Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/--kbjGtOqn4A3oxDuosiYsjHmXo.roa
File: --kbjGtOqn4A3oxDuosiYsjHmXo.roa (raw, json)
Hash identifier: jxUHFg+Zb3ijHzj4NSBOnK5y/49PmD0x3xtc4hsWjjc=
Subject key identifier: FB:E9:1B:8C:6B:4E:AA:7E:00:DE:8C:43:BA:8B:22:62:C8:C7:99:7A
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 18D8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/--kbjGtOqn4A3oxDuosiYsjHmXo.roa
Signing time: Mon 09 Jun 2025 05:09:36 +0000
ROA not before: Mon 09 Jun 2025 05:09:36 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6360 (0x18d8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 9 05:09:36 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=FBE91B8C6B4EAA7E00DE8C43BA8B2262C8C7997A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:30:ab:08:9b:ad:89:d1:b3:dc:d2:2e:2f:6d:
79:fd:c0:66:17:b0:ce:0f:55:c9:59:fe:38:39:52:
5f:82:16:d4:c9:04:ab:f5:ce:9e:73:36:e1:77:69:
a7:0c:fd:f0:f7:04:92:21:40:ce:63:f3:78:af:a0:
f9:6f:27:13:81:cd:d3:9b:81:57:8e:c3:30:1d:3f:
e0:8c:fd:bb:5a:7b:8e:2c:bf:2d:c0:65:b8:dc:60:
d5:7a:bc:e2:be:a4:2b:86:1e:b8:62:e9:44:28:d4:
79:71:65:63:a7:af:e9:c7:82:62:ab:74:2d:fc:47:
c3:e9:12:54:bb:64:26:d4:42:1a:4c:fd:d6:f7:46:
28:b9:cc:b4:87:5b:95:a9:91:22:bd:27:a0:63:ac:
a3:93:01:b1:7d:40:9b:1b:f4:d3:2c:42:ef:c4:77:
71:b0:bc:6a:24:fd:aa:1a:e6:f7:ce:37:c5:47:16:
e2:01:73:d3:92:9a:0b:8d:df:89:1c:c6:71:a6:e7:
7e:28:28:09:46:ac:d0:22:81:b9:5f:c7:0e:ff:8d:
33:4b:99:a2:12:95:3f:1d:34:58:15:9f:21:07:6b:
d7:d7:f4:d0:cf:73:0f:1e:d8:60:cb:ce:2e:44:dd:
d2:8e:fe:53:b6:73:89:3b:fa:72:f7:92:63:b3:92:
36:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:E9:1B:8C:6B:4E:AA:7E:00:DE:8C:43:BA:8B:22:62:C8:C7:99:7A
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/--kbjGtOqn4A3oxDuosiYsjHmXo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
49:96:8c:d3:f2:2e:84:85:41:66:e4:89:18:3a:70:68:c1:c1:
76:ff:c1:25:c4:d6:f5:42:95:40:36:c9:40:8d:34:75:25:97:
4c:fa:43:8c:2f:1f:fd:3c:10:56:dc:b8:90:fd:a9:92:fc:6d:
d6:4c:59:b7:4c:34:5f:21:c1:6f:dd:b5:f9:52:73:ce:48:7a:
d0:08:21:9d:29:a7:f8:9e:6e:a1:1d:b5:aa:4c:20:17:79:b4:
d8:ea:6f:5a:a4:62:2e:9e:b5:72:68:30:ff:ea:d2:62:5d:1e:
9b:38:8d:71:a9:9f:b6:c3:bf:68:aa:4a:26:68:ec:ff:fc:58:
57:56:f1:7e:21:94:09:de:6b:86:9e:d5:eb:b7:57:86:c2:4c:
5b:fe:89:c7:69:8a:28:d6:8f:e7:7e:2f:a1:d3:00:a5:c4:55:
64:f3:d8:89:06:1c:5a:8d:90:a5:55:64:c2:a0:43:13:f2:08:
75:b8:f3:de:9e:86:2e:be:04:cf:b1:b8:c9:a8:0d:ff:26:9a:
fc:3b:57:3c:7d:a2:8e:34:bd:4d:f1:12:64:84:f3:55:5b:43:
de:79:5e:97:59:49:18:39:01:53:7c:17:56:13:93:6f:be:dc:
9e:84:28:c5:b4:a5:5d:f0:c3:a5:53:44:29:59:24:45:01:5b:
62:5f:a7:5d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGNgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDkw
NTA5MzZaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEZCRTkxQjhDNkI0RUFB
N0UwMERFOEM0M0JBOEIyMjYyQzhDNzk5N0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzMKsIm62J0bPc0i4vbXn9wGYXsM4PVclZ/jg5Ul+CFtTJBKv1
zp5zNuF3aacM/fD3BJIhQM5j83ivoPlvJxOBzdObgVeOwzAdP+CM/btae44svy3A
ZbjcYNV6vOK+pCuGHrhi6UQo1HlxZWOnr+nHgmKrdC38R8PpElS7ZCbUQhpM/db3
Rii5zLSHW5WpkSK9J6BjrKOTAbF9QJsb9NMsQu/Ed3GwvGok/aoa5vfON8VHFuIB
c9OSmguN34kcxnGm534oKAlGrNAigblfxw7/jTNLmaISlT8dNFgVnyEHa9fX9NDP
cw8e2GDLzi5E3dKO/lO2c4k7+nL3kmOzkjZtAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU++kbjGtOqn4A3oxDuosiYsjHmXowHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni8tLWtiakd0T3FuNEEzb3hE
dW9zaVlzakhtWG8ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAEmWjNPyLoSFQWbkiRg6cGjBwXb/wSXE1vVC
lUA2yUCNNHUll0z6Q4wvH/08EFbcuJD9qZL8bdZMWbdMNF8hwW/dtflSc85IetAI
IZ0pp/iebqEdtapMIBd5tNjqb1qkYi6etXJoMP/q0mJdHps4jXGpn7bDv2iqSiZo
7P/8WFdW8X4hlAnea4ae1eu3V4bCTFv+icdpiijWj+d+L6HTAKXEVWTz2IkGHFqN
kKVVZMKgQxPyCHW4896ehi6+BM+xuMmoDf8mmvw7Vzx9oo40vU3xEmSE81VbQ955
XpdZSRg5AVN8F1YTk2++3J6EKMW0pV3ww6VTRClZJEUBW2Jfp10=
-----END CERTIFICATE-----
Generated at Sat Jun 21 13:37:51 2025 by rpki-client