Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/kUtE2x2brqw4-onlTW_5TATTkqI.roa
File: kUtE2x2brqw4-onlTW_5TATTkqI.roa (raw, json)
Hash identifier: baG5KRKKi3DQtJLkWCdrkTWrpKB1pxI6nb9TuUIWVJs=
Subject key identifier: 91:4B:44:DB:1D:9B:AE:AC:38:FA:89:E5:4D:6F:F9:4C:04:D3:92:A2
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1A9C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/kUtE2x2brqw4-onlTW_5TATTkqI.roa
Signing time: Wed 11 Jun 2025 13:39:56 +0000
ROA not before: Wed 11 Jun 2025 13:39:56 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6812 (0x1a9c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 11 13:39:56 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=914B44DB1D9BAEAC38FA89E54D6FF94C04D392A2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:53:54:25:3a:22:79:e2:85:e7:d5:be:ce:d4:
4a:8a:f9:01:94:13:e7:9c:f5:2f:77:24:91:50:0d:
06:d7:44:78:8e:5c:98:e6:3f:fa:b3:af:79:4b:33:
5c:87:c1:a9:9c:b0:47:6b:59:64:7a:2c:90:27:98:
65:9b:ae:a6:1c:fc:c5:ad:43:9e:d9:dc:1b:1a:41:
7a:d5:8a:d4:cf:25:bd:50:87:f0:52:0d:50:00:9a:
e4:d3:cc:22:1f:11:86:46:75:2c:2e:b6:62:1f:a4:
2d:1e:e9:28:ae:01:fa:68:44:54:44:ad:af:f0:ee:
8f:b7:1a:87:e5:35:99:01:8a:02:98:ab:66:d4:a5:
35:bc:3b:bb:e0:18:c8:fd:45:5b:fa:64:51:6f:a8:
40:de:23:f9:dd:56:03:e8:24:24:a9:04:7d:f3:b5:
d2:19:65:75:63:3e:36:3b:b1:cd:31:4e:32:b9:8a:
22:f5:6e:1f:b4:c9:d1:6c:8d:a4:8b:9e:a6:7a:59:
15:cb:d5:e5:91:75:dd:8a:6b:dc:5f:db:6e:bf:dc:
2b:e4:f9:fb:c1:3d:14:83:a5:c7:77:b6:c7:c4:c4:
00:f6:a9:0c:b0:13:5d:03:94:07:92:8e:dd:bd:2b:
c1:8d:72:b8:78:3c:7d:69:f7:e7:83:87:10:d5:3c:
96:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:4B:44:DB:1D:9B:AE:AC:38:FA:89:E5:4D:6F:F9:4C:04:D3:92:A2
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/kUtE2x2brqw4-onlTW_5TATTkqI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
24:8f:d9:8c:f0:69:0f:c4:3b:e6:84:ea:3e:48:25:18:e4:81:
96:fc:d6:24:89:97:1f:3d:be:21:d4:3f:d9:b9:04:85:c2:b6:
56:13:38:2d:b6:21:dc:4b:83:f8:d9:ed:5e:db:0f:e7:93:e3:
23:8f:2d:9e:77:5d:51:87:a6:59:7e:79:18:b4:ab:25:d5:89:
43:79:70:9c:bc:b3:64:0f:cb:7d:57:0b:80:ea:d6:fc:dc:e9:
bc:12:79:a4:d8:d2:9e:24:27:c5:74:54:10:a7:d4:65:01:7b:
b5:2a:a9:4d:31:f9:63:ed:60:a9:ee:ea:5d:f5:55:6c:15:16:
5d:41:b7:aa:b9:77:73:86:7f:c5:cd:d0:67:4e:83:b3:d1:3c:
9d:de:f3:95:a8:e5:e5:b0:48:aa:58:f9:c1:0c:e3:ed:7b:a0:
8b:51:3d:5c:9f:44:a8:2b:8a:55:be:20:8d:1a:04:0b:2c:6d:
dc:7f:a4:51:9e:08:d0:24:1e:a4:dc:4a:1e:39:64:8b:3f:68:
5b:a1:07:c7:97:a3:d9:da:40:dc:95:03:a3:48:d9:fc:b7:18:
59:66:5e:9e:59:2a:a9:9e:3f:e2:84:a2:ac:1c:c0:f4:0d:9e:
38:08:d1:3f:c4:b0:e3:3c:88:10:f9:c9:eb:ed:02:30:13:10:
6e:d6:10:02
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGpwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTEx
MzM5NTZaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDkxNEI0NERCMUQ5QkFF
QUMzOEZBODlFNTRENkZGOTRDMDREMzkyQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwU1QlOiJ54oXn1b7O1EqK+QGUE+ec9S93JJFQDQbXRHiOXJjm
P/qzr3lLM1yHwamcsEdrWWR6LJAnmGWbrqYc/MWtQ57Z3BsaQXrVitTPJb1Qh/BS
DVAAmuTTzCIfEYZGdSwutmIfpC0e6SiuAfpoRFREra/w7o+3GoflNZkBigKYq2bU
pTW8O7vgGMj9RVv6ZFFvqEDeI/ndVgPoJCSpBH3ztdIZZXVjPjY7sc0xTjK5iiL1
bh+0ydFsjaSLnqZ6WRXL1eWRdd2Ka9xf226/3Cvk+fvBPRSDpcd3tsfExAD2qQyw
E10DlAeSjt29K8GNcrh4PH1p9+eDhxDVPJYfAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUkUtE2x2brqw4+onlTW/5TATTkqIwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9rVXRFMngyYnJxdzQtb25s
VFdfNVRBVFRrcUkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACSP2YzwaQ/EO+aE6j5IJRjkgZb81iSJlx89
viHUP9m5BIXCtlYTOC22IdxLg/jZ7V7bD+eT4yOPLZ53XVGHpll+eRi0qyXViUN5
cJy8s2QPy31XC4Dq1vzc6bwSeaTY0p4kJ8V0VBCn1GUBe7UqqU0x+WPtYKnu6l31
VWwVFl1Bt6q5d3OGf8XN0GdOg7PRPJ3e85Wo5eWwSKpY+cEM4+17oItRPVyfRKgr
ilW+II0aBAssbdx/pFGeCNAkHqTcSh45ZIs/aFuhB8eXo9naQNyVA6NI2fy3GFlm
Xp5ZKqmeP+KEoqwcwPQNnjgI0T/EsOM8iBD5yevtAjATEG7WEAI=
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:33:40 2025 by rpki-client