Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/kCpzdvwuKh-8PF9K2HySksCDP_A.roa
File: kCpzdvwuKh-8PF9K2HySksCDP_A.roa (raw, json)
Hash identifier: gcPN8iWKKAincYecqp5zdfHqRIXvfFJsacOBmEJn1Xk=
Subject key identifier: 90:2A:73:76:FC:2E:2A:1F:BC:3C:5F:4A:D8:7C:92:92:C0:83:3F:F0
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1F90
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/kCpzdvwuKh-8PF9K2HySksCDP_A.roa
Signing time: Wed 18 Jun 2025 04:10:04 +0000
ROA not before: Wed 18 Jun 2025 04:10:04 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8080 (0x1f90)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 18 04:10:04 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=902A7376FC2E2A1FBC3C5F4AD87C9292C0833FF0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:16:e1:00:db:d2:77:21:35:98:b3:ff:2d:9f:
57:44:f3:24:cc:c6:aa:d5:bb:ad:e6:bc:3a:f7:42:
fc:dc:e8:fe:71:0a:77:e8:45:17:b4:92:60:ab:47:
9b:54:4a:15:f5:de:0e:50:77:cf:ff:48:c7:b1:ac:
9f:6e:31:0b:8a:6d:97:2e:de:12:7b:72:6b:3d:67:
0d:10:1d:25:ed:a4:c6:c9:b5:64:f4:82:9d:ce:d5:
50:14:44:83:c0:63:a6:62:f4:e2:5a:23:91:20:a8:
b5:71:40:59:84:c2:32:32:06:69:fa:2b:01:ef:ec:
33:c9:13:19:e7:a4:c8:7a:45:f2:03:de:66:1f:0b:
61:f5:37:b5:d7:1c:67:48:8e:5c:e2:c7:a8:32:17:
de:0b:91:ee:f9:68:6e:f5:7d:42:b6:f3:ed:7c:3c:
43:17:67:56:af:58:d1:fd:c2:2b:b6:a7:24:b5:13:
5e:7b:14:ff:0a:cc:ba:34:4e:25:87:e7:39:27:d4:
c6:7b:f0:65:c5:fb:63:20:27:1c:0b:d8:0d:bb:89:
ad:25:30:45:41:6e:78:8f:a0:82:7d:51:ff:51:2c:
6b:87:77:73:9c:c1:9b:41:cc:b6:43:ac:fd:c2:bc:
1c:2b:0c:b6:7f:6f:7b:ab:d6:32:18:1a:0d:b5:75:
40:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:2A:73:76:FC:2E:2A:1F:BC:3C:5F:4A:D8:7C:92:92:C0:83:3F:F0
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/kCpzdvwuKh-8PF9K2HySksCDP_A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
98:2f:1f:7a:a2:93:12:58:b4:7b:06:db:51:34:2d:70:6d:65:
10:cd:24:40:7e:04:8b:65:65:16:3f:74:42:c5:84:e5:ae:f3:
bd:1a:c6:14:29:98:37:10:d4:da:ec:88:61:17:4b:b6:ad:11:
cd:5d:3a:e4:69:fe:a9:98:57:da:e6:e3:67:3a:83:d2:74:8c:
11:26:1d:54:a9:06:d4:3d:cb:32:e2:35:fe:12:c7:13:d6:f6:
dc:42:23:f8:9f:61:b2:26:de:2e:a5:cd:92:10:f7:c4:0b:4f:
28:4c:4e:31:9e:e4:4c:b0:7b:de:9f:13:ad:7c:e5:2b:c9:33:
d3:97:20:dc:c0:1b:d5:61:23:7e:a4:50:30:0e:04:c2:8c:81:
81:0f:0d:3f:d9:54:59:b8:8c:2e:ce:f4:b8:5b:cf:ff:74:46:
55:7a:3f:8f:ab:12:0b:8a:85:cd:64:78:34:28:0a:f3:41:82:
2c:4c:44:77:da:e3:4b:05:5a:ef:d2:55:3b:55:1f:d1:a3:b4:
82:8c:7c:8a:94:47:e2:53:3e:ca:6c:55:c8:2d:b5:c5:48:86:
78:dc:4d:b4:ae:a2:3e:d3:6f:75:d0:5a:3e:4d:6c:b8:3e:df:
86:48:47:a7:f3:9e:4f:1d:84:ec:f2:93:58:dd:c5:85:63:0e:
8d:33:ba:12
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICH5AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTgw
NDEwMDRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDkwMkE3Mzc2RkMyRTJB
MUZCQzNDNUY0QUQ4N0M5MjkyQzA4MzNGRjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOFuEA29J3ITWYs/8tn1dE8yTMxqrVu63mvDr3Qvzc6P5xCnfo
RRe0kmCrR5tUShX13g5Qd8//SMexrJ9uMQuKbZcu3hJ7cms9Zw0QHSXtpMbJtWT0
gp3O1VAURIPAY6Zi9OJaI5EgqLVxQFmEwjIyBmn6KwHv7DPJExnnpMh6RfID3mYf
C2H1N7XXHGdIjlzix6gyF94Lke75aG71fUK28+18PEMXZ1avWNH9wiu2pyS1E157
FP8KzLo0TiWH5zkn1MZ78GXF+2MgJxwL2A27ia0lMEVBbniPoIJ9Uf9RLGuHd3Oc
wZtBzLZDrP3CvBwrDLZ/b3ur1jIYGg21dUDtAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUkCpzdvwuKh+8PF9K2HySksCDP/AwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9rQ3B6ZHZ3dUtoLThQRjlL
Mkh5U2tzQ0RQX0Eucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAJgvH3qikxJYtHsG21E0LXBtZRDNJEB+BItl
ZRY/dELFhOWu870axhQpmDcQ1NrsiGEXS7atEc1dOuRp/qmYV9rm42c6g9J0jBEm
HVSpBtQ9yzLiNf4SxxPW9txCI/ifYbIm3i6lzZIQ98QLTyhMTjGe5Eywe96fE618
5SvJM9OXINzAG9VhI36kUDAOBMKMgYEPDT/ZVFm4jC7O9Lhbz/90RlV6P4+rEguK
hc1keDQoCvNBgixMRHfa40sFWu/SVTtVH9GjtIKMfIqUR+JTPspsVcgttcVIhnjc
TbSuoj7Tb3XQWj5NbLg+34ZIR6fznk8dhOzyk1jdxYVjDo0zuhI=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:33 2025 by rpki-client