Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/qP6L2ywAmC_CWkFxT8TuFEEFCPE.roa
File: qP6L2ywAmC_CWkFxT8TuFEEFCPE.roa (raw, json)
Hash identifier: yW2fBZBz4jA3AyTz0l+kiDU5nj9Euzwe3JOmOlVhUJw=
Subject key identifier: A8:FE:8B:DB:2C:00:98:2F:C2:5A:41:71:4F:C4:EE:14:41:05:08:F1
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 21B0
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/qP6L2ywAmC_CWkFxT8TuFEEFCPE.roa
Signing time: Sat 21 Jun 2025 11:41:45 +0000
ROA not before: Sat 21 Jun 2025 11:41:45 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8624 (0x21b0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 21 11:41:45 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=A8FE8BDB2C00982FC25A41714FC4EE14410508F1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:11:18:63:9b:8f:0e:3e:e3:8f:ab:0a:ee:ed:
ee:d9:d5:be:80:b3:a1:55:78:ca:59:8d:a8:56:ef:
48:59:47:d5:27:86:11:22:d9:86:43:9b:f8:9b:0e:
62:10:47:5b:8d:2f:96:7c:97:3e:2b:11:38:23:37:
c7:24:01:fd:f2:99:59:e9:3f:1d:d1:66:5f:54:a9:
47:64:f0:9e:32:ee:58:a5:e7:03:f2:b7:74:0b:b1:
10:8c:88:cd:3c:a5:a5:6f:8c:1d:d3:ab:b8:72:d3:
ba:46:d1:b6:52:31:5f:ed:18:2a:ac:db:77:e0:21:
bc:2b:34:bb:13:7f:1f:c6:73:e9:66:f6:b7:ff:51:
1b:da:31:02:96:e5:f7:d3:3e:da:37:a8:63:9b:82:
5d:42:1a:74:bc:05:f5:3e:ee:67:d4:20:b1:47:76:
ec:4f:b7:2d:2c:e8:d0:5a:7f:d8:66:82:61:43:aa:
d6:09:62:ad:e3:2c:70:ea:a3:5a:9f:b5:d1:d3:b4:
b2:bf:39:99:52:86:c7:92:aa:f9:58:0b:c0:e6:5d:
d9:2f:cf:11:c9:b6:84:90:aa:71:41:03:2f:06:b5:
fd:6a:7b:43:a2:34:4f:01:36:aa:9a:63:88:8d:0d:
c0:eb:3a:0a:58:66:a2:9c:22:11:88:1c:72:47:e5:
46:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:FE:8B:DB:2C:00:98:2F:C2:5A:41:71:4F:C4:EE:14:41:05:08:F1
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/qP6L2ywAmC_CWkFxT8TuFEEFCPE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
72:39:72:b9:47:6e:d0:38:b5:57:81:0e:47:b0:5a:13:c6:9c:
02:c4:e7:78:f9:01:d4:78:3d:1b:94:8d:86:04:05:c4:77:df:
29:02:db:7b:d1:36:a1:4f:59:31:09:ab:e8:ba:01:d1:71:4e:
73:13:e3:93:74:15:e3:5e:57:f0:23:79:d1:c4:3a:d3:44:77:
d1:00:b3:bb:ad:ed:cf:6b:b4:d4:5b:fc:06:c4:cf:47:16:9c:
1f:e3:01:b6:12:bb:a3:03:2d:85:2f:eb:67:02:a0:73:8c:15:
f3:ee:76:fd:ab:9c:4e:2c:88:61:f3:80:a2:8a:f7:04:c3:ce:
15:29:8d:f7:0d:ae:e2:ed:1f:c1:31:ca:5c:7e:2d:a0:44:4b:
f0:47:6a:0c:d7:62:27:8f:a3:38:f9:21:32:50:8c:a8:76:8f:
43:d3:bd:e7:14:e8:d5:7b:82:ff:03:f3:1e:f6:f9:b7:51:85:
82:1f:37:0c:41:7b:ac:9a:71:9d:bf:06:3f:39:51:b6:15:56:
33:44:db:a3:68:9f:92:d4:41:eb:3d:20:c7:44:17:c2:39:ad:
c7:d8:3c:80:21:c6:ac:63:b1:9b:28:f3:c4:8f:0b:ec:2b:b5:
52:6c:66:9c:e0:c3:54:a0:89:00:86:58:8b:cc:e4:b2:a3:08:
72:5d:ed:cb
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIbAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjEx
MTQxNDVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEE4RkU4QkRCMkMwMDk4
MkZDMjVBNDE3MTRGQzRFRTE0NDEwNTA4RjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKERhjm48OPuOPqwru7e7Z1b6As6FVeMpZjahW70hZR9UnhhEi
2YZDm/ibDmIQR1uNL5Z8lz4rETgjN8ckAf3ymVnpPx3RZl9UqUdk8J4y7lil5wPy
t3QLsRCMiM08paVvjB3Tq7hy07pG0bZSMV/tGCqs23fgIbwrNLsTfx/Gc+lm9rf/
URvaMQKW5ffTPto3qGObgl1CGnS8BfU+7mfUILFHduxPty0s6NBaf9hmgmFDqtYJ
Yq3jLHDqo1qftdHTtLK/OZlShseSqvlYC8DmXdkvzxHJtoSQqnFBAy8Gtf1qe0Oi
NE8BNqqaY4iNDcDrOgpYZqKcIhGIHHJH5UadAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUqP6L2ywAmC/CWkFxT8TuFEEFCPEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9xUDZMMnl3QW1DX0NXa0Z4
VDhUdUZFRUZDUEUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAHI5crlHbtA4tVeBDkewWhPGnALE53j5AdR4
PRuUjYYEBcR33ykC23vRNqFPWTEJq+i6AdFxTnMT45N0FeNeV/AjedHEOtNEd9EA
s7ut7c9rtNRb/AbEz0cWnB/jAbYSu6MDLYUv62cCoHOMFfPudv2rnE4siGHzgKKK
9wTDzhUpjfcNruLtH8Exylx+LaBES/BHagzXYiePozj5ITJQjKh2j0PTvecU6NV7
gv8D8x72+bdRhYIfNwxBe6yacZ2/Bj85UbYVVjNE26Non5LUQes9IMdEF8I5rcfY
PIAhxqxjsZso88SPC+wrtVJsZpzgw1SgiQCGWIvM5LKjCHJd7cs=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:34:14 2025 by rpki-client