Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/o-LsGE5sXxsmxXU3vWGm4GMT3P4.roa
File: o-LsGE5sXxsmxXU3vWGm4GMT3P4.roa (raw, json)
Hash identifier: oW0Zr/lARQXJ2g/8eYkQHT1El/cqeIQvHLXuxUcuFaE=
Subject key identifier: A3:E2:EC:18:4E:6C:5F:1B:26:C5:75:37:BD:61:A6:E0:63:13:DC:FE
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 23E8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/o-LsGE5sXxsmxXU3vWGm4GMT3P4.roa
Signing time: Tue 24 Jun 2025 10:42:03 +0000
ROA not before: Tue 24 Jun 2025 10:42:03 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9192 (0x23e8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 24 10:42:03 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=A3E2EC184E6C5F1B26C57537BD61A6E06313DCFE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:a7:72:e4:76:eb:6d:a5:7a:82:7d:3a:a9:ef:
35:04:8f:86:77:fe:08:ec:19:24:e6:91:72:ac:ae:
8a:fb:79:c5:22:7d:04:23:c6:a5:4c:bd:6c:e4:c4:
cc:52:72:4e:ea:8d:c3:6e:38:1c:e8:cc:f8:16:c7:
84:76:d6:f6:af:42:97:82:5c:a6:d0:86:bf:a7:9a:
82:94:fd:36:2e:21:69:cc:2c:88:95:3d:f1:4d:0a:
0d:93:fd:3b:22:8a:df:b6:e6:f9:28:0d:94:c4:20:
4f:38:ce:3a:1a:27:07:54:6b:2f:01:0e:63:38:e6:
c5:87:1a:99:88:61:aa:7d:e6:d2:b0:75:c9:95:81:
a9:c4:53:7d:05:de:ec:16:5e:10:ec:a6:f3:79:06:
e2:91:b7:5c:49:fb:d2:00:39:8d:6e:5a:ed:00:bd:
04:d2:d9:02:82:6c:50:7c:e9:07:9c:ca:36:f0:77:
53:1a:ca:cd:1d:35:b5:aa:b7:ca:62:e1:21:38:8f:
e6:f1:31:18:84:6b:55:94:20:15:5e:e5:7f:62:55:
45:ee:89:ae:b5:b6:59:a7:05:14:b0:80:2b:e8:82:
ac:61:21:3d:ac:75:fe:1a:be:a2:87:3c:fa:39:07:
61:17:7e:c5:00:84:96:d1:0d:b2:48:50:40:1c:d6:
de:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:E2:EC:18:4E:6C:5F:1B:26:C5:75:37:BD:61:A6:E0:63:13:DC:FE
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/o-LsGE5sXxsmxXU3vWGm4GMT3P4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
57:4f:b5:5b:18:26:8d:5b:26:e4:6c:0e:c4:e6:6e:2e:d6:28:
85:4e:60:ea:7d:e5:43:9d:8c:9d:f1:41:5f:10:c6:77:19:b0:
4a:de:8a:9a:fc:f8:90:6c:b6:bc:83:38:ca:b3:b6:4a:ee:01:
37:8c:04:94:0d:1d:d9:c9:22:72:e1:a7:a8:5f:22:70:2e:81:
c5:65:ee:83:ea:cc:97:c3:79:3d:12:39:d1:08:64:22:f9:c7:
18:c4:06:5a:cd:e7:04:d1:6e:29:c2:c9:f6:79:71:a9:9a:5f:
45:43:d8:16:5f:cd:68:e2:2e:23:d5:dc:62:38:c3:1a:82:61:
9a:04:fd:36:f9:bb:da:7a:0a:00:64:08:b2:08:f6:6d:1a:70:
5b:15:86:91:21:a2:75:ea:6a:9a:40:98:d5:ec:e5:0f:df:e4:
af:4c:8f:f7:c7:7c:16:bb:bb:cb:3f:33:f4:d2:9d:fd:9e:ce:
46:70:f0:5d:87:69:95:ac:35:0f:04:b2:99:d5:bb:79:0f:f8:
b4:92:31:c0:5c:01:7f:65:7c:14:f7:03:a8:0b:d7:8c:43:1a:
0a:48:90:fe:59:6b:e7:15:30:fa:64:52:0b:f6:ab:db:6f:1d:
92:c0:b4:9c:90:40:7a:2c:b4:93:7c:3f:49:30:c6:fa:66:5c:
f4:e5:45:22
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICI+gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjQx
MDQyMDNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEEzRTJFQzE4NEU2QzVG
MUIyNkM1NzUzN0JENjFBNkUwNjMxM0RDRkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAp3LkduttpXqCfTqp7zUEj4Z3/gjsGSTmkXKsror7ecUifQQj
xqVMvWzkxMxSck7qjcNuOBzozPgWx4R21vavQpeCXKbQhr+nmoKU/TYuIWnMLIiV
PfFNCg2T/Tsiit+25vkoDZTEIE84zjoaJwdUay8BDmM45sWHGpmIYap95tKwdcmV
ganEU30F3uwWXhDspvN5BuKRt1xJ+9IAOY1uWu0AvQTS2QKCbFB86Qecyjbwd1Ma
ys0dNbWqt8pi4SE4j+bxMRiEa1WUIBVe5X9iVUXuia61tlmnBRSwgCvogqxhIT2s
df4avqKHPPo5B2EXfsUAhJbRDbJIUEAc1t6xAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUo+LsGE5sXxsmxXU3vWGm4GMT3P4wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9vLUxzR0U1c1h4c214WFUz
dldHbTRHTVQzUDQucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAFdPtVsYJo1bJuRsDsTmbi7WKIVOYOp95UOd
jJ3xQV8QxncZsEreipr8+JBstryDOMqztkruATeMBJQNHdnJInLhp6hfInAugcVl
7oPqzJfDeT0SOdEIZCL5xxjEBlrN5wTRbinCyfZ5camaX0VD2BZfzWjiLiPV3GI4
wxqCYZoE/Tb5u9p6CgBkCLII9m0acFsVhpEhonXqappAmNXs5Q/f5K9Mj/fHfBa7
u8s/M/TSnf2ezkZw8F2HaZWsNQ8EspnVu3kP+LSSMcBcAX9lfBT3A6gL14xDGgpI
kP5Za+cVMPpkUgv2q9tvHZLAtJyQQHostJN8P0kwxvpmXPTlRSI=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:53:19 2025 by rpki-client