Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/oZIcX8S0oXT5pT_XU9eada6nu9A.roa
File: oZIcX8S0oXT5pT_XU9eada6nu9A.roa (raw, json)
Hash identifier: 9AUwTUtYYUfNpTHtPy5IamjVu5XqLsuGLMmwEB6XyaA=
Subject key identifier: A1:92:1C:5F:C4:B4:A1:74:F9:A5:3F:D7:53:D7:9A:75:AE:A7:BB:D0
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0DEC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/oZIcX8S0oXT5pT_XU9eada6nu9A.roa
Signing time: Sun 25 May 2025 15:38:34 +0000
ROA not before: Sun 25 May 2025 15:38:34 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3564 (0xdec)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 25 15:38:34 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=A1921C5FC4B4A174F9A53FD753D79A75AEA7BBD0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:5e:63:40:b3:87:06:a6:f9:96:35:ab:2d:3d:
30:c6:62:5a:72:85:84:0a:1f:cb:9e:a9:54:0d:b4:
34:b0:42:a8:8f:bf:87:24:6d:f6:4a:99:ac:89:cf:
42:2b:1b:f8:54:8c:d7:b1:b1:7b:d2:a9:03:9f:b0:
27:cf:6b:da:8a:b0:ad:96:26:47:4f:5b:88:03:4f:
b5:09:e2:11:51:30:bd:2f:3b:2a:e8:fb:17:0e:2f:
04:bb:5f:ec:68:58:03:50:58:ba:e3:93:fc:b5:76:
3a:1a:70:08:cf:77:9c:30:ad:c0:66:0e:d3:97:c0:
cc:83:6f:a6:8f:30:f3:2c:78:13:27:5f:53:c7:8c:
9e:fe:25:ec:c7:1a:13:21:f4:39:31:4b:60:51:14:
bc:6a:8d:19:fc:f2:61:2b:dc:29:0f:93:1e:76:99:
85:49:47:76:9f:fd:1a:73:ac:29:9a:7a:ee:a6:66:
6f:2d:a1:6b:3a:b4:94:cf:6e:89:82:d2:60:2c:f2:
25:eb:d6:2d:23:73:34:f0:2f:09:b5:4c:ac:f5:28:
3a:c8:0d:42:89:81:9f:a2:a2:dd:79:ec:4d:8a:c2:
48:ce:58:ec:ad:24:5c:68:41:2e:10:9e:f4:f6:49:
f9:db:af:67:6b:e3:b7:a6:d7:fd:6c:fb:6c:05:be:
61:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:92:1C:5F:C4:B4:A1:74:F9:A5:3F:D7:53:D7:9A:75:AE:A7:BB:D0
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/oZIcX8S0oXT5pT_XU9eada6nu9A.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6d:28:f5:1e:d8:6b:22:e9:f0:77:bd:31:a5:88:68:85:7f:a0:
0a:3c:ec:9a:fc:ec:ac:2d:12:33:9c:b1:29:51:31:f8:71:f7:
9f:ac:74:e5:e5:ec:42:38:2d:56:14:a6:26:f6:51:7b:d1:dc:
3d:83:70:15:7d:72:27:05:a0:3f:66:bd:f7:55:9f:32:4b:2f:
3f:98:2c:8e:0b:b0:48:59:b5:7a:01:35:29:34:55:13:5f:80:
c5:79:b2:34:07:57:ee:dc:91:b1:e8:ca:ee:3e:68:79:3a:ba:
a9:b8:23:58:a9:9b:1e:54:62:3d:e2:97:d7:2d:1c:f9:d6:9d:
5c:e2:d7:14:c9:ed:d3:7f:4b:ab:7d:03:58:9e:88:72:0d:24:
20:66:74:79:fc:cf:9f:b2:0e:20:c7:59:91:13:8b:de:b8:2a:
8e:47:c3:f5:25:5d:dd:f8:bf:3e:ed:f3:e3:db:d5:73:5b:ae:
c2:e8:07:bf:9f:79:b7:cf:44:e5:27:7d:3e:a6:cb:cc:9a:c3:
b0:04:5f:bb:84:60:13:d0:24:89:04:89:ae:91:de:53:38:ed:
d3:9c:f4:b7:58:7f:4b:8f:62:06:54:1e:88:3b:a4:a7:db:18:
32:67:1f:b1:26:b8:82:8d:b2:b6:ad:63:bb:46:ce:14:0f:4a:
b3:12:93:d3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDewwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjUx
NTM4MzRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEExOTIxQzVGQzRCNEEx
NzRGOUE1M0ZENzUzRDc5QTc1QUVBN0JCRDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCqXmNAs4cGpvmWNastPTDGYlpyhYQKH8ueqVQNtDSwQqiPv4ck
bfZKmayJz0IrG/hUjNexsXvSqQOfsCfPa9qKsK2WJkdPW4gDT7UJ4hFRML0vOyro
+xcOLwS7X+xoWANQWLrjk/y1djoacAjPd5wwrcBmDtOXwMyDb6aPMPMseBMnX1PH
jJ7+JezHGhMh9DkxS2BRFLxqjRn88mEr3CkPkx52mYVJR3af/RpzrCmaeu6mZm8t
oWs6tJTPbomC0mAs8iXr1i0jczTwLwm1TKz1KDrIDUKJgZ+iot157E2KwkjOWOyt
JFxoQS4QnvT2Sfnbr2dr47em1/1s+2wFvmHBAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUoZIcX8S0oXT5pT/XU9eada6nu9AwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9vWkljWDhTMG9YVDVwVF9Y
VTllYWRhNm51OUEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAG0o9R7YayLp8He9MaWIaIV/oAo87Jr87Kwt
EjOcsSlRMfhx95+sdOXl7EI4LVYUpib2UXvR3D2DcBV9cicFoD9mvfdVnzJLLz+Y
LI4LsEhZtXoBNSk0VRNfgMV5sjQHV+7ckbHoyu4+aHk6uqm4I1ipmx5UYj3il9ct
HPnWnVzi1xTJ7dN/S6t9A1ieiHINJCBmdHn8z5+yDiDHWZETi964Ko5Hw/UlXd34
vz7t8+Pb1XNbrsLoB7+febfPROUnfT6my8yaw7AEX7uEYBPQJIkEia6R3lM47dOc
9LdYf0uPYgZUHog7pKfbGDJnH7EmuIKNsratY7tGzhQPSrMSk9M=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:53:35 2025 by rpki-client