Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/ZkxtZLvyhi8HLatSY61HUkWEp-E.roa
File: ZkxtZLvyhi8HLatSY61HUkWEp-E.roa (raw, json)
Hash identifier: 0H7gEBOURb2RDMuuSVn49YOAPa3wFoxwLD9YNJpZoyU=
Subject key identifier: 66:4C:6D:64:BB:F2:86:2F:07:2D:AB:52:63:AD:47:52:45:84:A7:E1
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 244C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ZkxtZLvyhi8HLatSY61HUkWEp-E.roa
Signing time: Tue 24 Jun 2025 23:12:14 +0000
ROA not before: Tue 24 Jun 2025 23:12:14 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9292 (0x244c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 24 23:12:14 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=664C6D64BBF2862F072DAB5263AD47524584A7E1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:2f:4c:63:04:af:46:ab:25:08:fe:af:fe:16:
a4:99:cd:ef:7b:b9:0c:c2:74:38:46:bf:b2:44:4f:
9b:06:83:78:15:3c:0d:ff:c0:a7:40:f7:0c:d2:5e:
d4:67:98:63:98:49:cc:30:10:29:7a:59:3f:50:cb:
2c:8a:c4:6b:73:4d:6a:87:22:79:24:5e:30:16:bc:
f7:c9:f4:fd:30:1b:07:5a:90:92:c2:cb:33:0f:93:
11:d1:c5:93:12:96:eb:39:b2:6e:55:92:2f:c6:fa:
1e:60:5e:15:e3:ea:90:b1:ce:d4:c8:df:f8:51:71:
e1:c5:0d:c5:82:34:90:42:74:4e:df:af:38:17:99:
b5:64:86:52:83:11:33:33:e8:68:74:1d:8f:12:13:
51:98:a6:61:63:87:ec:df:44:24:16:ef:ad:f5:88:
8c:e0:b3:ff:68:38:46:da:2a:c2:d3:ad:a4:74:ed:
89:65:5e:d2:74:fe:1d:d7:2f:cd:40:34:bb:ab:1a:
6b:49:ff:0e:98:b7:1a:36:bf:12:87:0b:8f:0d:ab:
9c:24:fd:34:bb:5b:6f:86:bd:c3:b5:88:c7:cd:d1:
7a:46:1c:43:18:34:f2:74:a2:2d:48:bb:54:1a:57:
58:74:a3:21:66:45:01:02:d4:5e:6a:12:50:d1:d6:
8f:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:4C:6D:64:BB:F2:86:2F:07:2D:AB:52:63:AD:47:52:45:84:A7:E1
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ZkxtZLvyhi8HLatSY61HUkWEp-E.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
60:94:db:62:f1:ab:47:c5:25:c8:44:28:39:3e:a5:da:a2:e4:
3d:e4:86:49:bd:80:a8:3d:92:92:c8:37:65:2e:6f:95:13:49:
1b:84:5a:dc:1b:dc:e0:5c:93:94:c5:cf:2e:59:b7:d4:b5:93:
8a:82:94:ff:3b:b5:4f:dc:13:d8:67:2c:3e:ad:66:2c:1b:38:
07:54:e4:83:42:31:23:fc:d1:de:90:35:a1:43:c9:46:19:59:
09:b6:ee:c4:18:56:cc:9c:59:b6:88:af:b2:53:09:7e:b9:9f:
88:97:a2:9f:76:57:0d:71:ad:df:f7:c6:f5:ed:9e:96:8f:cf:
ca:00:38:ef:89:2e:42:7f:41:f6:1c:3c:de:55:91:61:b9:fa:
b7:33:95:e5:66:b3:3a:21:7e:93:10:3b:23:1a:eb:fe:cb:1d:
a6:c5:08:c0:97:2a:8e:ec:80:cf:d1:b2:e9:52:60:43:78:98:
eb:c4:51:8b:c1:8e:1c:0d:b6:98:e0:9b:28:d0:77:38:50:ee:
17:9b:dd:20:65:bd:0f:7f:fb:6a:fd:47:44:af:80:06:27:72:
07:be:b6:f7:de:df:50:f9:1b:cd:78:dc:ec:fe:72:d4:89:9c:
43:5b:aa:b0:94:e5:27:72:12:eb:ac:fb:fd:1d:32:0b:1a:ef:
6f:cb:a9:d9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICJEwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjQy
MzEyMTRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDY2NEM2RDY0QkJGMjg2
MkYwNzJEQUI1MjYzQUQ0NzUyNDU4NEE3RTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKL0xjBK9GqyUI/q/+FqSZze97uQzCdDhGv7JET5sGg3gVPA3/
wKdA9wzSXtRnmGOYScwwECl6WT9QyyyKxGtzTWqHInkkXjAWvPfJ9P0wGwdakJLC
yzMPkxHRxZMSlus5sm5Vki/G+h5gXhXj6pCxztTI3/hRceHFDcWCNJBCdE7frzgX
mbVkhlKDETMz6Gh0HY8SE1GYpmFjh+zfRCQW7631iIzgs/9oOEbaKsLTraR07Yll
XtJ0/h3XL81ANLurGmtJ/w6Ytxo2vxKHC48Nq5wk/TS7W2+GvcO1iMfN0XpGHEMY
NPJ0oi1Iu1QaV1h0oyFmRQEC1F5qElDR1o8ZAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUZkxtZLvyhi8HLatSY61HUkWEp+EwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9aa3h0Wkx2eWhpOEhMYXRT
WTYxSFVrV0VwLUUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAGCU22Lxq0fFJchEKDk+pdqi5D3khkm9gKg9
kpLIN2Uub5UTSRuEWtwb3OBck5TFzy5Zt9S1k4qClP87tU/cE9hnLD6tZiwbOAdU
5INCMSP80d6QNaFDyUYZWQm27sQYVsycWbaIr7JTCX65n4iXop92Vw1xrd/3xvXt
npaPz8oAOO+JLkJ/QfYcPN5VkWG5+rczleVmszohfpMQOyMa6/7LHabFCMCXKo7s
gM/RsulSYEN4mOvEUYvBjhwNtpjgmyjQdzhQ7heb3SBlvQ9/+2r9R0SvgAYncge+
tvfe31D5G8143Oz+ctSJnENbqrCU5SdyEuus+/0dMgsa72/Lqdk=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:50:41 2025 by rpki-client