Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/fsZfkfn-Ov6e7HY1kfEzt-vwPPQ.roa
File: fsZfkfn-Ov6e7HY1kfEzt-vwPPQ.roa (raw, json)
Hash identifier: MpUykgggHZmAOsi0lnL/vGFyGhKS7lupAqxypmwlwvA=
Subject key identifier: 7E:C6:5F:91:F9:FE:3A:FE:9E:EC:76:35:91:F1:33:B7:EB:F0:3C:F4
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1E60
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/fsZfkfn-Ov6e7HY1kfEzt-vwPPQ.roa
Signing time: Mon 16 Jun 2025 14:10:04 +0000
ROA not before: Mon 16 Jun 2025 14:10:04 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7776 (0x1e60)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 16 14:10:04 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=7EC65F91F9FE3AFE9EEC763591F133B7EBF03CF4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:d5:f5:0f:33:85:83:bb:ef:07:f8:53:e5:10:
af:21:58:1b:3c:b1:16:22:5f:7f:da:27:ed:58:c2:
bc:d1:30:b0:ae:c7:c8:b4:38:ca:d2:50:c2:83:aa:
24:13:b7:46:c1:02:ba:50:50:e4:f5:f6:47:f7:f8:
73:2e:7c:7a:c0:3b:32:33:59:c4:61:5a:1a:40:4a:
59:d7:44:1b:81:a2:3b:a0:68:61:94:0d:8e:c9:89:
dc:71:dd:b1:4f:23:ee:41:33:d6:c5:de:ea:31:8c:
d3:7f:4e:10:85:9a:da:e2:08:2f:b0:3d:43:28:3e:
59:a9:27:8c:78:c4:73:72:3d:3a:7c:82:96:20:ad:
94:c9:53:2b:b6:41:af:5e:85:62:e6:ea:ff:fd:22:
3f:3d:03:06:5d:5a:7b:18:e4:b4:d4:29:3b:64:a2:
a8:da:be:ae:ce:ae:f0:1b:3e:2d:1b:67:fa:fa:de:
a2:b5:58:f1:3a:97:d7:70:98:fa:93:89:cd:89:ac:
bb:51:c4:10:20:b3:f9:fe:97:8d:a7:03:bc:c1:ea:
3c:70:0e:03:2d:b4:03:ef:93:30:3d:c0:e2:52:9b:
76:46:06:48:db:ad:f2:0f:ff:83:c2:7a:11:b6:28:
42:d7:85:24:87:59:53:aa:75:d7:77:78:03:e0:b2:
50:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:C6:5F:91:F9:FE:3A:FE:9E:EC:76:35:91:F1:33:B7:EB:F0:3C:F4
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/fsZfkfn-Ov6e7HY1kfEzt-vwPPQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
49:3e:76:e6:c1:b7:8d:ea:08:06:fd:61:54:b1:f8:5b:a1:bc:
8c:34:43:2c:35:2d:a5:4b:e9:35:b2:15:12:25:21:bb:78:96:
8c:1b:12:6a:67:6b:d8:6d:82:c4:2a:71:df:40:fa:f6:c6:5c:
20:8b:78:82:a6:b4:ef:b1:68:36:05:0c:6e:c3:09:d4:52:6e:
0e:99:77:32:12:c2:42:d9:7d:22:2c:50:78:ed:22:30:d7:60:
87:6d:03:b7:da:8c:17:1c:7f:2a:ac:4e:60:f8:29:3c:19:a2:
94:c2:7c:13:57:d6:01:86:76:f1:0b:a7:5f:1c:19:d1:81:80:
82:06:0c:d3:2b:82:4d:47:d5:ef:ad:13:98:59:80:7c:57:29:
4a:f5:a9:7e:39:81:44:02:fc:33:dc:0d:e1:1e:2c:77:ae:cc:
1d:61:02:1a:34:e8:9e:05:cf:75:58:fc:83:60:cd:26:87:74:
21:04:8f:7c:be:77:75:21:ee:38:dc:9c:fd:04:d5:fe:12:1f:
bb:46:15:f7:41:e9:ca:c6:05:e7:41:99:2e:e1:56:45:53:b1:
8d:2e:3c:83:15:d1:32:bc:df:49:e3:58:72:c8:a0:c5:60:c4:
77:74:a4:ac:32:4a:94:9e:96:ea:6e:dc:7e:f1:e4:5c:4e:0b:
7e:ea:ff:ed
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHmAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTYx
NDEwMDRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDdFQzY1RjkxRjlGRTNB
RkU5RUVDNzYzNTkxRjEzM0I3RUJGMDNDRjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDe1fUPM4WDu+8H+FPlEK8hWBs8sRYiX3/aJ+1YwrzRMLCux8i0
OMrSUMKDqiQTt0bBArpQUOT19kf3+HMufHrAOzIzWcRhWhpASlnXRBuBojugaGGU
DY7Jidxx3bFPI+5BM9bF3uoxjNN/ThCFmtriCC+wPUMoPlmpJ4x4xHNyPTp8gpYg
rZTJUyu2Qa9ehWLm6v/9Ij89AwZdWnsY5LTUKTtkoqjavq7OrvAbPi0bZ/r63qK1
WPE6l9dwmPqTic2JrLtRxBAgs/n+l42nA7zB6jxwDgMttAPvkzA9wOJSm3ZGBkjb
rfIP/4PCehG2KELXhSSHWVOqddd3eAPgslAZAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUfsZfkfn+Ov6e7HY1kfEzt+vwPPQwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9mc1pma2ZuLU92NmU3SFkx
a2ZFenQtdndQUFEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAEk+dubBt43qCAb9YVSx+FuhvIw0Qyw1LaVL
6TWyFRIlIbt4lowbEmpna9htgsQqcd9A+vbGXCCLeIKmtO+xaDYFDG7DCdRSbg6Z
dzISwkLZfSIsUHjtIjDXYIdtA7fajBccfyqsTmD4KTwZopTCfBNX1gGGdvELp18c
GdGBgIIGDNMrgk1H1e+tE5hZgHxXKUr1qX45gUQC/DPcDeEeLHeuzB1hAho06J4F
z3VY/INgzSaHdCEEj3y+d3Uh7jjcnP0E1f4SH7tGFfdB6crGBedBmS7hVkVTsY0u
PIMV0TK830njWHLIoMVgxHd0pKwySpSelupu3H7x5FxOC37q/+0=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:49:35 2025 by rpki-client