Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/0KxUCV6wSWeu-DfuEqWlLVhmTLg.roa
File: 0KxUCV6wSWeu-DfuEqWlLVhmTLg.roa (raw, json)
Hash identifier: 2ruIQhcBwGzq4sjNWCsWQC18rrxGTJvOOOfBhacL5kA=
Subject key identifier: D0:AC:54:09:5E:B0:49:67:AE:F8:37:EE:12:A5:A5:2D:58:66:4C:B8
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0358
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/0KxUCV6wSWeu-DfuEqWlLVhmTLg.roa
Signing time: Sun 11 May 2025 13:07:50 +0000
ROA not before: Sun 11 May 2025 13:07:50 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 856 (0x358)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 11 13:07:50 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=D0AC54095EB04967AEF837EE12A5A52D58664CB8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:11:34:18:d9:d0:63:ac:ca:12:38:ab:73:9b:
e9:76:bd:29:06:7d:20:6e:e7:15:ce:1b:6f:77:ae:
f0:9a:05:ce:c1:92:16:20:c4:d9:99:46:ab:2b:98:
5c:64:95:85:cb:81:54:12:cb:5b:8a:e8:e5:c7:ea:
b3:97:09:21:af:9a:8b:df:32:63:05:38:8a:19:06:
cd:04:6d:3b:64:25:f7:ce:2e:9f:d5:55:4e:e7:60:
8a:82:b8:13:44:75:b3:32:9d:80:67:96:17:f4:c2:
7b:9d:b1:45:b9:a3:16:58:b5:6e:6a:7a:26:02:de:
43:db:9d:87:26:4e:cc:ec:69:cf:0c:a3:9e:fc:b4:
1a:65:b2:aa:c5:7c:a3:f5:51:18:21:1d:b4:27:e2:
05:0f:d1:e7:3b:b2:43:89:0b:4f:1d:3c:98:0e:b4:
5c:44:e4:93:12:0f:7a:27:7a:02:05:38:4c:42:f2:
7e:02:6c:94:d7:8f:8c:af:89:91:8c:8a:54:31:97:
0e:55:74:5e:8f:aa:34:c1:e0:76:18:08:bb:d5:28:
43:cb:f9:ec:e7:26:54:d8:d9:19:be:b4:c6:ec:4c:
c9:c3:4a:f1:ed:65:51:a6:58:0d:cb:e7:12:83:71:
cc:8a:cd:38:e8:f9:dc:00:41:dd:cd:9e:a8:84:84:
0e:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:AC:54:09:5E:B0:49:67:AE:F8:37:EE:12:A5:A5:2D:58:66:4C:B8
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/0KxUCV6wSWeu-DfuEqWlLVhmTLg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2d:eb:f5:1b:47:bd:34:0e:be:40:3c:f3:d5:4f:0d:43:0e:c1:
90:b1:be:22:23:41:8d:1b:f4:da:7e:c1:3d:f4:f2:a8:7a:f1:
e6:37:f4:f5:87:6a:64:05:32:9e:7f:ed:3d:51:61:05:15:f5:
24:5f:ac:c8:50:f4:f0:b6:a0:2c:44:8e:3d:cf:73:30:d7:c7:
90:05:19:af:38:1d:73:36:af:2f:c3:27:2d:a6:65:31:7b:a6:
26:cb:a4:fc:a1:11:79:e1:cf:31:4c:c7:86:21:42:3d:5d:75:
9c:09:03:88:83:77:7b:6d:44:95:a0:88:60:ed:a4:70:25:f2:
05:26:77:f9:09:44:02:66:99:8c:0c:6e:ac:4f:03:42:28:20:
20:b6:10:7e:aa:07:bd:16:bc:53:fb:ba:0d:cc:d0:e2:51:c7:
f9:9a:80:01:0c:bf:ea:d7:8c:d5:c0:bc:68:8a:7f:aa:7b:ea:
8c:1e:1b:89:2b:6e:38:b5:54:4d:65:9e:84:81:4a:4b:bd:26:
80:ba:af:d4:89:41:f4:ae:8e:93:3b:d5:47:1a:01:e5:44:f6:
ab:24:6e:0f:1d:17:8d:cc:87:3a:48:3f:15:50:43:61:a2:55:
94:03:30:08:93:b4:e9:e3:ad:52:63:87:17:00:0f:d6:63:0b:
0f:fe:95:4f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICA1gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTEx
MzA3NTBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEQwQUM1NDA5NUVCMDQ5
NjdBRUY4MzdFRTEyQTVBNTJENTg2NjRDQjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdETQY2dBjrMoSOKtzm+l2vSkGfSBu5xXOG293rvCaBc7BkhYg
xNmZRqsrmFxklYXLgVQSy1uK6OXH6rOXCSGvmovfMmMFOIoZBs0EbTtkJffOLp/V
VU7nYIqCuBNEdbMynYBnlhf0wnudsUW5oxZYtW5qeiYC3kPbnYcmTszsac8Mo578
tBplsqrFfKP1URghHbQn4gUP0ec7skOJC08dPJgOtFxE5JMSD3onegIFOExC8n4C
bJTXj4yviZGMilQxlw5VdF6PqjTB4HYYCLvVKEPL+eznJlTY2Rm+tMbsTMnDSvHt
ZVGmWA3L5xKDccyKzTjo+dwAQd3NnqiEhA6FAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU0KxUCV6wSWeu+DfuEqWlLVhmTLgwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni8wS3hVQ1Y2d1NXZXUtRGZ1
RXFXbExWaG1UTGcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAC3r9RtHvTQOvkA889VPDUMOwZCxviIjQY0b
9Np+wT308qh68eY39PWHamQFMp5/7T1RYQUV9SRfrMhQ9PC2oCxEjj3PczDXx5AF
Ga84HXM2ry/DJy2mZTF7pibLpPyhEXnhzzFMx4YhQj1ddZwJA4iDd3ttRJWgiGDt
pHAl8gUmd/kJRAJmmYwMbqxPA0IoICC2EH6qB70WvFP7ug3M0OJRx/magAEMv+rX
jNXAvGiKf6p76oweG4krbji1VE1lnoSBSku9JoC6r9SJQfSujpM71UcaAeVE9qsk
bg8dF43MhzpIPxVQQ2GiVZQDMAiTtOnjrVJjhxcAD9ZjCw/+lU8=
-----END CERTIFICATE-----
Generated at Sun Jun 22 13:43:04 2025 by rpki-client