Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/yXUQtX-YwKdA05JZ6WcHUo8gTss.roa
File: yXUQtX-YwKdA05JZ6WcHUo8gTss.roa (raw, json)
Hash identifier: 1cqTPYyMe6A3rPMT1Eo0veWD/m6HMptO0GnqIGtQdFQ=
Subject key identifier: C9:75:10:B5:7F:98:C0:A7:40:D3:92:59:E9:67:07:52:8F:20:4E:CB
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 23F0
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/yXUQtX-YwKdA05JZ6WcHUo8gTss.roa
Signing time: Tue 24 Jun 2025 11:41:58 +0000
ROA not before: Tue 24 Jun 2025 11:41:58 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9200 (0x23f0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 24 11:41:58 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=C97510B57F98C0A740D39259E96707528F204ECB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:59:d1:67:41:ec:81:89:3b:db:be:1f:1b:7d:
61:70:9b:4b:65:de:84:92:7e:e7:9f:fb:0a:ba:95:
27:db:a2:e8:8a:61:3f:64:9f:15:75:88:a8:83:12:
24:f3:f0:c1:c8:53:e0:1f:6e:d1:ad:35:12:b3:46:
49:08:0f:3d:1a:86:f6:4b:09:08:12:ee:82:cf:1e:
e9:d1:76:0a:3c:d2:8d:5b:d0:4d:4e:97:6e:b0:c9:
55:7b:dd:e2:74:e8:19:7f:56:f0:a1:c5:79:3f:dd:
5c:d7:28:6d:0f:a7:f6:0f:57:72:d1:e1:cc:e8:8f:
53:d2:19:cb:fd:1c:d9:31:74:38:46:c4:5a:0a:ab:
36:9c:33:2c:08:a0:f1:0d:3d:e5:e6:94:0b:06:79:
8c:27:46:f1:c3:56:2f:c8:c9:4c:42:5c:f4:4a:5b:
87:8b:8c:76:4b:66:ba:4a:da:c4:57:6e:23:f9:50:
00:dc:30:49:51:71:1d:1f:f2:f3:81:35:f8:c5:71:
4f:35:b9:6c:70:f9:35:25:38:16:99:04:ae:4a:b5:
10:4b:55:de:b0:fa:d4:dc:e7:2c:cc:ba:13:42:d7:
70:64:a9:0d:13:09:eb:d8:27:c1:6a:f5:b4:22:03:
18:7b:aa:3f:68:44:87:d8:00:b0:1f:41:ab:68:be:
50:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:75:10:B5:7F:98:C0:A7:40:D3:92:59:E9:67:07:52:8F:20:4E:CB
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/yXUQtX-YwKdA05JZ6WcHUo8gTss.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
94:30:d7:d5:34:0a:da:21:33:0f:44:a0:12:5e:55:79:90:56:
c9:a9:2a:b6:16:5d:aa:63:d3:c4:c1:44:2c:66:9b:0e:36:83:
f2:19:a1:d1:f2:d8:1a:89:65:07:53:a3:0f:fe:fd:f1:e9:99:
09:4d:72:38:bf:ce:c8:53:ae:49:62:c0:62:36:95:e8:e3:67:
48:56:65:cc:36:83:18:e3:8f:b7:32:2e:25:c5:2b:8e:ab:fa:
2b:3f:db:9a:f4:7c:70:72:4e:37:09:e8:8c:3f:db:59:ce:78:
23:9d:67:49:6d:6b:f4:23:ef:61:80:ce:fe:14:8e:d9:79:8e:
8e:e2:1b:eb:ef:11:4e:a3:df:4f:4c:b4:83:84:3c:03:1a:9d:
94:2d:41:d8:5c:59:78:04:f4:6d:fb:db:77:74:f1:41:83:a6:
04:1d:bb:12:a5:6a:9b:8e:88:3c:97:c6:eb:cb:30:fd:36:5e:
ad:74:05:f3:9f:33:0c:f2:a2:7b:5e:ed:c1:00:cc:22:bc:e9:
f4:bd:c3:9d:e6:09:c2:18:0c:01:fc:fc:59:d4:a2:40:11:70:
f2:34:73:2f:16:ae:94:27:a3:ee:21:4b:8c:46:94:29:5c:7f:
f9:97:00:23:54:6d:43:01:57:86:d7:bc:cc:18:ad:16:97:63:
34:4a:5b:85
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICI/AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjQx
MTQxNThaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEM5NzUxMEI1N0Y5OEMw
QTc0MEQzOTI1OUU5NjcwNzUyOEYyMDRFQ0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJWdFnQeyBiTvbvh8bfWFwm0tl3oSSfuef+wq6lSfbouiKYT9k
nxV1iKiDEiTz8MHIU+AfbtGtNRKzRkkIDz0ahvZLCQgS7oLPHunRdgo80o1b0E1O
l26wyVV73eJ06Bl/VvChxXk/3VzXKG0Pp/YPV3LR4czoj1PSGcv9HNkxdDhGxFoK
qzacMywIoPENPeXmlAsGeYwnRvHDVi/IyUxCXPRKW4eLjHZLZrpK2sRXbiP5UADc
MElRcR0f8vOBNfjFcU81uWxw+TUlOBaZBK5KtRBLVd6w+tTc5yzMuhNC13BkqQ0T
CevYJ8Fq9bQiAxh7qj9oRIfYALAfQatovlCRAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUyXUQtX+YwKdA05JZ6WcHUo8gTsswHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni95WFVRdFgtWXdLZEEwNUpa
NldjSFVvOGdUc3Mucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAJQw19U0CtohMw9EoBJeVXmQVsmpKrYWXapj
08TBRCxmmw42g/IZodHy2BqJZQdTow/+/fHpmQlNcji/zshTrkliwGI2lejjZ0hW
Zcw2gxjjj7cyLiXFK46r+is/25r0fHByTjcJ6Iw/21nOeCOdZ0lta/Qj72GAzv4U
jtl5jo7iG+vvEU6j309MtIOEPAManZQtQdhcWXgE9G3723d08UGDpgQduxKlapuO
iDyXxuvLMP02Xq10BfOfMwzyonte7cEAzCK86fS9w53mCcIYDAH8/FnUokARcPI0
cy8WrpQno+4hS4xGlClcf/mXACNUbUMBV4bXvMwYrRaXYzRKW4U=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:36:14 2025 by rpki-client