Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/q4rC0fI25wBwsXFqzdyQZ842FUU.roa
File: q4rC0fI25wBwsXFqzdyQZ842FUU.roa (raw, json)
Hash identifier: hIwPELbvePyHtsU7DyiJL3Fz26R26nIQpbLxT/okf0I=
Subject key identifier: AB:8A:C2:D1:F2:36:E7:00:70:B1:71:6A:CD:DC:90:67:CE:36:15:45
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0690
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/q4rC0fI25wBwsXFqzdyQZ842FUU.roa
Signing time: Thu 15 May 2025 20:08:02 +0000
ROA not before: Thu 15 May 2025 20:08:02 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1680 (0x690)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 15 20:08:02 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=AB8AC2D1F236E70070B1716ACDDC9067CE361545
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:75:f7:62:06:3e:d1:84:df:66:f7:1c:dd:3f:
ee:90:1b:a9:d6:b5:62:2e:b2:96:83:36:16:4a:1f:
ed:34:a8:11:05:2f:83:9a:f9:d3:37:69:c6:be:38:
fb:ba:2a:60:f9:64:bd:29:d4:96:a2:6e:76:63:ed:
16:fd:3a:38:b8:c6:c2:21:f2:ca:99:e0:58:95:13:
3e:0d:68:51:8b:72:e2:fe:90:2b:0e:c5:e4:1a:42:
2c:77:42:15:35:76:ba:fa:0a:3a:ff:bd:f4:6b:14:
a9:3a:b1:4e:35:1c:e8:f8:eb:9f:5e:9f:f8:fd:5b:
79:d2:aa:ac:cc:4e:ce:16:e3:48:08:82:66:18:53:
8a:fd:8b:1b:96:07:09:ba:f5:c8:e5:94:33:76:11:
f8:9a:e5:1b:9e:bc:68:03:26:4f:a9:9f:16:62:b0:
f6:c9:cf:4d:82:9b:31:aa:85:ac:e0:f4:5a:17:ad:
07:7d:aa:d3:33:fa:6d:0f:9e:be:38:50:72:cf:bf:
36:26:ad:00:e3:f9:ab:cd:23:cc:8f:c3:c2:6c:b0:
28:ac:4c:99:af:94:ec:27:e3:5c:03:b7:ee:76:62:
31:b1:ca:3e:e2:7f:89:29:69:88:50:d6:c2:8e:c3:
bf:cb:91:07:b7:82:38:8f:84:f6:06:b2:ca:4c:c9:
13:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:8A:C2:D1:F2:36:E7:00:70:B1:71:6A:CD:DC:90:67:CE:36:15:45
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/q4rC0fI25wBwsXFqzdyQZ842FUU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
56:8b:8b:2e:b2:b6:a4:9a:56:6b:f8:aa:16:32:8c:52:6b:38:
6b:12:4f:7a:aa:30:50:f7:a6:df:03:29:ea:9b:e1:53:a5:fc:
50:ed:9f:ab:5e:d8:6c:df:b7:db:5d:bb:fc:16:f9:dc:0c:5f:
8d:d7:87:3a:30:05:26:34:18:eb:10:10:44:5e:40:57:a7:ea:
3c:a4:b1:65:9f:18:5c:13:ca:d2:6a:3c:5f:6b:ed:99:54:d2:
a4:a7:a5:47:11:50:bf:6c:9c:02:2a:1c:49:0c:a8:58:81:dd:
e2:26:2d:3c:3e:ff:1d:8a:f4:b5:c2:7a:44:0c:91:3c:cf:bf:
bd:47:4e:b9:e6:9c:d8:fe:d5:5a:13:75:06:ab:c1:fd:14:c5:
67:6e:5e:02:ff:fb:03:57:a4:26:9d:23:70:04:b1:89:74:aa:
c3:50:95:24:7a:be:36:a9:a2:6f:14:ed:8d:bf:be:69:ba:2e:
a7:96:49:49:be:96:39:78:33:85:ab:a7:38:62:5b:86:d5:bb:
fb:38:c5:58:d9:6e:8a:7b:19:9e:eb:b4:a3:6d:fe:50:49:08:
a5:84:9e:f9:8e:1c:46:18:35:e2:04:1b:23:03:f5:d6:78:ee:
22:d8:91:56:c8:68:af:0f:87:bc:50:56:88:a0:12:61:83:34:
2e:21:8a:09
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBpAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTUy
MDA4MDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEFCOEFDMkQxRjIzNkU3
MDA3MEIxNzE2QUNEREM5MDY3Q0UzNjE1NDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7dfdiBj7RhN9m9xzdP+6QG6nWtWIuspaDNhZKH+00qBEFL4Oa
+dM3aca+OPu6KmD5ZL0p1JaibnZj7Rb9Oji4xsIh8sqZ4FiVEz4NaFGLcuL+kCsO
xeQaQix3QhU1drr6Cjr/vfRrFKk6sU41HOj4659en/j9W3nSqqzMTs4W40gIgmYY
U4r9ixuWBwm69cjllDN2Efia5RuevGgDJk+pnxZisPbJz02CmzGqhazg9FoXrQd9
qtMz+m0Pnr44UHLPvzYmrQDj+avNI8yPw8JssCisTJmvlOwn41wDt+52YjGxyj7i
f4kpaYhQ1sKOw7/LkQe3gjiPhPYGsspMyRP3AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUq4rC0fI25wBwsXFqzdyQZ842FUUwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9xNHJDMGZJMjV3QndzWEZx
emR5UVo4NDJGVVUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAFaLiy6ytqSaVmv4qhYyjFJrOGsST3qqMFD3
pt8DKeqb4VOl/FDtn6te2Gzft9tdu/wW+dwMX43XhzowBSY0GOsQEEReQFen6jyk
sWWfGFwTytJqPF9r7ZlU0qSnpUcRUL9snAIqHEkMqFiB3eImLTw+/x2K9LXCekQM
kTzPv71HTrnmnNj+1VoTdQarwf0UxWduXgL/+wNXpCadI3AEsYl0qsNQlSR6vjap
om8U7Y2/vmm6LqeWSUm+ljl4M4WrpzhiW4bVu/s4xVjZbop7GZ7rtKNt/lBJCKWE
nvmOHEYYNeIEGyMD9dZ47iLYkVbIaK8Ph7xQVoigEmGDNC4higk=
-----END CERTIFICATE-----
Generated at Sat Jun 21 13:51:31 2025 by rpki-client