Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/op8irJMlz31JMTr20gUwydsJrlQ.roa
File: op8irJMlz31JMTr20gUwydsJrlQ.roa (raw, json)
Hash identifier: U8+7WYb3TpO74b+gE/bqdc4okLORXCBa77KvHzxfhkY=
Subject key identifier: A2:9F:22:AC:93:25:CF:7D:49:31:3A:F6:D2:05:30:C9:DB:09:AE:54
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0CAC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/op8irJMlz31JMTr20gUwydsJrlQ.roa
Signing time: Fri 23 May 2025 23:38:31 +0000
ROA not before: Fri 23 May 2025 23:38:31 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3244 (0xcac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 23 23:38:31 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=A29F22AC9325CF7D49313AF6D20530C9DB09AE54
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:75:e3:6c:f8:c2:f6:96:4f:46:02:75:7a:b0:
3e:98:72:05:8c:34:68:d1:45:ef:93:73:5d:08:3e:
e1:a7:3b:b9:14:b4:27:23:d5:b9:57:19:5d:89:c8:
58:e2:8a:3a:a1:46:9f:d5:2d:c5:fd:d0:de:53:ea:
79:66:df:1b:01:24:14:2c:24:a2:79:a3:5a:55:3c:
6a:82:4d:1b:78:a3:53:7d:4e:a5:13:eb:0c:83:04:
8f:4b:be:0f:1e:b4:0c:b1:dc:18:03:0b:72:45:b2:
26:0d:2e:f6:7e:b2:f0:75:ad:11:b5:73:5e:c9:6f:
4f:7e:10:db:63:b1:02:f3:94:2f:f6:7d:1f:51:e7:
27:12:d4:0a:4c:0c:66:94:2a:77:64:c2:9a:57:54:
33:a7:74:4d:fd:8c:59:0b:d6:28:c7:68:bc:7e:6f:
b0:4c:69:37:bd:ac:ee:73:26:98:0c:f3:cd:35:6a:
83:57:51:07:21:ed:d3:60:33:03:ff:f4:a5:7a:8a:
a8:cf:b5:f7:51:26:ae:d2:53:5d:39:b7:a1:7b:f2:
fd:0b:37:56:61:56:e8:d4:1c:34:39:1c:61:85:68:
66:a2:69:30:ca:70:f9:ce:6c:7c:a7:02:90:73:b5:
d3:b8:be:4a:45:88:ed:33:a6:50:71:9d:1b:ba:bf:
3c:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:9F:22:AC:93:25:CF:7D:49:31:3A:F6:D2:05:30:C9:DB:09:AE:54
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/op8irJMlz31JMTr20gUwydsJrlQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
02:5b:c7:0f:e3:00:0c:c8:0d:fe:34:0b:26:cc:ba:b3:9a:cf:
71:55:4d:16:23:3e:86:9b:fd:4b:01:f5:43:7b:c4:f1:c5:01:
65:33:d1:0a:22:c9:33:47:47:fe:97:b8:77:4b:24:39:8d:f4:
84:b4:8a:c7:a4:ef:86:31:52:78:9f:21:4b:03:7d:57:18:8c:
78:24:cf:ca:5d:a8:67:d0:61:ff:a9:31:05:8e:f0:b7:c3:a4:
ea:3e:1f:42:a8:f6:b2:3c:3f:34:c8:49:3a:c7:9f:72:03:cf:
1c:be:10:2c:64:61:3c:6e:7d:12:8a:d5:41:d4:b4:f6:d3:9c:
c1:8b:b6:af:dd:50:d2:b6:64:cc:b3:56:ab:88:c5:e0:53:ce:
77:5e:42:dc:51:b8:0f:34:15:c2:fe:ac:aa:9e:0a:5d:bf:7e:
94:98:2e:84:4b:db:db:94:97:86:81:23:0b:b9:38:b2:34:58:
d8:ca:76:91:c5:46:ed:fd:ca:e6:dd:8b:cd:64:c0:44:18:64:
e9:5a:fd:fd:e5:43:c0:4b:b1:4d:9c:f2:6b:0a:f4:c9:49:f9:
61:35:33:9a:39:7f:d7:32:92:cd:77:d8:bb:d6:fd:05:ea:29:
89:5d:f4:91:4b:a3:2c:16:7c:23:e4:03:1c:79:ca:74:a5:96:
75:38:39:e3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDKwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjMy
MzM4MzFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEEyOUYyMkFDOTMyNUNG
N0Q0OTMxM0FGNkQyMDUzMEM5REIwOUFFNTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOdeNs+ML2lk9GAnV6sD6YcgWMNGjRRe+Tc10IPuGnO7kUtCcj
1blXGV2JyFjiijqhRp/VLcX90N5T6nlm3xsBJBQsJKJ5o1pVPGqCTRt4o1N9TqUT
6wyDBI9Lvg8etAyx3BgDC3JFsiYNLvZ+svB1rRG1c17Jb09+ENtjsQLzlC/2fR9R
5ycS1ApMDGaUKndkwppXVDOndE39jFkL1ijHaLx+b7BMaTe9rO5zJpgM8801aoNX
UQch7dNgMwP/9KV6iqjPtfdRJq7SU105t6F78v0LN1ZhVujUHDQ5HGGFaGaiaTDK
cPnObHynApBztdO4vkpFiO0zplBxnRu6vzzNAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUop8irJMlz31JMTr20gUwydsJrlQwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9vcDhpckpNbHozMUpNVHIy
MGdVd3lkc0pybFEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAAJbxw/jAAzIDf40CybMurOaz3FVTRYjPoab
/UsB9UN7xPHFAWUz0QoiyTNHR/6XuHdLJDmN9IS0isek74YxUnifIUsDfVcYjHgk
z8pdqGfQYf+pMQWO8LfDpOo+H0Ko9rI8PzTISTrHn3IDzxy+ECxkYTxufRKK1UHU
tPbTnMGLtq/dUNK2ZMyzVquIxeBTzndeQtxRuA80FcL+rKqeCl2/fpSYLoRL29uU
l4aBIwu5OLI0WNjKdpHFRu39yubdi81kwEQYZOla/f3lQ8BLsU2c8msK9MlJ+WE1
M5o5f9cyks132LvW/QXqKYld9JFLoywWfCPkAxx5ynSllnU4OeM=
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:34:09 2025 by rpki-client