Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/btmdGBpx96NCsbZwxMX-5HeMfz4.roa
File: btmdGBpx96NCsbZwxMX-5HeMfz4.roa (raw, json)
Hash identifier: nFQX/UVp16ovZLZCHW2N8BzqOIkyp7zZHtn/JApMusU=
Subject key identifier: 6E:D9:9D:18:1A:71:F7:A3:42:B1:B6:70:C4:C5:FE:E4:77:8C:7F:3E
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2454
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/btmdGBpx96NCsbZwxMX-5HeMfz4.roa
Signing time: Wed 25 Jun 2025 00:12:00 +0000
ROA not before: Wed 25 Jun 2025 00:12:00 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9300 (0x2454)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 25 00:12:00 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=6ED99D181A71F7A342B1B670C4C5FEE4778C7F3E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:50:40:35:eb:34:7e:c7:e6:60:5b:7b:44:e1:
70:84:9e:ff:4e:87:2e:70:aa:62:20:1e:88:72:de:
89:88:34:ec:c7:5c:c9:58:87:15:70:a5:0b:59:0e:
54:e5:a5:c5:96:06:24:62:14:56:b4:41:ac:da:44:
5e:c8:4c:04:c8:65:13:18:a0:53:f5:78:c2:a0:cc:
68:15:0a:3b:2b:d8:7d:ae:bb:9b:d0:07:e8:de:b4:
59:5e:f8:0a:97:d9:95:24:9a:d4:ba:e8:4f:87:23:
58:43:30:16:2f:fe:d7:51:15:a4:0f:f4:bb:ae:cb:
23:69:3e:7d:e5:cb:55:45:6d:5f:d3:00:c0:ff:89:
c7:94:49:a3:40:fd:b9:cd:1b:fe:6f:23:a9:b3:c6:
55:a6:d7:f9:3a:05:fb:4c:d1:e2:5f:e5:23:08:93:
01:4e:f3:90:8c:91:a4:89:0c:0c:c1:4a:ab:fd:f2:
de:9f:e7:cd:80:3e:bf:ae:18:59:db:2a:e9:19:71:
e5:41:c1:f5:7c:c6:69:61:c4:cb:ac:98:7f:1a:69:
4c:5d:28:02:31:82:23:2b:68:4f:e9:04:1f:33:55:
d6:8c:83:48:77:a7:a3:a4:cb:65:3b:71:e8:5f:bb:
0d:7c:80:ec:32:a2:39:df:d2:30:43:96:f9:01:c5:
ed:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:D9:9D:18:1A:71:F7:A3:42:B1:B6:70:C4:C5:FE:E4:77:8C:7F:3E
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/btmdGBpx96NCsbZwxMX-5HeMfz4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
62:d8:0e:99:f4:4e:c4:ff:42:2e:48:bb:c9:9f:36:5e:ac:2c:
72:bf:b1:d9:94:14:1e:f7:84:7f:76:1f:98:59:37:e9:c2:de:
7b:ec:14:64:66:ba:ba:bf:bb:98:bb:ee:4b:ca:a9:51:61:37:
ee:32:71:47:f6:eb:05:19:ac:52:cc:48:38:b7:44:3a:5a:5a:
fa:de:cc:f2:bc:41:68:27:08:3f:cd:d5:29:06:bb:f5:ce:59:
5b:ea:3f:ee:69:04:e5:0e:36:c5:93:68:ef:4e:e2:99:ed:d9:
ba:10:52:9e:c4:b4:71:9d:a0:4f:cf:eb:b9:38:88:b0:c2:5b:
c1:2b:71:98:f2:b8:c4:67:89:5b:73:6a:27:30:e5:2f:8c:f8:
90:bb:61:52:15:c3:75:83:45:6d:60:ff:5e:06:40:10:47:a8:
9c:bd:a5:40:da:60:1d:c7:ca:0d:6d:6c:15:2f:94:09:1e:b7:
43:e3:52:14:31:69:40:b7:0a:bc:9c:f2:a3:67:aa:f6:a1:25:
1d:65:71:24:d2:ae:e4:9a:3a:5d:f5:6b:ea:4d:6f:a3:82:5f:
6a:91:1c:3c:66:95:10:02:5d:8f:e7:c4:e4:cc:2f:70:ff:83:
2a:97:3e:97:37:e2:f8:01:ef:31:c8:c0:80:ff:b3:61:0c:c6:
d3:b7:37:b2
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICJFQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjUw
MDEyMDBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDZFRDk5RDE4MUE3MUY3
QTM0MkIxQjY3MEM0QzVGRUU0Nzc4QzdGM0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCuUEA16zR+x+ZgW3tE4XCEnv9Ohy5wqmIgHohy3omINOzHXMlY
hxVwpQtZDlTlpcWWBiRiFFa0QazaRF7ITATIZRMYoFP1eMKgzGgVCjsr2H2uu5vQ
B+jetFle+AqX2ZUkmtS66E+HI1hDMBYv/tdRFaQP9LuuyyNpPn3ly1VFbV/TAMD/
iceUSaNA/bnNG/5vI6mzxlWm1/k6BftM0eJf5SMIkwFO85CMkaSJDAzBSqv98t6f
582APr+uGFnbKukZceVBwfV8xmlhxMusmH8aaUxdKAIxgiMraE/pBB8zVdaMg0h3
p6Oky2U7cehfuw18gOwyojnf0jBDlvkBxe03AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUbtmdGBpx96NCsbZwxMX+5HeMfz4wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9idG1kR0JweDk2TkNzYlp3
eE1YLTVIZU1mejQucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAGLYDpn0TsT/Qi5Iu8mfNl6sLHK/sdmUFB73
hH92H5hZN+nC3nvsFGRmurq/u5i77kvKqVFhN+4ycUf26wUZrFLMSDi3RDpaWvre
zPK8QWgnCD/N1SkGu/XOWVvqP+5pBOUONsWTaO9O4pnt2boQUp7EtHGdoE/P67k4
iLDCW8ErcZjyuMRniVtzaicw5S+M+JC7YVIVw3WDRW1g/14GQBBHqJy9pUDaYB3H
yg1tbBUvlAket0PjUhQxaUC3Cryc8qNnqvahJR1lcSTSruSaOl31a+pNb6OCX2qR
HDxmlRACXY/nxOTML3D/gyqXPpc34vgB7zHIwID/s2EMxtO3N7I=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:54:40 2025 by rpki-client