Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/taLf5duNzaDJgLGgN0Z1GOraQr0.roa
File: taLf5duNzaDJgLGgN0Z1GOraQr0.roa (raw, json)
Hash identifier: 6ut2o36YTFIyihcUIsSsFrT8kbJ/gk57dN65poaanm0=
Subject key identifier: B5:A2:DF:E5:DB:8D:CD:A0:C9:80:B1:A0:37:46:75:18:EA:DA:42:BD
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 23AC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/taLf5duNzaDJgLGgN0Z1GOraQr0.roa
Signing time: Tue 24 Jun 2025 03:11:58 +0000
ROA not before: Tue 24 Jun 2025 03:11:58 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9132 (0x23ac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 24 03:11:58 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=B5A2DFE5DB8DCDA0C980B1A037467518EADA42BD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:ed:3a:c7:09:c6:dd:d0:8c:70:e1:c2:d2:fd:
64:7e:dc:72:e1:44:53:0e:fe:39:55:8e:1c:ec:3a:
66:e2:aa:22:ab:46:3a:5c:47:d7:37:a1:4f:3d:7d:
e8:73:9c:38:a2:2b:eb:7e:f9:eb:00:0a:4e:4f:af:
f0:90:7d:7e:13:fb:b1:7d:87:57:00:f1:31:fe:fc:
c0:6e:86:3b:b7:59:80:34:13:1e:30:62:96:a0:36:
18:33:74:43:c7:24:52:72:05:ea:1e:5a:a5:7a:6a:
20:7e:57:e7:72:0f:80:f6:50:06:3e:ae:95:7b:99:
24:15:de:7a:3a:b0:6e:3e:5e:3e:cf:c0:5a:3e:e7:
2c:74:ee:c2:c3:5e:67:ae:1e:d3:78:33:ac:d3:4d:
d3:77:20:55:57:58:9c:79:74:d8:30:92:38:57:af:
bd:32:c6:de:7b:1a:24:e6:58:7d:e1:03:62:6a:fe:
8f:25:7c:eb:d9:96:99:fd:78:7b:45:bf:5d:b4:07:
86:5e:da:58:1d:12:41:1c:92:2e:93:22:b5:ce:e5:
32:ce:bd:c8:97:24:6b:c0:60:84:db:36:a6:c0:17:
18:0c:e3:d4:68:95:1d:39:03:76:6e:63:fc:46:1c:
2b:7e:e0:ec:20:1b:ee:5f:c5:e1:cd:e0:76:90:66:
a3:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:A2:DF:E5:DB:8D:CD:A0:C9:80:B1:A0:37:46:75:18:EA:DA:42:BD
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/taLf5duNzaDJgLGgN0Z1GOraQr0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9c:f8:0f:ec:96:d9:ec:51:fc:34:5b:a5:0a:98:56:b9:5d:bc:
4f:15:5d:c8:1b:85:11:7e:1d:63:1a:40:6b:92:cb:b9:50:ea:
74:cf:49:a0:9a:d4:9f:9f:c4:aa:88:8e:c4:6f:61:cf:60:3a:
37:10:f5:db:28:da:1f:9b:cb:d2:2b:dd:72:90:a9:fb:ec:00:
5c:52:b9:36:e3:11:98:95:46:c4:0c:72:68:a6:a7:02:7f:9d:
b8:78:86:bd:a3:67:5f:c2:55:9c:1e:45:86:54:76:e8:72:1a:
72:88:2e:73:02:a1:87:1c:cd:06:b4:06:d3:e2:11:3e:40:dc:
df:58:96:ad:eb:f3:ec:7d:55:13:f7:37:77:ba:2d:e0:e5:be:
01:00:da:8f:10:17:43:8c:ed:ba:9a:1e:77:83:6e:03:e8:2b:
e9:5f:f3:0b:d9:e1:b8:57:4f:38:49:3a:47:74:de:90:7d:eb:
c3:e5:31:13:ca:bd:fe:e1:e9:4b:09:d2:68:d5:98:20:ec:ab:
67:cc:34:b3:cf:7f:bb:f3:b5:27:94:b0:63:97:18:c4:55:22:
2d:9c:28:ef:67:c6:43:e7:14:fc:f7:19:e9:6f:48:e1:63:68:
30:83:13:e3:89:78:ff:36:03:24:a5:ec:11:95:63:d5:82:6f:
b7:95:8a:0a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICI6wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjQw
MzExNThaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEI1QTJERkU1REI4RENE
QTBDOTgwQjFBMDM3NDY3NTE4RUFEQTQyQkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDK7TrHCcbd0Ixw4cLS/WR+3HLhRFMO/jlVjhzsOmbiqiKrRjpc
R9c3oU89fehznDiiK+t++esACk5Pr/CQfX4T+7F9h1cA8TH+/MBuhju3WYA0Ex4w
YpagNhgzdEPHJFJyBeoeWqV6aiB+V+dyD4D2UAY+rpV7mSQV3no6sG4+Xj7PwFo+
5yx07sLDXmeuHtN4M6zTTdN3IFVXWJx5dNgwkjhXr70yxt57GiTmWH3hA2Jq/o8l
fOvZlpn9eHtFv120B4Ze2lgdEkEcki6TIrXO5TLOvciXJGvAYITbNqbAFxgM49Ro
lR05A3ZuY/xGHCt+4OwgG+5fxeHN4HaQZqMvAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUtaLf5duNzaDJgLGgN0Z1GOraQr0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni90YUxmNWR1TnphREpnTEdn
TjBaMUdPcmFRcjAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAJz4D+yW2exR/DRbpQqYVrldvE8VXcgbhRF+
HWMaQGuSy7lQ6nTPSaCa1J+fxKqIjsRvYc9gOjcQ9dso2h+by9Ir3XKQqfvsAFxS
uTbjEZiVRsQMcmimpwJ/nbh4hr2jZ1/CVZweRYZUduhyGnKILnMCoYcczQa0BtPi
ET5A3N9Ylq3r8+x9VRP3N3e6LeDlvgEA2o8QF0OM7bqaHneDbgPoK+lf8wvZ4bhX
TzhJOkd03pB968PlMRPKvf7h6UsJ0mjVmCDsq2fMNLPPf7vztSeUsGOXGMRVIi2c
KO9nxkPnFPz3GelvSOFjaDCDE+OJeP82AySl7BGVY9WCb7eVigo=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:34 2025 by rpki-client