Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/ZTH0qlZiX0GwwgGaCh8Po4Di8uY.roa
File: ZTH0qlZiX0GwwgGaCh8Po4Di8uY.roa (raw, json)
Hash identifier: 1TCUMiBo+S8gMDdSF1vRMemGA263uB7aVrxvgynyRX0=
Subject key identifier: 65:31:F4:AA:56:62:5F:41:B0:C2:01:9A:0A:1F:0F:A3:80:E2:F2:E6
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0AF4
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ZTH0qlZiX0GwwgGaCh8Po4Di8uY.roa
Signing time: Wed 21 May 2025 16:38:30 +0000
ROA not before: Wed 21 May 2025 16:38:30 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2804 (0xaf4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 21 16:38:30 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=6531F4AA56625F41B0C2019A0A1F0FA380E2F2E6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:84:e3:e3:e2:fc:02:02:af:19:30:d3:b1:e7:
0e:19:c0:cb:12:e7:0f:5b:ac:69:65:cf:ab:6b:45:
9c:7a:41:73:52:d8:95:cd:3a:68:18:d7:b8:63:80:
b3:3b:e9:9b:9c:8e:4d:c3:a2:49:e7:9a:72:46:b8:
62:11:a5:8a:5a:e4:99:23:d0:0d:97:4c:2a:68:4a:
de:5e:1a:e3:9f:04:a4:7b:aa:ae:6d:8c:f6:46:5e:
59:93:2c:aa:0a:69:99:a3:bb:d4:08:84:d8:46:f6:
1e:e6:92:1b:aa:40:a8:25:ca:c2:75:10:82:19:8c:
91:a4:fb:3c:17:c3:8a:b3:24:3c:7d:cd:08:2a:8a:
fe:21:20:88:13:97:37:7c:3d:12:9e:bf:e1:f3:9c:
f1:61:96:cc:ac:d2:c6:9e:df:8e:0f:a7:1c:d2:f8:
b2:ff:a4:9d:ee:d7:a8:c2:f5:86:df:e8:a5:51:e7:
4b:46:26:57:e7:be:ac:7e:d1:bf:30:4e:1a:0e:8a:
16:00:65:68:45:1a:7b:bb:98:4d:4a:a9:4e:50:4d:
a9:0b:3b:73:97:fe:28:42:76:a1:34:f5:de:00:7d:
96:0f:34:c4:6f:5d:03:49:49:ae:63:35:68:e7:9e:
ff:2e:31:92:7d:9e:af:66:65:52:65:1e:0f:64:dd:
85:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:31:F4:AA:56:62:5F:41:B0:C2:01:9A:0A:1F:0F:A3:80:E2:F2:E6
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ZTH0qlZiX0GwwgGaCh8Po4Di8uY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
89:9f:1a:f5:e4:c9:27:d9:8a:4d:b1:8c:bc:c8:ed:80:bb:54:
7f:f6:1c:84:8d:b6:02:36:fe:11:b3:ce:81:a9:d2:42:1a:ca:
1a:98:a6:98:54:bd:58:c9:28:83:0c:b6:79:56:9f:e6:8a:a0:
5e:7d:82:b5:ff:7e:ac:f6:24:c6:01:ac:55:0e:a0:75:93:86:
22:86:48:d2:e1:e4:4f:21:31:6b:2a:b7:42:86:36:28:93:e9:
48:9d:a8:5a:cb:42:32:b2:e9:ce:04:f9:f1:4e:16:fe:72:ff:
11:11:d9:d4:24:82:ef:19:11:8d:3f:71:77:97:63:5b:ee:a7:
15:81:86:49:6a:f4:ed:70:49:53:a8:f0:0b:40:a5:ca:7b:04:
cb:98:a0:c2:56:08:e1:5b:7f:85:be:cd:3e:27:70:61:b7:ca:
f3:58:e4:8e:11:a0:c1:c7:55:29:77:cb:76:15:c4:1d:2d:3f:
31:94:22:7a:96:1d:98:9f:dd:a5:50:a6:f3:89:b7:e9:0f:43:
f8:46:a2:d1:ae:40:78:93:1f:bb:14:05:b0:46:a3:1a:d2:37:
8b:1b:2d:ab:3a:49:c2:6f:91:26:bb:c6:7f:37:c1:38:e4:22:
d8:ef:cf:43:9a:6f:f8:ac:3e:02:a3:3a:ce:2c:13:08:e3:34:
ef:48:bb:1c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICCvQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjEx
NjM4MzBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDY1MzFGNEFBNTY2MjVG
NDFCMEMyMDE5QTBBMUYwRkEzODBFMkYyRTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9hOPj4vwCAq8ZMNOx5w4ZwMsS5w9brGllz6trRZx6QXNS2JXN
OmgY17hjgLM76Zucjk3DoknnmnJGuGIRpYpa5Jkj0A2XTCpoSt5eGuOfBKR7qq5t
jPZGXlmTLKoKaZmju9QIhNhG9h7mkhuqQKglysJ1EIIZjJGk+zwXw4qzJDx9zQgq
iv4hIIgTlzd8PRKev+HznPFhlsys0sae344PpxzS+LL/pJ3u16jC9Ybf6KVR50tG
Jlfnvqx+0b8wThoOihYAZWhFGnu7mE1KqU5QTakLO3OX/ihCdqE09d4AfZYPNMRv
XQNJSa5jNWjnnv8uMZJ9nq9mZVJlHg9k3YXzAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUZTH0qlZiX0GwwgGaCh8Po4Di8uYwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9aVEgwcWxaaVgwR3d3Z0dh
Q2g4UG80RGk4dVkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAImfGvXkySfZik2xjLzI7YC7VH/2HISNtgI2
/hGzzoGp0kIayhqYpphUvVjJKIMMtnlWn+aKoF59grX/fqz2JMYBrFUOoHWThiKG
SNLh5E8hMWsqt0KGNiiT6UidqFrLQjKy6c4E+fFOFv5y/xER2dQkgu8ZEY0/cXeX
Y1vupxWBhklq9O1wSVOo8AtApcp7BMuYoMJWCOFbf4W+zT4ncGG3yvNY5I4RoMHH
VSl3y3YVxB0tPzGUInqWHZif3aVQpvOJt+kPQ/hGotGuQHiTH7sUBbBGoxrSN4sb
Las6ScJvkSa7xn83wTjkItjvz0Oab/isPgKjOs4sEwjjNO9Iuxw=
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:01:33 2025 by rpki-client