Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/vrHInogR48TyeWPNdNVVEJHj3IE.roa
File: vrHInogR48TyeWPNdNVVEJHj3IE.roa (raw, json)
Hash identifier: jW/0LMOeOLjKKL2sBQJCgj6TpqBQ0P/TttiwdbULiYA=
Subject key identifier: BE:B1:C8:9E:88:11:E3:C4:F2:79:63:CD:74:D5:55:10:91:E3:DC:81
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1EA0
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/vrHInogR48TyeWPNdNVVEJHj3IE.roa
Signing time: Mon 16 Jun 2025 22:13:13 +0000
ROA not before: Mon 16 Jun 2025 22:13:13 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7840 (0x1ea0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 16 22:13:13 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=BEB1C89E8811E3C4F27963CD74D5551091E3DC81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:c4:4e:e3:11:f9:0e:0a:24:87:65:65:83:4b:
0f:7e:f8:44:af:77:38:80:ff:21:ce:c9:af:f5:cd:
d1:a6:b1:3b:8e:02:03:53:d9:ca:97:0c:bb:21:2c:
cd:0e:b9:f3:eb:91:3a:fd:a3:a9:d9:4e:44:60:ee:
c5:9a:6e:4c:83:6a:9b:c6:21:9c:55:78:b3:a9:b6:
05:66:b3:23:56:da:a5:e6:29:9c:c3:79:bf:bf:d3:
42:8f:b2:47:8f:24:6f:ca:4c:e2:05:59:e9:7c:39:
1a:6e:78:75:b7:c9:b4:f0:32:15:a2:f0:6d:ba:af:
14:91:c8:f5:40:d5:ea:4c:d4:9d:ea:09:30:9e:bd:
2c:c9:7c:92:6b:99:1c:24:b4:0b:d4:13:ae:ae:47:
7d:08:c6:bb:40:4e:83:1c:c2:60:da:e3:99:26:cd:
c0:6e:b4:0e:88:68:94:be:26:63:09:fa:01:09:c2:
52:77:d7:2a:b2:28:e4:60:f8:33:46:07:5b:ee:6e:
ad:bd:28:97:4f:4e:e7:12:1b:5a:d1:57:64:94:0a:
34:c3:6e:e0:d7:12:8e:3f:a9:44:39:28:fa:22:02:
63:c7:c5:43:87:c7:19:1b:93:30:32:3d:23:69:93:
81:d6:37:0c:78:ec:02:93:3a:bb:72:19:2e:11:cf:
3d:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:B1:C8:9E:88:11:E3:C4:F2:79:63:CD:74:D5:55:10:91:E3:DC:81
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/vrHInogR48TyeWPNdNVVEJHj3IE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4e:f7:5c:8f:3a:0e:08:5a:07:0b:d8:de:53:7c:54:94:fa:87:
0b:4b:e5:b1:9c:2e:a5:7d:47:fe:ef:44:a9:12:b4:7c:9b:d6:
8e:01:11:f5:77:ae:23:fb:88:f7:1a:bf:11:c2:f4:84:19:92:
43:92:db:de:85:86:11:0d:68:e0:86:91:c7:f3:fb:76:ad:22:
b0:39:6f:c4:13:df:df:dc:cb:48:47:94:90:ff:c3:73:94:a6:
43:87:6f:f5:72:db:59:9e:91:8d:d8:3f:1a:5d:e1:0b:27:87:
28:1b:89:0a:b9:d2:9a:d7:7d:c8:66:4e:fc:ce:ac:d9:9d:32:
ac:c7:68:88:d6:b7:4c:0c:1e:be:89:85:2e:9d:00:ac:15:2e:
72:86:8c:00:25:88:66:7c:2e:22:dd:75:82:8d:94:22:58:64:
d0:e4:b9:d3:3a:eb:3c:4f:d0:67:03:57:a9:28:d7:66:5a:cb:
8d:61:7b:20:c4:ff:70:e0:1b:53:1c:b4:a6:7f:69:44:b8:d9:
78:37:df:33:a5:f0:cb:ff:4b:23:bd:55:bc:7e:2f:25:fb:b6:
ac:5a:f4:78:72:a8:55:36:f2:03:09:29:0c:9d:26:48:21:cd:
ca:6e:50:e1:ee:83:c3:1f:e9:bd:60:78:30:fe:b6:72:88:83:
c7:5b:86:c8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHqAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTYy
MjEzMTNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEJFQjFDODlFODgxMUUz
QzRGMjc5NjNDRDc0RDU1NTEwOTFFM0RDODEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7xE7jEfkOCiSHZWWDSw9++ESvdziA/yHOya/1zdGmsTuOAgNT
2cqXDLshLM0OufPrkTr9o6nZTkRg7sWabkyDapvGIZxVeLOptgVmsyNW2qXmKZzD
eb+/00KPskePJG/KTOIFWel8ORpueHW3ybTwMhWi8G26rxSRyPVA1epM1J3qCTCe
vSzJfJJrmRwktAvUE66uR30IxrtAToMcwmDa45kmzcButA6IaJS+JmMJ+gEJwlJ3
1yqyKORg+DNGB1vubq29KJdPTucSG1rRV2SUCjTDbuDXEo4/qUQ5KPoiAmPHxUOH
xxkbkzAyPSNpk4HWNwx47AKTOrtyGS4Rzz0NAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUvrHInogR48TyeWPNdNVVEJHj3IEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni92ckhJbm9nUjQ4VHllV1BO
ZE5WVkVKSGozSUUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAE73XI86DghaBwvY3lN8VJT6hwtL5bGcLqV9
R/7vRKkStHyb1o4BEfV3riP7iPcavxHC9IQZkkOS296FhhENaOCGkcfz+3atIrA5
b8QT39/cy0hHlJD/w3OUpkOHb/Vy21mekY3YPxpd4QsnhygbiQq50prXfchmTvzO
rNmdMqzHaIjWt0wMHr6JhS6dAKwVLnKGjAAliGZ8LiLddYKNlCJYZNDkudM66zxP
0GcDV6ko12Zay41heyDE/3DgG1MctKZ/aUS42Xg33zOl8Mv/SyO9Vbx+LyX7tqxa
9HhyqFU28gMJKQydJkghzcpuUOHug8Mf6b1geDD+tnKIg8dbhsg=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:41 2025 by rpki-client