f7:5e:f1:49:54:65:
19:38:31:c4:01:3e:66:47:1d:84:1a:f3:00:34:94:86:8f:b6:
61:9a:2a:09:5e:1d:cb:24:ba:6c:ca:07:91:6f:7a:9b:b8:36:
23:61:e8:27:f3:6c:e6:1b:91:41:52:db:72:5e:67:72:4b:3c:
52:86:b3:42:f5:17:1e:1b:00:29:a1:9a:bb:29:a6:97:c9:ad:
dc:f3:fc:fa:c1:88:f2:6c:11:a9:28:11:a8:9f:0a:06:bb:e6:
73:43:27:29:9a:be:b5:82:d9:90:08:fd:65:d3:b3:ff:f2:d9:
13:51:35:08:cf:68:80:67:38:56:c0:3e:b7:23:78:22:cf:c3:
fb:8b:b6:55:93:d7:c8:5f:4f:ae:a0:d6:17:35:a3:d9:83:88:
d4:41:31:32:93:16:df:9e:42:99:67:6a:9a:dd:9c:ec:8e:ff:
96:2f:c4:63:77:f8:be:53:af:75:a1:58:8c:29:9b:e0:b2:1b:
46:ee:2c:b2:88:2f:7d:79:5f:fe:2f:de:70:bd:d5:68:f2:79:
fc:49:65:fc:47:01:d6:a5:fa:be:1e:45:7f:04:34:c8:ff:4c:
75:e9:26:1e:a5:bd:cb:4d:96:04:60:98:12:9b:80:bf:42:4a:
24:b1:39:c6
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICG8gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTMw
MzMyMjRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDYxRjBDNTNBMTlDQjYw
MjM2Rjc4NERBNTAxNTUxRkI1RDQzQkMxMjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQK3/0Ckg9HtAyIbO5O1RIC+CDM6d5PpgE5AWNBLP7f46idFp8
Y73CvkSDWGDkLcdRHcVEkEAE0/pTfv9LHveZSNrEtJPD0lt4NCfKEdsA1habMw4V
RY3EKKhY2JBO5B5K6HhIvvoMvaRT/sICOXsAkrUy5s+65JUIYwZ7YLYNM7gvfosa
Paajz2GQi2xL/IiCR4pq0QknEdRj2I5Q+vCVI7gZKF4UUFARputCsDAs3xKT33Zr
7z39e7vzMFRZmeWxtRt5o+d9UejMO0oSDYzK7Ulx8CI54/Ss1CDWoJ1tLcHWcChG
dcxidAKASoVCJ5k9+y/jAUfO0IPIi7WV0OhrAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUYfDFOhnLYCNveE2lAVUftdQ7wSUwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9ZZkRGT2huTFlDTnZlRTJs
QVZVZnRkUTd3U1Uucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBABBRs1SfK7Km98147/de8UlUZRk4McQBPmZH
HYQa8wA0lIaPtmGaKgleHcskumzKB5Fvepu4NiNh6CfzbOYbkUFS23JeZ3JLPFKG
s0L1Fx4bACmhmrspppfJrdzz/PrBiPJsEakoEaifCga75nNDJymavrWC2ZAI/WXT
s//y2RNRNQjPaIBnOFbAPrcjeCLPw/uLtlWT18hfT66g1hc1o9mDiNRBMTKTFt+e
QplnaprdnOyO/5YvxGN3+L5Tr3WhWIwpm+CyG0buLLKIL315X/4v3nC91WjyefxJ
ZfxHAdal+r4eRX8ENMj/THXpJh6lvctNlgRgmBKbgL9CSiSxOcY=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:49:40 2025 by rpki-client