Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/y2WZLl3o70bEz5qlbz5q1UiOMUw.roa
File: y2WZLl3o70bEz5qlbz5q1UiOMUw.roa (raw, json)
Hash identifier: ovOFsYU/9zDFeKW4ehxebCD3sBecnpIeB5NfUd4AX9o=
Subject key identifier: CB:65:99:2E:5D:E8:EF:46:C4:CF:9A:A5:6F:3E:6A:D5:48:8E:31:4C
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1FD8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/y2WZLl3o70bEz5qlbz5q1UiOMUw.roa
Signing time: Wed 18 Jun 2025 13:25:56 +0000
ROA not before: Wed 18 Jun 2025 13:25:56 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8152 (0x1fd8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 18 13:25:56 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=CB65992E5DE8EF46C4CF9AA56F3E6AD5488E314C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:14:bf:f3:e7:3c:af:cd:3c:2e:9b:e2:70:2f:
4d:6c:bc:ed:4f:f8:46:85:7e:6d:8e:3f:5e:1c:89:
00:a8:68:cc:51:b8:b1:28:5d:ed:ef:7e:32:4c:a2:
4b:26:f7:d4:68:36:f1:3b:a4:d5:0c:91:18:86:50:
5c:c2:6c:7e:b9:ad:83:23:af:f0:1d:3e:46:8f:4b:
92:23:89:64:62:5c:a8:12:91:5e:d3:bf:9d:f0:de:
3c:55:44:aa:f9:b1:8e:af:fa:3e:a9:af:0d:90:60:
31:91:13:f0:44:61:61:55:c9:74:83:bd:b8:d7:49:
e4:7e:15:7b:58:ca:02:84:c0:56:a6:ba:a9:5e:14:
27:b7:13:d9:a1:6c:c4:ea:43:d5:df:82:1a:ea:c1:
92:56:ee:93:06:21:9c:11:2f:d1:cf:ce:05:bf:83:
73:ce:55:23:d9:96:22:05:51:86:60:1c:af:b7:44:
76:9e:dd:9a:ce:1c:79:fd:2a:69:1e:9f:2b:22:1a:
b9:cd:f4:7e:f7:93:1a:e0:c3:5b:d0:72:e7:82:f9:
1e:08:f0:a2:1d:56:ac:be:22:05:77:65:82:17:06:
99:19:9f:d4:23:41:f7:00:79:fd:be:e7:4b:65:5c:
56:b5:84:84:3d:6b:0f:4c:a5:c7:f1:e8:b6:c3:7d:
fe:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:65:99:2E:5D:E8:EF:46:C4:CF:9A:A5:6F:3E:6A:D5:48:8E:31:4C
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/y2WZLl3o70bEz5qlbz5q1UiOMUw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
95:3a:a7:1e:01:65:4c:55:8e:5c:b1:96:b8:17:a0:fd:8c:e9:
87:20:77:db:6c:d9:2f:6a:42:d5:22:87:46:51:28:f1:39:b5:
dd:a1:f2:27:1d:b1:32:c5:b4:9a:96:72:1e:cf:b1:4a:07:57:
7d:da:6e:00:71:70:c0:7a:58:07:7e:97:96:86:38:2c:80:3b:
13:49:46:a4:80:dc:bb:7b:bd:52:57:88:7e:25:f3:c1:b9:fc:
84:c6:a7:d1:94:e2:9e:f1:f3:f1:8a:fb:ce:2a:95:65:b8:08:
50:4f:f1:9e:5f:ba:2b:48:96:1c:2d:f6:b2:fa:65:f9:e4:29:
ec:a0:af:d2:cf:2c:b2:f3:c8:61:07:8c:97:26:a6:23:e3:06:
8c:51:17:76:4d:18:fe:8c:a9:c5:bb:c6:2b:97:74:f0:f3:39:
66:b5:db:95:9b:62:af:29:37:12:b8:30:d9:c9:15:7e:19:79:
85:78:62:f8:8f:d8:2f:da:0d:6a:8e:cf:47:c2:d5:a9:a1:17:
ff:12:f2:1c:92:c3:8a:47:08:32:0f:c8:4e:de:1d:9b:24:a7:
06:d3:0e:5a:c6:9c:6a:d5:42:f6:aa:d7:af:cb:95:f1:ce:bb:
60:2c:dd:d3:6d:7a:2f:9d:dc:71:44:8f:11:10:47:17:c6:ee:
66:f4:4c:db
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICH9gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTgx
MzI1NTZaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKENCNjU5OTJFNURFOEVG
NDZDNENGOUFBNTZGM0U2QUQ1NDg4RTMxNEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDgFL/z5zyvzTwum+JwL01svO1P+EaFfm2OP14ciQCoaMxRuLEo
Xe3vfjJMoksm99RoNvE7pNUMkRiGUFzCbH65rYMjr/AdPkaPS5IjiWRiXKgSkV7T
v53w3jxVRKr5sY6v+j6prw2QYDGRE/BEYWFVyXSDvbjXSeR+FXtYygKEwFamuqle
FCe3E9mhbMTqQ9XfghrqwZJW7pMGIZwRL9HPzgW/g3POVSPZliIFUYZgHK+3RHae
3ZrOHHn9KmkenysiGrnN9H73kxrgw1vQcueC+R4I8KIdVqy+IgV3ZYIXBpkZn9Qj
QfcAef2+50tlXFa1hIQ9aw9Mpcfx6LbDff6jAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUy2WZLl3o70bEz5qlbz5q1UiOMUwwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni95MldaTGwzbzcwYkV6NXFs
Yno1cTFVaU9NVXcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAJU6px4BZUxVjlyxlrgXoP2M6Ycgd9ts2S9q
QtUih0ZRKPE5td2h8icdsTLFtJqWch7PsUoHV33abgBxcMB6WAd+l5aGOCyAOxNJ
RqSA3Lt7vVJXiH4l88G5/ITGp9GU4p7x8/GK+84qlWW4CFBP8Z5fuitIlhwt9rL6
ZfnkKeygr9LPLLLzyGEHjJcmpiPjBoxRF3ZNGP6MqcW7xiuXdPDzOWa125WbYq8p
NxK4MNnJFX4ZeYV4YviP2C/aDWqOz0fC1amhF/8S8hySw4pHCDIPyE7eHZskpwbT
DlrGnGrVQvaq16/LlfHOu2As3dNtei+d3HFEjxEQRxfG7mb0TNs=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:52:22 2025 by rpki-client