Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/ymqkgpQirQYD9rAvtedcCiisMzA.roa
File: ymqkgpQirQYD9rAvtedcCiisMzA.roa (raw, json)
Hash identifier: mFUZ3zsJPwQBOHPCG5WIfaL/OffuaiScMCzMmNswRYk=
Subject key identifier: CA:6A:A4:82:94:22:AD:06:03:F6:B0:2F:B5:E7:5C:0A:28:AC:33:30
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0CD4
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ymqkgpQirQYD9rAvtedcCiisMzA.roa
Signing time: Sat 24 May 2025 04:38:31 +0000
ROA not before: Sat 24 May 2025 04:38:31 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3284 (0xcd4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 24 04:38:31 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=CA6AA4829422AD0603F6B02FB5E75C0A28AC3330
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:e7:08:89:6b:22:3b:1f:91:54:17:33:2d:df:
f7:b1:19:36:49:89:b4:a0:6e:b2:a3:62:4a:a6:09:
7a:e2:db:32:96:98:b2:80:cf:15:6b:fe:98:42:c3:
f7:99:ae:41:0c:c3:06:55:93:29:61:25:b3:3f:5f:
73:17:ba:db:e2:22:26:c2:af:c0:64:8d:f8:5c:e8:
2c:56:c2:bc:4f:6b:dc:4c:1d:f3:bf:50:ce:da:be:
22:ea:04:29:20:b9:ec:4a:81:8c:a1:f3:55:85:02:
59:76:e8:46:24:04:44:35:56:63:a5:7e:1a:4c:e6:
d0:d8:ba:bb:46:a0:47:9e:66:51:4c:75:43:11:58:
64:46:77:d7:b9:7e:71:9f:20:9b:59:8e:36:0f:2e:
ad:48:35:22:10:f7:3d:bb:e6:9f:a1:13:f9:90:36:
7d:14:2c:a5:a1:b5:6d:6a:ff:c5:c1:1c:7b:a6:71:
2a:dc:3e:50:db:15:a1:7d:5f:d7:3b:ec:4d:84:c5:
2b:c4:31:33:11:ca:19:98:b0:2a:90:33:2e:0d:b8:
cd:cd:5a:c7:bd:a4:b7:0e:60:9b:55:45:a4:a9:bb:
a6:7d:29:8d:8d:13:58:b0:b2:d3:0e:3f:45:7b:8a:
65:6f:8b:75:48:3f:11:09:b3:f4:78:2b:e9:28:88:
04:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:6A:A4:82:94:22:AD:06:03:F6:B0:2F:B5:E7:5C:0A:28:AC:33:30
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ymqkgpQirQYD9rAvtedcCiisMzA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
46:ec:a4:24:fb:fd:52:97:2c:47:7c:0a:b0:2e:af:e8:57:cd:
f4:fb:49:01:b3:36:7f:cc:6d:91:f2:36:53:42:4d:93:3f:a7:
0e:7f:64:5b:e2:a0:41:4e:09:4b:d3:b8:f8:ac:b2:f9:c6:d1:
53:44:21:6c:c2:d1:1a:45:ce:1b:67:97:d6:40:f9:53:96:4c:
0d:78:25:01:72:e3:53:80:cf:e0:e6:24:64:6f:3c:89:4d:9f:
7a:05:3d:db:db:64:08:06:48:bc:69:c9:f8:8e:ad:00:a7:5f:
22:53:3f:35:0d:60:6e:ed:50:df:d7:69:9f:1b:5c:6c:ef:1c:
13:e3:11:5e:e0:19:98:28:3b:11:df:f2:e3:74:4f:86:89:13:
01:2c:5e:74:db:58:71:cf:ab:fe:fd:55:d8:fd:29:97:c9:1f:
51:c1:e1:25:24:07:ef:6a:2b:4d:7d:9f:fb:92:08:3b:f0:9a:
77:fa:46:59:6f:87:a5:9c:12:4b:60:50:f6:83:ba:cf:f5:bd:
dd:52:65:4f:2c:dc:c7:3e:09:24:ea:9a:98:de:d2:f2:71:cf:
bf:36:d3:1d:6c:03:da:76:a2:36:90:5f:ed:eb:c0:ba:99:b8:
58:be:8d:09:fc:21:ab:43:b2:9a:49:b4:dd:1b:21:6c:73:1d:
29:a8:2c:5b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDNQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjQw
NDM4MzFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKENBNkFBNDgyOTQyMkFE
MDYwM0Y2QjAyRkI1RTc1QzBBMjhBQzMzMzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC25wiJayI7H5FUFzMt3/exGTZJibSgbrKjYkqmCXri2zKWmLKA
zxVr/phCw/eZrkEMwwZVkylhJbM/X3MXutviIibCr8Bkjfhc6CxWwrxPa9xMHfO/
UM7aviLqBCkguexKgYyh81WFAll26EYkBEQ1VmOlfhpM5tDYurtGoEeeZlFMdUMR
WGRGd9e5fnGfIJtZjjYPLq1INSIQ9z275p+hE/mQNn0ULKWhtW1q/8XBHHumcSrc
PlDbFaF9X9c77E2ExSvEMTMRyhmYsCqQMy4NuM3NWse9pLcOYJtVRaSpu6Z9KY2N
E1iwstMOP0V7imVvi3VIPxEJs/R4K+koiARfAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUymqkgpQirQYD9rAvtedcCiisMzAwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni95bXFrZ3BRaXJRWUQ5ckF2
dGVkY0NpaXNNekEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAEbspCT7/VKXLEd8CrAur+hXzfT7SQGzNn/M
bZHyNlNCTZM/pw5/ZFvioEFOCUvTuPissvnG0VNEIWzC0RpFzhtnl9ZA+VOWTA14
JQFy41OAz+DmJGRvPIlNn3oFPdvbZAgGSLxpyfiOrQCnXyJTPzUNYG7tUN/XaZ8b
XGzvHBPjEV7gGZgoOxHf8uN0T4aJEwEsXnTbWHHPq/79Vdj9KZfJH1HB4SUkB+9q
K019n/uSCDvwmnf6Rllvh6WcEktgUPaDus/1vd1SZU8s3Mc+CSTqmpje0vJxz782
0x1sA9p2ojaQX+3rwLqZuFi+jQn8IatDsppJtN0bIWxzHSmoLFs=
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:59:44 2025 by rpki-client