Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/_LpSU2tcDoO8zLfqFkg_Gr_nmsc.roa
File: _LpSU2tcDoO8zLfqFkg_Gr_nmsc.roa (raw, json)
Hash identifier: 5Uf3PBSUEeDpkgwfc6tBnWtyaJFw/aVXN22DCtyHrxE=
Subject key identifier: FC:BA:52:53:6B:5C:0E:83:BC:CC:B7:EA:16:48:3F:1A:BF:E7:9A:C7
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 12B4
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/_LpSU2tcDoO8zLfqFkg_Gr_nmsc.roa
Signing time: Sun 01 Jun 2025 00:39:23 +0000
ROA not before: Sun 01 Jun 2025 00:39:23 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4788 (0x12b4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 1 00:39:23 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=FCBA52536B5C0E83BCCCB7EA16483F1ABFE79AC7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:c7:b7:58:b2:93:53:96:e4:3b:14:79:88:0a:
f5:c4:09:b0:9e:a7:62:f6:34:d7:19:d1:a2:92:b3:
5d:5d:d0:78:c6:17:e3:31:7a:44:48:9d:99:5b:a2:
71:8f:91:78:db:a2:d1:02:0f:2e:72:19:dd:ab:ab:
7a:bc:cc:84:a6:65:14:d5:97:2d:cd:16:cc:6b:f2:
db:19:70:3c:7f:b2:86:93:40:0f:28:9c:35:a9:4b:
67:e8:fe:ea:0a:18:bd:55:17:2b:bc:fe:d1:46:60:
67:bd:9d:1c:8f:5d:3f:a2:e9:1d:49:77:0b:72:2f:
10:07:c2:7c:cc:9b:e3:ba:be:63:e1:79:ce:93:34:
25:d9:59:f9:39:97:eb:fb:75:38:57:25:e0:76:a6:
1e:a3:1e:7d:8a:97:55:db:53:57:f3:ca:19:62:39:
41:6b:1e:26:e8:30:e5:f1:04:bc:97:a4:cd:77:d9:
d5:f8:57:4f:71:7d:a8:d5:3b:7b:dc:07:ba:3d:22:
4d:0f:19:5c:8d:ee:b8:c2:57:72:34:ad:2a:03:99:
fe:ef:25:e0:f7:02:2a:0d:f0:26:3d:de:f7:cf:78:
92:8c:05:68:4e:09:d8:32:8a:aa:e8:9e:98:20:db:
5a:71:92:b3:0e:88:2f:d5:e8:02:9b:09:c8:d0:fc:
75:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:BA:52:53:6B:5C:0E:83:BC:CC:B7:EA:16:48:3F:1A:BF:E7:9A:C7
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/_LpSU2tcDoO8zLfqFkg_Gr_nmsc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
84:31:85:3e:68:b1:c5:69:34:ea:e9:9f:11:15:e9:cb:60:b5:
19:6b:03:a6:36:7e:db:4c:87:99:a8:4a:24:2a:44:0c:55:f0:
08:66:76:46:72:11:4c:3b:03:be:f0:d8:38:f6:08:62:31:c4:
65:c3:80:10:31:96:19:8d:68:89:59:56:dc:e5:df:22:44:8b:
44:24:bb:28:f8:22:c9:3c:22:83:c2:43:2d:2a:1b:d5:69:bf:
70:11:a8:e4:77:2f:d6:cb:4e:ee:cf:3f:9e:84:45:85:2c:3a:
1a:7c:80:1f:ed:fe:82:46:22:e4:ea:0e:34:c7:e6:ce:76:06:
0e:68:32:24:c4:06:b6:7f:3d:80:72:4f:d0:a4:4d:a9:c9:b0:
70:7e:8c:1c:aa:26:67:79:25:a8:78:5b:9c:96:1a:5e:e1:df:
b2:3e:e5:1c:e5:16:d8:dd:e0:fd:dd:cb:2f:6e:87:22:27:14:
86:57:d2:8c:b2:10:95:08:1e:f8:f4:f5:10:cf:bd:3f:fd:84:
45:16:32:5b:c9:db:a0:b5:9b:8c:3c:e1:52:91:86:d5:0a:ab:
5b:e3:d1:bc:70:d2:72:a7:d3:cd:fa:d3:71:d1:f7:76:a0:4b:
d3:a6:e9:f1:3f:da:19:b3:be:28:fc:46:d1:33:6a:85:23:11:
c8:8a:6c:f1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICErQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDEw
MDM5MjNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEZDQkE1MjUzNkI1QzBF
ODNCQ0NDQjdFQTE2NDgzRjFBQkZFNzlBQzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8x7dYspNTluQ7FHmICvXECbCep2L2NNcZ0aKSs11d0HjGF+Mx
ekRInZlbonGPkXjbotECDy5yGd2rq3q8zISmZRTVly3NFsxr8tsZcDx/soaTQA8o
nDWpS2fo/uoKGL1VFyu8/tFGYGe9nRyPXT+i6R1JdwtyLxAHwnzMm+O6vmPhec6T
NCXZWfk5l+v7dThXJeB2ph6jHn2Kl1XbU1fzyhliOUFrHiboMOXxBLyXpM132dX4
V09xfajVO3vcB7o9Ik0PGVyN7rjCV3I0rSoDmf7vJeD3AioN8CY93vfPeJKMBWhO
Cdgyiqronpgg21pxkrMOiC/V6AKbCcjQ/HV7AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU/LpSU2tcDoO8zLfqFkg/Gr/nmscwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9fTHBTVTJ0Y0RvTzh6TGZx
RmtnX0dyX25tc2Mucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIQxhT5oscVpNOrpnxEV6ctgtRlrA6Y2fttM
h5moSiQqRAxV8AhmdkZyEUw7A77w2Dj2CGIxxGXDgBAxlhmNaIlZVtzl3yJEi0Qk
uyj4Isk8IoPCQy0qG9Vpv3ARqOR3L9bLTu7PP56ERYUsOhp8gB/t/oJGIuTqDjTH
5s52Bg5oMiTEBrZ/PYByT9CkTanJsHB+jByqJmd5Jah4W5yWGl7h37I+5RzlFtjd
4P3dyy9uhyInFIZX0oyyEJUIHvj09RDPvT/9hEUWMlvJ26C1m4w84VKRhtUKq1vj
0bxw0nKn083603HR93agS9Om6fE/2hmzvij8RtEzaoUjEciKbPE=
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:58:41 2025 by rpki-client