Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/-cg8-nyIWaH1Z15OZHvllgOiQLs.roa
File: -cg8-nyIWaH1Z15OZHvllgOiQLs.roa (raw, json)
Hash identifier: Vq1VaMbiPh5SgEkpzMbqSkypcf83sP9ukoKFRWzAifs=
Subject key identifier: F9:C8:3C:FA:7C:88:59:A1:F5:67:5E:4E:64:7B:E5:96:03:A2:40:BB
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0AA8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/-cg8-nyIWaH1Z15OZHvllgOiQLs.roa
Signing time: Wed 21 May 2025 07:08:20 +0000
ROA not before: Wed 21 May 2025 07:08:20 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2728 (0xaa8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 21 07:08:20 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=F9C83CFA7C8859A1F5675E4E647BE59603A240BB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:fe:b7:e1:ae:f1:7f:9b:ed:ab:ca:c4:b8:00:
1a:be:bc:9e:40:cd:e8:42:82:68:85:7c:90:54:b9:
d7:31:03:9f:38:81:ae:c0:c3:e5:cb:52:43:ca:09:
70:e7:f8:d1:71:eb:04:0e:ba:0c:f3:87:1e:bd:c9:
0e:64:90:4b:6a:82:11:e9:b9:53:5f:36:28:9b:1d:
73:78:d5:d0:88:61:94:7e:14:fc:4c:a5:f2:64:58:
9f:df:f4:c5:f0:e8:7a:f5:d2:8c:45:06:46:5e:04:
72:81:d9:92:66:5d:71:eb:89:26:de:75:3a:05:3c:
46:6b:cf:0e:2a:0e:0d:bb:bd:e7:af:18:27:81:25:
0b:14:2c:81:77:8a:9a:48:ab:3a:c6:1b:b8:e2:88:
dc:c3:44:e3:e4:f2:d1:c4:9b:e6:2f:73:d8:c8:b4:
a5:fc:92:37:83:1d:02:86:ea:11:29:6b:a8:70:45:
ec:e5:2e:11:1e:1b:b7:75:20:fc:e1:c0:d9:e8:03:
a8:2b:5d:5f:24:4d:67:5e:5b:37:ca:4c:5f:19:04:
df:61:7f:4f:2b:23:f9:39:95:73:d1:1f:47:49:6f:
3b:ea:58:e1:df:e3:a1:e6:1e:ad:08:10:84:10:34:
7d:55:ea:2f:96:ab:c3:af:a0:25:51:27:54:bd:7e:
79:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:C8:3C:FA:7C:88:59:A1:F5:67:5E:4E:64:7B:E5:96:03:A2:40:BB
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/-cg8-nyIWaH1Z15OZHvllgOiQLs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
42:99:0d:c7:2a:7b:d4:8b:56:43:82:93:f4:58:e3:7b:83:85:
a9:b0:6f:f2:99:7d:9f:12:99:94:e1:4f:4e:ab:f9:89:18:13:
3a:a6:98:e7:42:e6:62:c8:39:55:e5:96:05:c6:4c:28:0c:83:
ac:3a:1c:82:ed:4c:26:61:ae:90:0c:30:e7:2f:d7:6d:b0:af:
7a:0f:d8:6e:ac:71:a2:3c:9b:3d:ab:b6:7b:78:0d:d9:60:fd:
18:f3:03:1b:46:cf:73:49:1e:93:b9:9d:2c:28:df:a7:24:cd:
eb:e6:89:62:fa:63:c4:f6:5d:c5:7b:b0:ba:d6:75:8d:13:2b:
20:2b:07:71:63:19:fb:c1:55:8e:43:2b:38:f1:7c:84:65:ed:
9a:48:6d:0a:59:05:af:7c:1c:af:9e:54:8d:20:ad:58:d4:93:
3e:c1:bc:b8:a8:8f:9c:3a:2c:5e:aa:46:9e:81:ca:18:13:58:
11:60:d9:44:f8:b8:d4:05:0b:03:f5:58:cb:37:73:a1:2e:4d:
06:b9:db:a0:a4:99:15:55:24:b6:0b:1c:71:95:78:4e:a1:68:
d1:fc:21:18:2f:3e:e2:8c:a7:ea:24:a8:29:59:5c:5d:a0:06:
0c:54:1b:be:bb:b9:97:c2:c3:0a:96:38:bd:3d:dd:c8:82:45:
8c:38:28:66
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICCqgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjEw
NzA4MjBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEY5QzgzQ0ZBN0M4ODU5
QTFGNTY3NUU0RTY0N0JFNTk2MDNBMjQwQkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCm/rfhrvF/m+2rysS4ABq+vJ5AzehCgmiFfJBUudcxA584ga7A
w+XLUkPKCXDn+NFx6wQOugzzhx69yQ5kkEtqghHpuVNfNiibHXN41dCIYZR+FPxM
pfJkWJ/f9MXw6Hr10oxFBkZeBHKB2ZJmXXHriSbedToFPEZrzw4qDg27veevGCeB
JQsULIF3ippIqzrGG7jiiNzDROPk8tHEm+Yvc9jItKX8kjeDHQKG6hEpa6hwRezl
LhEeG7d1IPzhwNnoA6grXV8kTWdeWzfKTF8ZBN9hf08rI/k5lXPRH0dJbzvqWOHf
46HmHq0IEIQQNH1V6i+Wq8OvoCVRJ1S9fnlHAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU+cg8+nyIWaH1Z15OZHvllgOiQLswHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni8tY2c4LW55SVdhSDFaMTVP
Wkh2bGxnT2lRTHMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAEKZDccqe9SLVkOCk/RY43uDhamwb/KZfZ8S
mZThT06r+YkYEzqmmOdC5mLIOVXllgXGTCgMg6w6HILtTCZhrpAMMOcv122wr3oP
2G6scaI8mz2rtnt4Ddlg/RjzAxtGz3NJHpO5nSwo36ckzevmiWL6Y8T2XcV7sLrW
dY0TKyArB3FjGfvBVY5DKzjxfIRl7ZpIbQpZBa98HK+eVI0grVjUkz7BvLioj5w6
LF6qRp6ByhgTWBFg2UT4uNQFCwP1WMs3c6EuTQa526CkmRVVJLYLHHGVeE6haNH8
IRgvPuKMp+okqClZXF2gBgxUG767uZfCwwqWOL093ciCRYw4KGY=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:54:36 2025 by rpki-client