Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/ZKl1gjz7Qjpi8N7NV216mdh7kZ4.roa
File: ZKl1gjz7Qjpi8N7NV216mdh7kZ4.roa (raw, json)
Hash identifier: OELrbRUQRFwWDrTlO7zt82E92aTRRFTz8XxqzIO31aY=
Subject key identifier: 64:A9:75:82:3C:FB:42:3A:62:F0:DE:CD:57:6D:7A:99:D8:7B:91:9E
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 23FC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ZKl1gjz7Qjpi8N7NV216mdh7kZ4.roa
Signing time: Tue 24 Jun 2025 13:12:09 +0000
ROA not before: Tue 24 Jun 2025 13:12:09 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9212 (0x23fc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 24 13:12:09 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=64A975823CFB423A62F0DECD576D7A99D87B919E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:54:e0:b4:76:b6:ca:9a:69:55:96:39:e9:b3:
41:27:64:11:e4:a8:38:be:7f:10:81:5e:86:cb:4f:
59:75:82:71:85:f4:97:98:c8:af:29:85:f9:23:c0:
35:7f:d9:4d:8d:7c:7e:dc:7c:0c:d7:9d:f9:13:61:
f4:2a:21:71:c6:02:b4:99:a5:ba:32:c7:bf:6b:b6:
0b:6d:16:9d:f0:51:da:82:6b:a7:83:16:0e:f5:f6:
d9:6f:cb:bd:42:78:e0:b3:94:df:5a:9c:c0:a8:51:
b1:42:0c:63:ed:b3:29:5d:54:65:f6:49:c1:03:d1:
0e:07:d4:45:38:3a:93:ed:86:b0:df:bd:08:9e:11:
eb:d5:b8:42:bf:1c:4b:36:a9:94:79:8b:18:8b:79:
87:d1:7d:9c:a2:b4:8a:49:63:ea:07:89:af:f3:8a:
cc:b9:29:39:4d:2c:16:97:91:8a:a8:63:69:03:8b:
66:17:f1:99:b3:48:2b:4b:d5:23:ad:6f:bb:3f:92:
ec:f7:1e:00:24:b1:0a:af:75:11:52:f4:be:8a:66:
7d:42:17:d5:01:35:83:4c:15:ba:ad:f4:94:ec:27:
c2:e0:03:f1:76:55:0d:da:69:37:fa:b1:52:71:66:
9f:1e:db:86:08:f4:9b:1a:67:0a:fb:fa:00:6f:98:
23:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:A9:75:82:3C:FB:42:3A:62:F0:DE:CD:57:6D:7A:99:D8:7B:91:9E
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ZKl1gjz7Qjpi8N7NV216mdh7kZ4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4a:a3:d3:a1:fe:4c:63:53:50:48:f7:b3:a4:3b:2f:8c:6a:18:
84:ba:55:98:e6:cd:ad:58:06:b0:e8:5f:41:87:ba:04:bf:43:
c9:1b:14:a5:29:ad:02:c8:03:f3:d5:96:70:09:ce:9c:35:cc:
1b:b0:ff:b6:1d:c9:c6:72:64:c1:8a:70:cf:61:b0:6d:4c:0e:
69:91:fc:49:33:5e:27:d2:44:e0:27:60:e1:7a:81:fe:90:36:
3a:5b:83:2c:f3:ff:d6:8b:35:c5:f7:c5:74:3e:65:be:60:6a:
80:f1:5d:af:d3:b9:9f:8a:54:d3:2f:0a:6a:91:17:14:a3:8a:
63:63:66:33:f8:30:c7:5f:87:c2:b8:5c:13:8d:ca:33:85:d0:
3d:86:23:19:6c:aa:95:37:17:c2:c9:22:25:34:0f:72:3a:95:
c1:44:0b:a8:42:db:b5:bb:44:83:c4:a1:bb:f8:9c:ec:89:cd:
eb:d8:6c:55:63:90:76:cd:7a:1c:c7:9f:af:9f:80:9f:55:29:
e7:25:18:72:13:48:b1:81:3b:bb:81:2b:f6:30:63:d8:02:e6:
82:02:76:d9:f7:86:8f:cb:04:d0:c8:d2:51:cb:3c:d5:15:f5:
2f:66:22:f0:b2:46:b3:9e:b3:52:80:30:77:75:3f:d7:08:49:
3b:9f:97:bf
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICI/wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjQx
MzEyMDlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDY0QTk3NTgyM0NGQjQy
M0E2MkYwREVDRDU3NkQ3QTk5RDg3QjkxOUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD1VOC0drbKmmlVljnps0EnZBHkqDi+fxCBXobLT1l1gnGF9JeY
yK8phfkjwDV/2U2NfH7cfAzXnfkTYfQqIXHGArSZpboyx79rtgttFp3wUdqCa6eD
Fg719tlvy71CeOCzlN9anMCoUbFCDGPtsyldVGX2ScED0Q4H1EU4OpPthrDfvQie
EevVuEK/HEs2qZR5ixiLeYfRfZyitIpJY+oHia/zisy5KTlNLBaXkYqoY2kDi2YX
8ZmzSCtL1SOtb7s/kuz3HgAksQqvdRFS9L6KZn1CF9UBNYNMFbqt9JTsJ8LgA/F2
VQ3aaTf6sVJxZp8e24YI9JsaZwr7+gBvmCMBAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUZKl1gjz7Qjpi8N7NV216mdh7kZ4wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9aS2wxZ2p6N1FqcGk4TjdO
VjIxNm1kaDdrWjQucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAEqj06H+TGNTUEj3s6Q7L4xqGIS6VZjmza1Y
BrDoX0GHugS/Q8kbFKUprQLIA/PVlnAJzpw1zBuw/7YdycZyZMGKcM9hsG1MDmmR
/EkzXifSROAnYOF6gf6QNjpbgyzz/9aLNcX3xXQ+Zb5gaoDxXa/TuZ+KVNMvCmqR
FxSjimNjZjP4MMdfh8K4XBONyjOF0D2GIxlsqpU3F8LJIiU0D3I6lcFEC6hC27W7
RIPEobv4nOyJzevYbFVjkHbNehzHn6+fgJ9VKeclGHITSLGBO7uBK/YwY9gC5oIC
dtn3ho/LBNDI0lHLPNUV9S9mIvCyRrOes1KAMHd1P9cISTufl78=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:53:14 2025 by rpki-client