Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/barJF_LzSKPQdHK2aiYGjGZFkac.roa
File: barJF_LzSKPQdHK2aiYGjGZFkac.roa (raw, json)
Hash identifier: Y65B5o7YPc8Wk2kNW9cKljFZDKwg55sDH7unlg2Wf3c=
Subject key identifier: 6D:AA:C9:17:F2:F3:48:A3:D0:74:72:B6:6A:26:06:8C:66:45:91:A7
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1608
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/barJF_LzSKPQdHK2aiYGjGZFkac.roa
Signing time: Thu 05 Jun 2025 11:09:22 +0000
ROA not before: Thu 05 Jun 2025 11:09:22 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5640 (0x1608)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 5 11:09:22 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=6DAAC917F2F348A3D07472B66A26068C664591A7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:0a:14:a0:0d:50:f7:64:73:56:35:57:23:fb:
cf:65:a9:52:b3:5c:60:7f:eb:f8:fd:f0:bb:68:c4:
1f:3d:c8:7d:37:d6:35:ff:df:a5:ba:ad:c9:44:83:
2e:dc:26:41:08:0b:c8:cb:ea:71:d5:87:99:2b:ab:
8a:97:9a:99:b5:14:d8:44:b0:59:38:96:0b:e2:21:
0b:f3:80:10:42:da:f5:8c:bd:2c:e5:32:5f:d4:5e:
af:28:59:bd:f7:6a:27:7e:03:05:b5:e5:5a:6e:1b:
49:9b:79:50:0f:b5:77:b6:48:2c:f6:19:c5:1e:fb:
f9:c2:b8:45:ba:7a:a9:38:03:72:02:05:0a:60:ab:
e8:56:b7:51:d8:59:33:d4:75:37:34:f8:f2:cd:37:
27:80:17:e2:30:07:7f:d3:a4:19:fc:8f:d5:c8:30:
4f:39:c6:1f:c5:34:0b:f7:ef:6c:2d:cd:21:25:01:
ed:67:08:91:ee:14:a8:40:e9:be:2b:32:11:a3:52:
c7:66:dd:d5:20:bb:f8:0a:55:59:2f:2d:08:7d:bf:
9a:a9:be:42:a9:c4:e4:3d:90:e8:cc:6c:6b:0d:69:
ff:25:ce:57:17:f0:ab:dc:cf:3a:93:21:cb:27:8b:
e6:6a:35:3d:57:08:cd:71:e3:48:f2:a9:91:c0:80:
65:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:AA:C9:17:F2:F3:48:A3:D0:74:72:B6:6A:26:06:8C:66:45:91:A7
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/barJF_LzSKPQdHK2aiYGjGZFkac.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a5:ef:ac:25:96:14:e3:df:0e:96:74:c9:ba:f8:89:b8:05:19:
11:f2:6f:7e:ca:1a:3d:72:4e:f1:44:23:41:27:bc:ca:6d:b1:
6d:59:81:7b:51:0b:c8:f7:4f:77:50:78:9d:3f:7c:81:05:03:
c1:2f:0e:0b:5c:c9:e3:d0:99:45:f7:c8:09:9f:9a:6d:74:1c:
24:5d:4c:65:e9:0b:62:4d:54:3b:08:01:21:e0:03:70:8b:aa:
c0:d9:b7:b2:e2:14:51:53:10:fa:90:da:6d:de:7a:b2:75:0f:
e1:9b:8e:e1:78:90:f2:aa:b9:59:4e:a7:f1:e8:e8:38:c2:94:
3b:eb:88:c9:2e:c9:50:f4:6b:33:0c:5a:35:c2:df:2f:d2:ee:
01:94:ba:ff:14:98:1d:67:7d:a8:76:2d:de:a3:8c:a7:74:21:
04:94:8b:9d:b0:1c:8e:71:d1:ba:dc:b0:1a:50:88:ae:59:f5:
27:f4:2e:be:2c:c2:b0:fb:0c:61:14:21:42:d5:df:12:1e:1d:
3d:30:d7:70:f5:e6:a6:83:dc:0d:f5:a8:ea:44:fb:35:7d:ac:
c3:0b:59:f4:7a:79:97:5e:7d:df:76:f1:16:ad:56:b5:6c:e5:
82:14:55:ce:f0:d0:22:8b:ff:ff:a0:d1:34:2d:eb:0c:4b:d0:
7b:51:a3:b3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFggwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDUx
MTA5MjJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDZEQUFDOTE3RjJGMzQ4
QTNEMDc0NzJCNjZBMjYwNjhDNjY0NTkxQTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5ChSgDVD3ZHNWNVcj+89lqVKzXGB/6/j98LtoxB89yH031jX/
36W6rclEgy7cJkEIC8jL6nHVh5krq4qXmpm1FNhEsFk4lgviIQvzgBBC2vWMvSzl
Ml/UXq8oWb33aid+AwW15VpuG0mbeVAPtXe2SCz2GcUe+/nCuEW6eqk4A3ICBQpg
q+hWt1HYWTPUdTc0+PLNNyeAF+IwB3/TpBn8j9XIME85xh/FNAv372wtzSElAe1n
CJHuFKhA6b4rMhGjUsdm3dUgu/gKVVkvLQh9v5qpvkKpxOQ9kOjMbGsNaf8lzlcX
8KvczzqTIcsni+ZqNT1XCM1x40jyqZHAgGUfAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUbarJF/LzSKPQdHK2aiYGjGZFkacwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9iYXJKRl9MelNLUFFkSEsy
YWlZR2pHWkZrYWMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAKXvrCWWFOPfDpZ0ybr4ibgFGRHyb37KGj1y
TvFEI0EnvMptsW1ZgXtRC8j3T3dQeJ0/fIEFA8EvDgtcyePQmUX3yAmfmm10HCRd
TGXpC2JNVDsIASHgA3CLqsDZt7LiFFFTEPqQ2m3eerJ1D+GbjuF4kPKquVlOp/Ho
6DjClDvriMkuyVD0azMMWjXC3y/S7gGUuv8UmB1nfah2Ld6jjKd0IQSUi52wHI5x
0brcsBpQiK5Z9Sf0Lr4swrD7DGEUIULV3xIeHT0w13D15qaD3A31qOpE+zV9rMML
WfR6eZdefd928RatVrVs5YIUVc7w0CKL//+g0TQt6wxL0HtRo7M=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:53:22 2025 by rpki-client