Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/ZMlvfnbzo1MqwefZtDNAT1TzUBc.roa
File: ZMlvfnbzo1MqwefZtDNAT1TzUBc.roa (raw, json)
Hash identifier: PFz3CytR+EbcXpC+CglRGJMW8zCLtZQd+iz4PGoGri4=
Subject key identifier: 64:C9:6F:7E:76:F3:A3:53:2A:C1:E7:D9:B4:33:40:4F:54:F3:50:17
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2404
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ZMlvfnbzo1MqwefZtDNAT1TzUBc.roa
Signing time: Tue 24 Jun 2025 14:12:02 +0000
ROA not before: Tue 24 Jun 2025 14:12:02 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9220 (0x2404)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 24 14:12:02 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=64C96F7E76F3A3532AC1E7D9B433404F54F35017
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:16:1b:4e:57:79:fe:c3:67:4c:4b:17:a2:99:
f5:11:24:2d:97:61:41:47:70:66:7b:31:bc:41:0c:
91:5a:31:8a:89:b4:2a:51:b3:04:0e:2f:27:a0:a8:
48:4f:91:96:16:56:2e:ae:b5:b5:c3:c1:73:09:79:
ad:6d:31:4b:38:40:1b:e1:ab:f2:ef:83:a8:34:85:
73:51:56:ae:46:51:fd:ba:60:4e:b3:fd:9f:c0:16:
00:96:cc:89:b0:1a:c7:c9:a3:18:6a:d2:0b:49:63:
7d:eb:c3:ab:0a:b7:7a:de:29:51:83:14:12:4d:5c:
6e:63:3d:f7:cb:39:7b:d5:67:7d:67:d3:26:e8:08:
ef:bf:d1:1f:e8:e2:51:a2:53:a3:d2:ee:b5:a8:cd:
f2:dd:27:c6:34:f3:0a:4d:ad:6a:65:27:84:a5:8b:
9e:2a:c0:7e:e4:e6:03:75:12:6f:6b:17:96:77:47:
7a:7e:c2:32:6c:8d:0f:92:ce:43:53:a8:6d:7f:ee:
4d:6e:cf:b8:f0:6b:51:69:7e:fc:7a:a8:60:78:45:
2d:76:3f:14:a4:3b:f4:cd:f3:4c:64:1e:01:2f:3a:
2e:05:b1:f9:71:42:38:bb:60:d8:c8:45:ca:41:39:
7f:3b:1f:1f:9c:c3:8a:88:b1:0f:71:06:30:dd:57:
45:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:C9:6F:7E:76:F3:A3:53:2A:C1:E7:D9:B4:33:40:4F:54:F3:50:17
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ZMlvfnbzo1MqwefZtDNAT1TzUBc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2a:57:99:e5:5a:ed:5c:cd:51:57:f8:d1:7f:97:ca:8b:3b:6f:
e7:32:9c:dc:88:5d:a6:60:3a:b3:9d:a4:68:b1:c4:3e:26:95:
5d:28:c0:47:2a:be:49:7f:21:a0:8e:42:e2:12:32:23:68:d2:
70:fc:f6:dc:b7:34:8a:db:21:ab:2f:3c:53:e4:32:7e:4b:1d:
25:f1:1e:30:85:29:17:b9:10:07:ce:a1:e2:f0:ed:1d:8b:5a:
97:0c:37:77:d9:1d:a1:ba:f7:0b:46:93:42:7b:27:bf:aa:78:
e5:4b:66:f9:bd:33:54:e6:2e:d4:83:12:aa:5b:e6:e8:1b:1d:
69:24:84:3c:f2:b9:f2:9c:07:7c:12:4e:00:80:1d:72:a2:f7:
e5:b8:6b:de:a3:23:29:9b:e5:20:35:e5:c7:c4:3c:2d:69:f0:
91:c2:9d:8e:ac:5b:5f:e0:ff:6b:8d:73:4c:4c:63:41:1d:e9:
4a:3f:1e:3d:ce:3c:d7:ab:12:fe:43:4d:84:7e:79:f5:ca:19:
75:64:40:35:4e:f9:9e:8f:9f:a8:5b:64:95:05:66:95:55:64:
1c:1f:a9:c0:39:13:13:c7:21:db:dc:4c:55:0b:dc:e5:59:e3:
7d:6a:9e:0b:a9:1f:5f:17:17:d8:a6:0e:77:49:f2:8c:d9:5a:
36:0b:38:44
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICJAQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjQx
NDEyMDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDY0Qzk2RjdFNzZGM0Ez
NTMyQUMxRTdEOUI0MzM0MDRGNTRGMzUwMTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJFhtOV3n+w2dMSxeimfURJC2XYUFHcGZ7MbxBDJFaMYqJtCpR
swQOLyegqEhPkZYWVi6utbXDwXMJea1tMUs4QBvhq/Lvg6g0hXNRVq5GUf26YE6z
/Z/AFgCWzImwGsfJoxhq0gtJY33rw6sKt3reKVGDFBJNXG5jPffLOXvVZ31n0ybo
CO+/0R/o4lGiU6PS7rWozfLdJ8Y08wpNrWplJ4Sli54qwH7k5gN1Em9rF5Z3R3p+
wjJsjQ+SzkNTqG1/7k1uz7jwa1Fpfvx6qGB4RS12PxSkO/TN80xkHgEvOi4Fsflx
Qji7YNjIRcpBOX87Hx+cw4qIsQ9xBjDdV0XNAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUZMlvfnbzo1MqwefZtDNAT1TzUBcwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9aTWx2Zm5iem8xTXF3ZWZa
dEROQVQxVHpVQmMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACpXmeVa7VzNUVf40X+Xyos7b+cynNyIXaZg
OrOdpGixxD4mlV0owEcqvkl/IaCOQuISMiNo0nD89ty3NIrbIasvPFPkMn5LHSXx
HjCFKRe5EAfOoeLw7R2LWpcMN3fZHaG69wtGk0J7J7+qeOVLZvm9M1TmLtSDEqpb
5ugbHWkkhDzyufKcB3wSTgCAHXKi9+W4a96jIymb5SA15cfEPC1p8JHCnY6sW1/g
/2uNc0xMY0Ed6Uo/Hj3OPNerEv5DTYR+efXKGXVkQDVO+Z6Pn6hbZJUFZpVVZBwf
qcA5ExPHIdvcTFUL3OVZ431qngupH18XF9imDndJ8ozZWjYLOEQ=
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:51:23 2025 by rpki-client