Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/y-lgcw3ezqn5csnBsXoxDLsV9os.roa
File: y-lgcw3ezqn5csnBsXoxDLsV9os.roa (raw, json)
Hash identifier: 4tLPQlFDPSbW2ATYvgnfiIDJP9bFsIvaRGOUKMV474I=
Subject key identifier: CB:E9:60:73:0D:DE:CE:A9:F9:72:C9:C1:B1:7A:31:0C:BB:15:F6:8B
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0174
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/y-lgcw3ezqn5csnBsXoxDLsV9os.roa
Signing time: Fri 09 May 2025 00:38:13 +0000
ROA not before: Fri 09 May 2025 00:38:13 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 372 (0x174)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 9 00:38:13 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=CBE960730DDECEA9F972C9C1B17A310CBB15F68B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:38:11:f5:1e:69:9d:dd:73:cd:a3:eb:d6:4c:
aa:1f:35:bf:5d:6e:e9:5f:a3:e8:95:77:20:df:4b:
97:2c:74:71:08:49:f3:8e:39:62:0e:02:96:04:82:
75:ab:a9:d9:6e:8f:99:b8:b3:67:93:9b:9d:bc:70:
5a:c2:3f:e1:35:29:64:3c:53:12:f7:6d:e0:d3:bc:
7c:cc:43:55:bc:37:1a:3f:c8:ba:1d:c8:83:8f:81:
e7:5e:db:b6:c6:c1:79:d0:19:fe:0a:67:ac:7a:af:
d8:7c:ea:cb:13:64:d6:ab:59:31:8c:32:39:0b:e3:
47:33:b7:f2:23:5c:54:a3:b6:f7:7f:de:3e:68:54:
31:63:9a:50:b6:70:91:1c:c9:bf:42:d2:d3:56:0d:
d0:d0:7b:49:8b:d6:0e:dd:90:ed:ce:ec:54:a7:8b:
c8:de:ec:5c:15:c1:24:84:ff:b8:6e:a2:c4:bd:ec:
af:32:01:b2:ae:c1:c6:b8:75:a2:1b:46:f2:44:40:
80:65:fd:2e:8b:3a:0f:06:6f:8c:74:b0:d4:fa:e0:
7a:28:f1:de:73:e4:a2:03:b0:a6:44:3f:ba:ba:c5:
96:55:7b:82:d6:c8:05:db:67:eb:83:fd:94:1a:6b:
5a:c5:23:13:d4:93:82:a4:7b:c8:28:46:ae:27:c4:
d9:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:E9:60:73:0D:DE:CE:A9:F9:72:C9:C1:B1:7A:31:0C:BB:15:F6:8B
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/y-lgcw3ezqn5csnBsXoxDLsV9os.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
85:c4:fe:37:e3:23:ca:c0:28:36:10:6d:7f:39:87:48:0f:f8:
c8:20:ce:42:59:e5:15:b5:24:ac:55:2d:96:11:8d:32:1c:18:
ad:7a:48:98:e2:31:71:7a:16:c2:de:e8:60:46:58:e9:af:b7:
28:36:cf:f3:03:9f:c4:29:81:34:e3:1a:6f:3b:56:71:cf:17:
45:65:92:6b:ab:80:4f:e2:28:4b:49:a9:49:12:b6:61:89:4a:
72:fe:f7:7c:57:12:4c:ba:19:7d:2a:7f:ed:72:8b:e7:c9:4d:
98:cc:c7:d0:6f:08:cb:31:00:c4:3d:37:7c:b0:36:51:61:3c:
1f:87:13:df:c7:cb:83:07:2c:81:48:45:fd:b6:79:c8:8a:31:
11:e2:76:28:b9:6b:27:45:3d:d3:c8:70:e2:d5:b5:d3:b2:d3:
d5:02:44:80:9f:91:f8:7c:1a:30:3e:95:67:ea:37:cc:59:2b:
30:b6:be:d2:b1:4b:9a:3d:ef:3b:29:9e:1b:9e:41:5b:0f:d0:
a7:7c:a7:37:da:9c:ba:40:a9:9b:59:2e:64:d0:5b:8b:1f:e5:
e2:49:ca:a7:a4:4a:fc:12:cd:64:19:f9:ed:31:25:8e:c1:9a:
1a:b7:3e:ad:be:cc:be:c3:12:0e:64:a9:74:78:06:fa:87:8f:
6a:b3:49:7e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAXQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MDkw
MDM4MTNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKENCRTk2MDczMERERUNF
QTlGOTcyQzlDMUIxN0EzMTBDQkIxNUY2OEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDnOBH1Hmmd3XPNo+vWTKofNb9dbulfo+iVdyDfS5csdHEISfOO
OWIOApYEgnWrqdluj5m4s2eTm528cFrCP+E1KWQ8UxL3beDTvHzMQ1W8Nxo/yLod
yIOPgede27bGwXnQGf4KZ6x6r9h86ssTZNarWTGMMjkL40czt/IjXFSjtvd/3j5o
VDFjmlC2cJEcyb9C0tNWDdDQe0mL1g7dkO3O7FSni8je7FwVwSSE/7huosS97K8y
AbKuwca4daIbRvJEQIBl/S6LOg8Gb4x0sNT64Hoo8d5z5KIDsKZEP7q6xZZVe4LW
yAXbZ+uD/ZQaa1rFIxPUk4Kke8goRq4nxNlnAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUy+lgcw3ezqn5csnBsXoxDLsV9oswHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni95LWxnY3czZXpxbjVjc25C
c1hveERMc1Y5b3Mucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIXE/jfjI8rAKDYQbX85h0gP+MggzkJZ5RW1
JKxVLZYRjTIcGK16SJjiMXF6FsLe6GBGWOmvtyg2z/MDn8QpgTTjGm87VnHPF0Vl
kmurgE/iKEtJqUkStmGJSnL+93xXEky6GX0qf+1yi+fJTZjMx9BvCMsxAMQ9N3yw
NlFhPB+HE9/Hy4MHLIFIRf22eciKMRHidii5aydFPdPIcOLVtdOy09UCRICfkfh8
GjA+lWfqN8xZKzC2vtKxS5o97zspnhueQVsP0Kd8pzfanLpAqZtZLmTQW4sf5eJJ
yqekSvwSzWQZ+e0xJY7Bmhq3Pq2+zL7DEg5kqXR4BvqHj2qzSX4=
-----END CERTIFICATE-----
Generated at Sun May 18 04:25:53 2025 by rpki-client