Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/qfGEZl2NIngUtW9cwIdoaK5Yvek.roa
File: qfGEZl2NIngUtW9cwIdoaK5Yvek.roa (raw, json)
Hash identifier: KHuWq2A6QXNjuBbeCa6LisqHQgo/51d0xcDxmMSgy6o=
Subject key identifier: A9:F1:84:66:5D:8D:22:78:14:B5:6F:5C:C0:87:68:68:AE:58:BD:E9
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0B70
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/qfGEZl2NIngUtW9cwIdoaK5Yvek.roa
Signing time: Thu 22 May 2025 08:08:21 +0000
ROA not before: Thu 22 May 2025 08:08:21 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2928 (0xb70)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 22 08:08:21 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=A9F184665D8D227814B56F5CC0876868AE58BDE9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:db:4e:b0:c0:d4:cb:bf:3d:d6:ce:82:ff:dd:
22:9b:aa:e2:57:22:48:ab:7e:36:66:84:17:22:77:
68:21:9f:0f:76:3a:f6:d5:a9:cc:62:ce:2a:5c:90:
61:f3:be:20:1d:f2:30:c4:e2:37:88:54:1d:0e:fd:
e7:ba:b3:03:ea:60:fb:94:92:36:1d:fc:2e:29:02:
72:aa:56:42:78:d2:bc:e4:6b:f8:d5:1f:84:11:d7:
98:8c:d8:5c:ed:b2:2c:83:09:43:08:70:66:91:f3:
1a:3c:e1:98:d8:9d:30:cb:6d:e5:0b:0f:cf:37:88:
54:7d:c1:1c:6e:39:07:8f:c9:28:96:c7:ff:84:fe:
86:f7:4b:7b:13:50:1a:d4:83:5f:08:b5:f5:6b:23:
6c:ea:ad:a9:98:82:bc:e4:21:b4:ba:8e:1a:63:b7:
a1:6b:08:3a:71:75:42:25:75:42:3b:7c:95:4e:90:
36:d4:5a:f5:b6:7d:0e:60:aa:7c:e1:d7:76:09:8e:
91:39:56:b5:06:2b:84:f8:37:02:7d:e4:67:3c:22:
31:93:70:1f:b3:fa:46:42:b0:79:31:72:6e:ae:35:
cf:75:d1:ad:b2:a7:29:63:cd:d4:5b:56:0b:3d:f6:
1d:9b:a1:98:e5:fc:90:a5:76:f1:85:46:89:e5:8f:
7e:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:F1:84:66:5D:8D:22:78:14:B5:6F:5C:C0:87:68:68:AE:58:BD:E9
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/qfGEZl2NIngUtW9cwIdoaK5Yvek.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
06:3e:ae:f9:56:5b:cf:71:d8:d0:aa:32:5f:5c:39:e5:f1:58:
a3:0d:dd:24:4f:19:c6:61:3e:35:b7:7a:0e:b2:15:c8:d1:aa:
22:17:02:b0:ce:b8:af:8d:3d:14:8c:40:1c:80:df:6e:93:64:
0c:6b:a4:43:9f:2d:5e:55:71:e6:f8:54:7c:16:b8:cc:79:3d:
a4:d5:a2:87:03:2e:33:0f:54:cc:7b:10:58:ae:a1:0a:80:3b:
29:45:ac:63:bb:ff:1f:f2:67:3d:b8:6d:bd:b6:a7:f6:9f:7b:
74:9a:b2:63:95:93:84:2c:91:33:08:89:a6:3a:a6:3f:e1:0e:
3a:aa:99:28:9b:d0:f0:37:db:ac:3f:93:5a:ec:1a:bf:33:da:
fb:6f:b6:60:77:82:8a:42:42:f8:78:43:12:55:ef:55:5e:de:
b7:f8:a9:ea:eb:84:1f:0c:be:5a:bb:d3:c6:73:ff:93:c7:38:
a6:de:e8:18:1d:53:67:69:d2:7e:10:4a:e2:b9:20:6a:c2:77:
2c:85:09:4e:b4:6b:9d:fb:78:68:4a:d3:eb:2a:f6:a1:b2:b4:
85:ae:bc:0e:3d:8e:0a:b8:a6:48:cc:b6:45:f4:1c:eb:68:7e:
24:7c:ee:2f:93:10:8f:a6:7f:61:d8:cf:21:5e:a1:8d:2f:42:
65:81:e8:97
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICC3AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjIw
ODA4MjFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEE5RjE4NDY2NUQ4RDIy
NzgxNEI1NkY1Q0MwODc2ODY4QUU1OEJERTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9206wwNTLvz3WzoL/3SKbquJXIkirfjZmhBcid2ghnw92OvbV
qcxizipckGHzviAd8jDE4jeIVB0O/ee6swPqYPuUkjYd/C4pAnKqVkJ40rzka/jV
H4QR15iM2FztsiyDCUMIcGaR8xo84ZjYnTDLbeULD883iFR9wRxuOQePySiWx/+E
/ob3S3sTUBrUg18ItfVrI2zqramYgrzkIbS6jhpjt6FrCDpxdUIldUI7fJVOkDbU
WvW2fQ5gqnzh13YJjpE5VrUGK4T4NwJ95Gc8IjGTcB+z+kZCsHkxcm6uNc910a2y
pyljzdRbVgs99h2boZjl/JCldvGFRonlj36PAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUqfGEZl2NIngUtW9cwIdoaK5YvekwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9xZkdFWmwyTkluZ1V0Vzlj
d0lkb2FLNVl2ZWsucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAAY+rvlWW89x2NCqMl9cOeXxWKMN3SRPGcZh
PjW3eg6yFcjRqiIXArDOuK+NPRSMQByA326TZAxrpEOfLV5Vceb4VHwWuMx5PaTV
oocDLjMPVMx7EFiuoQqAOylFrGO7/x/yZz24bb22p/afe3SasmOVk4QskTMIiaY6
pj/hDjqqmSib0PA326w/k1rsGr8z2vtvtmB3gopCQvh4QxJV71Ve3rf4qerrhB8M
vlq708Zz/5PHOKbe6BgdU2dp0n4QSuK5IGrCdyyFCU60a537eGhK0+sq9qGytIWu
vA49jgq4pkjMtkX0HOtofiR87i+TEI+mf2HYzyFeoY0vQmWB6Jc=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:53:57 2025 by rpki-client