Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/KQpXEcPibvrIwszAscP4g9OpVQo.roa
File: KQpXEcPibvrIwszAscP4g9OpVQo.roa (raw, json)
Hash identifier: uOTOOxja13E9FQShA9HMHYggfvZHqEWCiohulFykW2o=
Subject key identifier: 29:0A:57:11:C3:E2:6E:FA:C8:C2:CC:C0:B1:C3:F8:83:D3:A9:55:0A
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 08F8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KQpXEcPibvrIwszAscP4g9OpVQo.roa
Signing time: Mon 19 May 2025 01:08:08 +0000
ROA not before: Mon 19 May 2025 01:08:08 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2296 (0x8f8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 19 01:08:08 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=290A5711C3E26EFAC8C2CCC0B1C3F883D3A9550A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:ab:c4:02:cf:06:f8:05:b8:35:44:79:61:bd:
4c:83:0b:8e:b7:6b:1f:9b:45:eb:91:c6:51:2f:c5:
73:b0:73:7b:4d:57:2b:a8:a7:72:9b:68:8f:32:51:
f1:f1:85:a6:fc:64:c1:00:39:61:b1:75:97:47:a0:
e0:8b:2b:c5:d4:aa:b1:8c:51:59:b9:f9:ac:dd:47:
dd:ca:9d:90:bd:0b:4a:65:d1:3b:6c:3f:45:08:b4:
52:96:2e:1e:7e:6e:ca:99:c6:50:ff:d7:3d:d8:2f:
ad:ab:c6:ad:c1:64:40:29:0a:5b:3b:26:f8:f7:b8:
1b:de:54:b1:7c:79:32:46:57:6a:30:e1:38:b9:77:
d0:b9:67:e2:8a:64:b4:9d:d2:62:18:42:1b:e3:6d:
fa:f3:fb:c4:62:1a:ae:2c:76:75:94:47:c4:6e:5f:
28:5d:a1:0c:ea:9d:ed:ab:9d:a9:23:8f:75:52:01:
89:c6:84:52:a6:16:06:eb:ce:ab:5a:1a:4a:d3:c0:
ec:46:ed:fa:d3:3f:b4:d6:8a:2b:25:ae:d4:6a:54:
d3:39:13:57:1f:6d:d6:88:dc:02:51:a6:f3:01:f7:
6d:74:64:2c:22:02:e4:b4:a7:92:07:21:b8:f4:18:
fd:02:c6:24:d9:25:97:d1:1c:aa:ca:85:27:07:e3:
e1:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:0A:57:11:C3:E2:6E:FA:C8:C2:CC:C0:B1:C3:F8:83:D3:A9:55:0A
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KQpXEcPibvrIwszAscP4g9OpVQo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
43:6e:8d:11:16:e5:ec:29:ec:42:14:97:fd:80:33:d9:cf:01:
d5:2b:72:23:b2:85:56:92:fd:72:3f:8a:70:c5:6c:cc:b3:34:
e8:57:68:12:07:bd:27:73:1f:74:a2:ab:51:7f:e1:95:ef:3f:
0a:b5:d3:f6:f9:f2:ea:41:e7:8a:eb:b7:e4:6e:14:18:d9:d9:
06:ee:a8:d4:ab:58:43:f9:be:21:a0:36:21:6f:e1:c7:9a:99:
df:b4:ec:02:20:a0:2d:59:e9:ff:6a:6e:14:8a:5c:90:33:43:
81:4a:4a:1f:1e:b5:93:ce:af:e3:97:7e:4a:ea:44:3a:bc:b0:
f4:69:5e:ba:80:c2:92:4a:e5:ec:16:59:95:9f:95:56:6f:5a:
86:ca:f1:ac:34:a1:da:dc:ac:c6:85:e2:04:d1:7c:86:9d:4b:
34:3b:bb:5f:9c:d3:7c:1e:81:97:52:ae:19:27:56:74:6c:29:
bb:12:9f:e2:e8:ee:77:47:e0:57:55:2c:c1:9f:c2:51:f3:b5:
89:4c:76:1e:63:94:18:d0:f8:47:f0:29:db:59:35:ff:f4:a3:
97:0e:7e:71:b8:66:ea:56:ea:a0:45:9f:26:9f:bd:e0:5f:71:
3a:68:83:e5:df:54:f1:94:30:57:8c:86:b3:be:5b:4a:f6:42:
22:4c:cf:39
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICCPgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTkw
MTA4MDhaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDI5MEE1NzExQzNFMjZF
RkFDOEMyQ0NDMEIxQzNGODgzRDNBOTU1MEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4q8QCzwb4Bbg1RHlhvUyDC463ax+bReuRxlEvxXOwc3tNVyuo
p3KbaI8yUfHxhab8ZMEAOWGxdZdHoOCLK8XUqrGMUVm5+azdR93KnZC9C0pl0Tts
P0UItFKWLh5+bsqZxlD/1z3YL62rxq3BZEApCls7Jvj3uBveVLF8eTJGV2ow4Ti5
d9C5Z+KKZLSd0mIYQhvjbfrz+8RiGq4sdnWUR8RuXyhdoQzqne2rnakjj3VSAYnG
hFKmFgbrzqtaGkrTwOxG7frTP7TWiislrtRqVNM5E1cfbdaI3AJRpvMB9210ZCwi
AuS0p5IHIbj0GP0CxiTZJZfRHKrKhScH4+H1AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUKQpXEcPibvrIwszAscP4g9OpVQowHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9LUXBYRWNQaWJ2ckl3c3pB
c2NQNGc5T3BWUW8ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAENujREW5ewp7EIUl/2AM9nPAdUrciOyhVaS
/XI/inDFbMyzNOhXaBIHvSdzH3Siq1F/4ZXvPwq10/b58upB54rrt+RuFBjZ2Qbu
qNSrWEP5viGgNiFv4ceamd+07AIgoC1Z6f9qbhSKXJAzQ4FKSh8etZPOr+OXfkrq
RDq8sPRpXrqAwpJK5ewWWZWflVZvWobK8aw0odrcrMaF4gTRfIadSzQ7u1+c03we
gZdSrhknVnRsKbsSn+Lo7ndH4FdVLMGfwlHztYlMdh5jlBjQ+EfwKdtZNf/0o5cO
fnG4ZupW6qBFnyafveBfcTpog+XfVPGUMFeMhrO+W0r2QiJMzzk=
-----END CERTIFICATE-----
Generated at Sat Jun 21 17:57:51 2025 by rpki-client