Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/zSGBtfWpDf5NlVISekyKmQ2B45U.roa
File: zSGBtfWpDf5NlVISekyKmQ2B45U.roa (raw, json)
Hash identifier: lJhhdCJxQV85PTI6bw53BrfrZAqsYqBfnTOkyG3w/BA=
Subject key identifier: CD:21:81:B5:F5:A9:0D:FE:4D:95:52:12:7A:4C:8A:99:0D:81:E3:95
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 22F4
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/zSGBtfWpDf5NlVISekyKmQ2B45U.roa
Signing time: Mon 23 Jun 2025 04:11:53 +0000
ROA not before: Mon 23 Jun 2025 04:11:53 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8948 (0x22f4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 23 04:11:53 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=CD2181B5F5A90DFE4D9552127A4C8A990D81E395
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:3c:cc:2f:48:28:70:5c:e2:0f:2a:48:4a:46:
23:92:68:a3:20:a4:59:44:0c:43:7e:82:4b:43:03:
28:a4:e9:c8:80:15:e2:24:48:66:55:44:75:6b:ff:
32:c1:7e:70:39:7c:38:2f:84:e5:53:18:f6:29:ad:
cb:02:41:31:40:aa:46:63:45:4c:22:50:51:fd:be:
dc:fd:9d:8c:10:67:c0:b5:7e:89:31:1c:d7:64:71:
2b:54:bd:7b:70:59:0f:bb:e5:69:1e:00:db:0a:f0:
fe:33:a9:ea:cf:99:cd:47:91:10:eb:5d:fc:2a:34:
7b:ab:49:ba:01:f6:c7:6e:9e:c6:65:29:db:7d:22:
61:80:43:cb:15:d7:54:ec:f1:10:0e:ac:3f:c0:7b:
f7:d2:91:9b:f4:82:3e:9b:5e:7c:aa:78:ac:68:1c:
84:40:66:f7:27:32:4a:29:cc:01:8d:9d:29:43:d9:
e3:2b:f5:57:89:93:9e:4a:d3:8a:fc:03:10:3c:78:
66:ac:fa:f3:a4:62:42:36:52:04:be:5f:f8:cc:a1:
76:e4:e8:9f:ff:a4:1e:a4:9b:f9:3e:c9:f6:4a:bc:
96:72:3d:85:cb:8d:0f:cd:87:e6:e1:07:f4:b7:8b:
b8:88:94:87:ae:ec:41:de:af:03:27:1b:77:3b:c7:
9e:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:21:81:B5:F5:A9:0D:FE:4D:95:52:12:7A:4C:8A:99:0D:81:E3:95
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/zSGBtfWpDf5NlVISekyKmQ2B45U.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
67:c5:2e:c6:9a:5e:0c:8f:b3:5d:90:14:59:45:d1:46:41:d5:
84:5f:17:1e:5c:81:0e:42:fa:fc:8b:2f:2c:f5:b5:f3:4a:65:
d0:5b:11:14:a6:ce:8b:7a:b1:61:7b:d2:ea:d9:dc:24:f6:4c:
98:36:96:ac:43:75:21:57:f5:e0:8a:d8:05:44:cc:ce:64:b1:
c4:01:9c:33:3b:b9:75:e1:49:da:c3:0d:71:ca:d3:b5:42:c3:
0d:32:6d:5b:a7:23:94:09:fb:9a:76:3d:20:e2:df:a3:0a:f2:
1b:29:73:86:4d:d7:60:dc:0f:ce:87:97:ca:54:d5:5d:fc:4d:
8c:73:2f:29:35:2c:82:04:56:f0:3a:fd:f3:30:ca:ff:3c:b6:
21:19:74:dc:88:51:6f:a4:17:15:1f:3a:96:0d:13:ab:47:1e:
de:06:80:70:60:f6:25:8d:6c:07:e6:06:86:88:48:e3:41:42:
d4:d9:fe:42:f2:4b:a2:85:7c:85:75:e2:d2:21:0e:73:ae:b3:
57:7b:8e:e0:31:92:98:6d:52:12:e7:06:e4:ab:27:14:18:30:
9f:97:37:3a:e7:e2:cc:e9:c6:03:c4:27:99:61:6c:b3:51:c5:
47:e8:c7:b7:64:39:c8:21:80:9a:3b:82:4c:78:83:a9:97:f7:
25:6c:57:58
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIvQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjMw
NDExNTNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKENEMjE4MUI1RjVBOTBE
RkU0RDk1NTIxMjdBNEM4QTk5MEQ4MUUzOTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCPMwvSChwXOIPKkhKRiOSaKMgpFlEDEN+gktDAyik6ciAFeIk
SGZVRHVr/zLBfnA5fDgvhOVTGPYprcsCQTFAqkZjRUwiUFH9vtz9nYwQZ8C1fokx
HNdkcStUvXtwWQ+75WkeANsK8P4zqerPmc1HkRDrXfwqNHurSboB9sdunsZlKdt9
ImGAQ8sV11Ts8RAOrD/Ae/fSkZv0gj6bXnyqeKxoHIRAZvcnMkopzAGNnSlD2eMr
9VeJk55K04r8AxA8eGas+vOkYkI2UgS+X/jMoXbk6J//pB6km/k+yfZKvJZyPYXL
jQ/Nh+bhB/S3i7iIlIeu7EHerwMnG3c7x549AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUzSGBtfWpDf5NlVISekyKmQ2B45UwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni96U0dCdGZXcERmNU5sVklT
ZWt5S21RMkI0NVUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAGfFLsaaXgyPs12QFFlF0UZB1YRfFx5cgQ5C
+vyLLyz1tfNKZdBbERSmzot6sWF70urZ3CT2TJg2lqxDdSFX9eCK2AVEzM5kscQB
nDM7uXXhSdrDDXHK07VCww0ybVunI5QJ+5p2PSDi36MK8hspc4ZN12DcD86Hl8pU
1V38TYxzLyk1LIIEVvA6/fMwyv88tiEZdNyIUW+kFxUfOpYNE6tHHt4GgHBg9iWN
bAfmBoaISONBQtTZ/kLyS6KFfIV14tIhDnOus1d7juAxkphtUhLnBuSrJxQYMJ+X
Nzrn4szpxgPEJ5lhbLNRxUfox7dkOcghgJo7gkx4g6mX9yVsV1g=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:51 2025 by rpki-client