Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/KDHY46BtxwkbZS7VY6SOaPF97TI.roa
File: KDHY46BtxwkbZS7VY6SOaPF97TI.roa (raw, json)
Hash identifier: a6cISfG0rNUlPfsLIfTD4/a+GqGd/McU1hAQykEn+Ko=
Subject key identifier: 28:31:D8:E3:A0:6D:C7:09:1B:65:2E:D5:63:A4:8E:68:F1:7D:ED:32
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1718
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KDHY46BtxwkbZS7VY6SOaPF97TI.roa
Signing time: Fri 06 Jun 2025 21:09:27 +0000
ROA not before: Fri 06 Jun 2025 21:09:27 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5912 (0x1718)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 6 21:09:27 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=2831D8E3A06DC7091B652ED563A48E68F17DED32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:3b:08:d0:a1:8e:e4:e9:e3:d9:ec:d8:aa:d4:
a0:88:9d:8c:28:9c:fa:fc:a5:fd:9f:dc:47:a3:f8:
9a:ac:4e:21:ab:0f:84:58:38:1b:ae:37:1e:7f:3c:
a3:33:0f:4f:d6:4d:f9:5f:1f:ae:36:04:74:5b:de:
f1:0c:14:d9:0d:44:10:18:3b:f6:06:b9:7b:d7:d1:
8f:7e:b7:17:17:49:e9:49:3a:9e:b6:e8:21:72:25:
e7:6f:c7:b2:7d:bc:9a:ec:6f:c3:7e:78:0d:b3:f0:
9b:45:7a:01:8a:e6:02:51:1b:ca:46:9f:d2:c7:9b:
7a:34:25:1e:35:60:72:9e:ed:d5:c4:4d:1c:f8:9f:
e9:84:b6:2c:08:ea:e6:4b:cd:e9:4f:b6:d9:f6:67:
e2:c0:bb:f3:e8:40:85:29:65:7e:8e:aa:ee:3a:a9:
c4:53:7a:65:1c:4b:66:aa:03:d5:10:2e:7c:c0:ff:
31:a0:fe:30:dd:56:e0:1b:41:fd:b6:71:ca:3c:d1:
26:e8:7e:97:84:2c:1c:03:e6:f0:12:86:d8:e3:29:
03:4c:4d:25:8c:55:01:e5:3d:43:f9:d9:4a:97:de:
45:b1:c3:22:48:fc:fa:d4:ad:81:f1:df:d6:9b:71:
ee:2b:48:2b:69:8d:29:6f:15:db:50:38:ee:11:da:
15:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:31:D8:E3:A0:6D:C7:09:1B:65:2E:D5:63:A4:8E:68:F1:7D:ED:32
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KDHY46BtxwkbZS7VY6SOaPF97TI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
58:40:ac:be:a2:08:0c:f3:16:1b:31:b6:71:e5:0c:77:d6:ef:
ea:cb:a2:12:78:7d:92:e2:42:5f:cf:21:27:50:8d:25:1a:4e:
d9:23:b3:80:17:98:24:d7:0d:c4:ff:b4:6c:3d:cf:d8:ac:e7:
b8:12:02:6f:c1:28:af:e7:c1:43:d1:69:0e:ec:a7:13:ed:3a:
fe:f8:5b:2c:d4:2e:51:48:45:9a:8b:86:7e:57:00:0e:0a:94:
a7:18:2b:d7:26:bc:0d:f8:5d:c8:b7:0d:2f:b1:9f:9a:88:79:
df:e1:92:6b:23:40:21:a5:80:91:58:23:14:52:22:de:63:fa:
03:c1:34:db:4e:74:68:fa:67:a6:c1:59:a5:aa:78:7e:bf:b1:
88:66:b5:a2:a2:44:9a:56:b4:4c:1a:b5:42:14:6e:6c:c1:75:
8c:79:e6:74:d9:0a:1f:21:11:5a:99:8b:ec:34:36:a5:87:89:
f1:64:91:72:6e:4f:72:55:b5:d0:cf:80:53:4c:e8:ae:c5:2d:
13:7c:22:56:a3:a9:0a:8b:73:fa:cf:5f:d0:41:c0:79:72:18:
dc:88:c5:77:5d:ee:58:b5:34:a2:07:1f:53:9e:9f:e0:f6:b2:
d5:b3:c8:aa:fd:66:9d:0b:99:31:6e:a7:c0:24:a7:f8:63:ce:
7f:0f:61:9d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFxgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDYy
MTA5MjdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDI4MzFEOEUzQTA2REM3
MDkxQjY1MkVENTYzQTQ4RTY4RjE3REVEMzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhOwjQoY7k6ePZ7Niq1KCInYwonPr8pf2f3Eej+JqsTiGrD4RY
OBuuNx5/PKMzD0/WTflfH642BHRb3vEMFNkNRBAYO/YGuXvX0Y9+txcXSelJOp62
6CFyJedvx7J9vJrsb8N+eA2z8JtFegGK5gJRG8pGn9LHm3o0JR41YHKe7dXETRz4
n+mEtiwI6uZLzelPttn2Z+LAu/PoQIUpZX6Oqu46qcRTemUcS2aqA9UQLnzA/zGg
/jDdVuAbQf22cco80SbofpeELBwD5vAShtjjKQNMTSWMVQHlPUP52UqX3kWxwyJI
/PrUrYHx39abce4rSCtpjSlvFdtQOO4R2hVlAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUKDHY46BtxwkbZS7VY6SOaPF97TIwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9LREhZNDZCdHh3a2JaUzdW
WTZTT2FQRjk3VEkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAFhArL6iCAzzFhsxtnHlDHfW7+rLohJ4fZLi
Ql/PISdQjSUaTtkjs4AXmCTXDcT/tGw9z9is57gSAm/BKK/nwUPRaQ7spxPtOv74
WyzULlFIRZqLhn5XAA4KlKcYK9cmvA34Xci3DS+xn5qIed/hkmsjQCGlgJFYIxRS
It5j+gPBNNtOdGj6Z6bBWaWqeH6/sYhmtaKiRJpWtEwatUIUbmzBdYx55nTZCh8h
EVqZi+w0NqWHifFkkXJuT3JVtdDPgFNM6K7FLRN8IlajqQqLc/rPX9BBwHlyGNyI
xXdd7li1NKIHH1Oen+D2stWzyKr9Zp0LmTFup8Akp/hjzn8PYZ0=
-----END CERTIFICATE-----
Generated at Fri Jun 20 14:38:21 2025 by rpki-client