Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/Nkdr_OMdb4efEvlHJ-eyzc86T1g.roa
File: Nkdr_OMdb4efEvlHJ-eyzc86T1g.roa (raw, json)
Hash identifier: xzce2OBupWZCI5CNgkMa0YsdTyXMSzTxIXTV9cYn7Uw=
Subject key identifier: 36:47:6B:FC:E3:1D:6F:87:9F:12:F9:47:27:E7:B2:CD:CF:3A:4F:58
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1488
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Nkdr_OMdb4efEvlHJ-eyzc86T1g.roa
Signing time: Tue 03 Jun 2025 11:09:58 +0000
ROA not before: Tue 03 Jun 2025 11:09:58 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5256 (0x1488)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 3 11:09:58 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=36476BFCE31D6F879F12F94727E7B2CDCF3A4F58
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:4c:17:d5:43:21:db:13:ea:7d:bf:65:06:9b:
fd:bf:55:c5:c4:26:bc:4d:2d:7b:d0:ab:0c:71:19:
78:67:ab:9a:8c:d3:7e:17:c1:7a:82:59:dd:bc:d1:
b4:40:ad:46:5a:22:f7:b2:30:5d:8d:4f:35:59:cb:
8f:8c:52:08:32:1d:16:29:e6:b1:96:45:23:b3:2b:
e7:2a:9b:cd:a5:a2:c0:69:42:0d:d0:e0:1e:49:ac:
f2:4d:ff:5e:8d:21:14:be:10:7c:3e:6a:b4:4d:1a:
3e:5f:a8:e6:73:d6:92:94:e7:35:ba:0c:9c:d6:a6:
8c:d2:12:96:9f:96:1c:63:50:13:69:4f:71:9f:c8:
fe:34:c9:a7:ed:81:c5:e1:76:95:26:5c:04:14:c0:
19:20:fd:05:a5:3b:90:f5:ab:8c:d9:01:a5:e5:67:
21:50:a8:18:88:d3:a6:25:60:f7:a1:6a:7d:2e:a8:
ed:8c:ec:78:f3:8a:a3:0b:6a:d6:c8:bc:3e:dc:17:
73:9a:e7:d7:a2:0a:1d:87:82:15:4f:04:36:af:10:
f6:cd:ab:36:a6:d7:9b:4d:37:09:76:1f:7a:17:42:
4c:ca:f0:54:d7:9c:ec:97:bd:8f:65:9f:8e:39:37:
5c:83:dd:4e:b5:a7:d1:7e:71:dd:0c:50:34:6e:e7:
a7:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:47:6B:FC:E3:1D:6F:87:9F:12:F9:47:27:E7:B2:CD:CF:3A:4F:58
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Nkdr_OMdb4efEvlHJ-eyzc86T1g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
22:0a:27:2e:08:03:bb:a0:c1:62:91:d0:79:9a:d2:42:a0:ca:
fa:16:02:c8:f5:e6:b0:aa:3e:44:17:13:a4:50:ca:26:cf:f6:
56:dc:5c:3e:0d:94:fc:d8:c0:ba:32:15:68:71:5e:7c:68:d5:
be:e5:63:08:1e:62:35:71:96:c1:47:0a:81:04:bb:3d:47:ee:
2c:61:c8:c4:be:c8:ad:10:3c:f7:56:c6:f7:eb:ea:95:09:3b:
77:b7:e7:34:3d:84:d8:4e:e7:fd:1e:a1:2a:30:e6:e6:3d:be:
6c:fb:76:9b:0f:d9:3e:49:d2:a3:3d:5b:4e:cf:ed:ee:a5:7e:
48:9b:0b:42:b5:cf:ad:26:58:92:9c:13:68:4c:20:dc:9b:a5:
ca:14:54:fa:88:60:c5:c5:bc:67:8c:6b:bb:70:49:e8:31:61:
bf:1a:0b:54:fe:b8:fb:a1:19:19:42:77:d9:dc:5c:f7:ad:50:
e4:44:fe:76:60:79:6e:78:c9:d5:09:3a:25:cc:dd:7b:fd:64:
65:62:6c:3d:21:74:e2:de:3f:58:88:e7:fd:49:50:b8:5d:db:
5e:01:3b:f3:60:f7:f9:88:a1:cd:44:7b:5f:8f:ae:a6:f6:19:
7e:2a:89:6b:68:aa:5e:67:64:b3:cf:95:20:9c:2d:04:a6:f4:
53:d2:bc:a1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFIgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDMx
MTA5NThaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDM2NDc2QkZDRTMxRDZG
ODc5RjEyRjk0NzI3RTdCMkNEQ0YzQTRGNTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOTBfVQyHbE+p9v2UGm/2/VcXEJrxNLXvQqwxxGXhnq5qM034X
wXqCWd280bRArUZaIveyMF2NTzVZy4+MUggyHRYp5rGWRSOzK+cqm82losBpQg3Q
4B5JrPJN/16NIRS+EHw+arRNGj5fqOZz1pKU5zW6DJzWpozSEpaflhxjUBNpT3Gf
yP40yaftgcXhdpUmXAQUwBkg/QWlO5D1q4zZAaXlZyFQqBiI06YlYPehan0uqO2M
7HjziqMLatbIvD7cF3Oa59eiCh2HghVPBDavEPbNqzam15tNNwl2H3oXQkzK8FTX
nOyXvY9ln445N1yD3U61p9F+cd0MUDRu56crAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUNkdr/OMdb4efEvlHJ+eyzc86T1gwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9Oa2RyX09NZGI0ZWZFdmxI
Si1leXpjODZUMWcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACIKJy4IA7ugwWKR0Hma0kKgyvoWAsj15rCq
PkQXE6RQyibP9lbcXD4NlPzYwLoyFWhxXnxo1b7lYwgeYjVxlsFHCoEEuz1H7ixh
yMS+yK0QPPdWxvfr6pUJO3e35zQ9hNhO5/0eoSow5uY9vmz7dpsP2T5J0qM9W07P
7e6lfkibC0K1z60mWJKcE2hMINybpcoUVPqIYMXFvGeMa7twSegxYb8aC1T+uPuh
GRlCd9ncXPetUORE/nZgeW54ydUJOiXM3Xv9ZGVibD0hdOLeP1iI5/1JULhd214B
O/Ng9/mIoc1Ee1+Prqb2GX4qiWtoql5nZLPPlSCcLQSm9FPSvKE=
-----END CERTIFICATE-----
Generated at Fri Jun 20 23:07:03 2025 by rpki-client