Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/li9pKm_hV00RxHa9daDgtZie6pg.roa
File: li9pKm_hV00RxHa9daDgtZie6pg.roa (raw, json)
Hash identifier: iilpdxgwX7gtYpxwrnr09TpxHoI3hnyaq4CpE+fsHys=
Subject key identifier: 96:2F:69:2A:6F:E1:57:4D:11:C4:76:BD:75:A0:E0:B5:98:9E:EA:98
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1F84
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/li9pKm_hV00RxHa9daDgtZie6pg.roa
Signing time: Wed 18 Jun 2025 02:40:03 +0000
ROA not before: Wed 18 Jun 2025 02:40:03 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8068 (0x1f84)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 18 02:40:03 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=962F692A6FE1574D11C476BD75A0E0B5989EEA98
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:1a:6c:d2:ab:0e:99:ff:4e:20:4f:fe:6d:ba:
08:32:73:ab:79:b7:8b:03:bc:65:0e:3f:ee:23:43:
b7:7c:0a:7e:5e:ba:ae:de:87:f5:5c:8a:5a:88:bd:
50:48:cd:26:cb:62:0a:4e:a4:98:09:68:58:ed:db:
c3:a0:3f:e2:59:35:28:a9:f7:75:d8:1a:7b:7b:a9:
70:5f:5b:bc:34:96:3e:32:46:04:8d:52:25:6a:65:
44:b5:80:73:55:63:5e:72:81:76:bb:14:d1:64:a8:
31:23:10:84:98:17:00:82:af:c1:bf:a5:39:e6:7f:
72:da:86:f6:ff:23:4b:14:34:d8:09:ae:25:9c:53:
dc:1a:88:79:bc:64:9c:07:cf:e7:d9:04:72:72:d3:
da:a6:b7:54:85:eb:e3:fb:cc:1e:40:bb:32:58:29:
2c:89:ef:42:d7:c3:b3:7c:d3:29:8e:8f:40:18:88:
e4:01:53:3c:67:3a:ea:43:16:46:68:4c:0b:1f:7c:
80:0b:8a:35:f5:e9:b9:56:2c:73:66:32:cd:27:be:
ec:57:55:2b:95:74:f1:aa:44:10:1f:48:bb:8b:ec:
e1:98:da:54:4e:de:25:fd:31:ff:48:aa:c2:7e:09:
1c:06:44:e8:eb:47:f5:d4:f9:96:16:e2:a9:0a:f4:
85:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:2F:69:2A:6F:E1:57:4D:11:C4:76:BD:75:A0:E0:B5:98:9E:EA:98
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/li9pKm_hV00RxHa9daDgtZie6pg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5f:5b:e6:03:95:75:2b:fe:e6:5f:0c:19:61:32:4f:2d:62:1d:
db:7f:79:47:23:e0:24:85:52:0d:54:dd:a1:a7:4a:a6:00:55:
ca:79:37:32:96:2d:8a:e2:74:6c:86:7c:36:08:5c:e2:29:be:
62:31:78:0d:3c:4e:51:10:4d:19:c8:e7:71:dc:35:d9:25:34:
57:0b:a6:7e:2d:09:7c:bd:b3:15:79:c3:2a:97:0e:e5:e7:7b:
8a:4e:f8:56:24:17:4f:d6:0a:84:1b:64:7e:2d:24:90:47:ed:
2b:bf:c3:86:7c:db:8f:70:bb:e6:a4:e4:9d:55:be:07:47:38:
5a:97:cc:71:98:92:f2:90:8f:93:47:4b:d0:e5:e7:e4:12:1e:
53:45:51:f7:d9:73:0f:dd:52:b3:30:0d:49:a7:4d:64:78:ab:
e2:d3:3e:48:39:6b:54:45:30:7b:50:81:a0:77:4b:39:49:d0:
3b:44:8f:ab:54:be:b5:5b:d8:38:3f:13:89:ad:e0:d5:70:11:
95:a2:b5:d6:62:ad:68:b9:85:fc:2c:0c:cf:10:16:da:7b:f5:
23:de:b2:b6:d9:19:cc:c2:73:e7:c8:d0:92:91:e1:5d:07:29:
c0:b9:df:d9:42:78:78:79:db:72:70:8f:a0:b4:3e:90:8a:71:
4e:86:ce:46
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICH4QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTgw
MjQwMDNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDk2MkY2OTJBNkZFMTU3
NEQxMUM0NzZCRDc1QTBFMEI1OTg5RUVBOTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCfGmzSqw6Z/04gT/5tuggyc6t5t4sDvGUOP+4jQ7d8Cn5euq7e
h/VcilqIvVBIzSbLYgpOpJgJaFjt28OgP+JZNSip93XYGnt7qXBfW7w0lj4yRgSN
UiVqZUS1gHNVY15ygXa7FNFkqDEjEISYFwCCr8G/pTnmf3Lahvb/I0sUNNgJriWc
U9waiHm8ZJwHz+fZBHJy09qmt1SF6+P7zB5AuzJYKSyJ70LXw7N80ymOj0AYiOQB
UzxnOupDFkZoTAsffIALijX16blWLHNmMs0nvuxXVSuVdPGqRBAfSLuL7OGY2lRO
3iX9Mf9IqsJ+CRwGROjrR/XU+ZYW4qkK9IVVAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUli9pKm/hV00RxHa9daDgtZie6pgwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9saTlwS21faFYwMFJ4SGE5
ZGFEZ3RaaWU2cGcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAF9b5gOVdSv+5l8MGWEyTy1iHdt/eUcj4CSF
Ug1U3aGnSqYAVcp5NzKWLYridGyGfDYIXOIpvmIxeA08TlEQTRnI53HcNdklNFcL
pn4tCXy9sxV5wyqXDuXne4pO+FYkF0/WCoQbZH4tJJBH7Su/w4Z8249wu+ak5J1V
vgdHOFqXzHGYkvKQj5NHS9Dl5+QSHlNFUffZcw/dUrMwDUmnTWR4q+LTPkg5a1RF
MHtQgaB3SzlJ0DtEj6tUvrVb2Dg/E4mt4NVwEZWitdZirWi5hfwsDM8QFtp79SPe
srbZGczCc+fI0JKR4V0HKcC539lCeHh523Jwj6C0PpCKcU6GzkY=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:38:47 2025 by rpki-client