Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/rEfx3cIn3Xo_9msEnEngicNldrM.roa
File: rEfx3cIn3Xo_9msEnEngicNldrM.roa (raw, json)
Hash identifier: h8lXMJUxw85eOA/ztZYFWknNzCv+LmZicTfIPAnjv8I=
Subject key identifier: AC:47:F1:DD:C2:27:DD:7A:3F:F6:6B:04:9C:49:E0:89:C3:65:76:B3
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 04CC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/rEfx3cIn3Xo_9msEnEngicNldrM.roa
Signing time: Tue 13 May 2025 11:38:01 +0000
ROA not before: Tue 13 May 2025 11:38:01 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1228 (0x4cc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 13 11:38:01 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=AC47F1DDC227DD7A3FF66B049C49E089C36576B3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:08:2a:c8:78:6a:c2:99:8b:64:9c:6e:6f:b7:
19:54:8c:92:f1:4c:55:11:01:0a:af:e6:2b:db:9e:
de:dd:33:83:f3:c9:49:59:12:8e:e6:fe:54:25:fb:
11:3e:b2:6c:20:d4:2a:4c:42:00:9d:05:01:32:02:
b1:d5:66:fd:1d:58:2f:ff:d8:e3:95:61:fb:14:e6:
b2:bd:c5:87:fc:2f:53:18:06:bc:fc:d3:f3:42:8a:
e8:d2:54:71:d9:f5:4f:c4:17:3b:c3:9f:74:25:9d:
df:57:7b:01:83:b4:57:dc:0e:88:63:8b:76:a0:9b:
25:13:29:f0:fd:1a:a6:3b:6a:d1:cb:23:06:17:b8:
29:2d:9f:d7:cb:5d:b9:56:50:82:34:7e:31:81:3b:
48:ce:4b:9b:40:f1:30:d3:e2:40:7a:aa:56:b9:fc:
3d:9c:e4:b0:a2:2b:b5:1f:6d:b7:09:04:b8:64:00:
41:09:d1:30:a0:61:50:aa:2e:79:09:71:ed:c4:ff:
a2:42:12:08:03:7a:ea:32:53:8f:4b:21:01:3a:5e:
79:58:4f:e6:1d:5a:8a:ae:4d:84:98:fa:ac:0e:9a:
c6:be:a6:84:a9:f2:42:d7:ee:d7:0a:27:47:72:5a:
2b:63:d9:09:8e:86:42:9a:e1:90:39:b8:ca:d9:6b:
e5:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:47:F1:DD:C2:27:DD:7A:3F:F6:6B:04:9C:49:E0:89:C3:65:76:B3
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/rEfx3cIn3Xo_9msEnEngicNldrM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
10:14:7a:1a:3e:d5:b8:97:f1:a7:57:5b:fb:7d:f5:a3:04:55:
24:b9:3f:f9:c5:8e:20:8d:9c:90:ef:fc:29:dc:55:c9:22:9b:
c1:6c:71:91:25:5e:98:6c:5f:ad:b3:6c:3a:a7:d7:92:69:23:
7c:b5:97:36:9d:7a:89:41:05:f3:8e:05:69:9a:c0:9c:d0:e4:
7a:20:52:67:79:ee:6c:c4:bd:ea:2b:1f:8d:17:62:b1:fd:ec:
66:0d:ab:88:53:3c:e4:50:0c:99:5b:79:a9:d3:94:c3:fe:6b:
eb:46:40:08:07:a6:82:33:bd:fe:d9:4d:56:fc:77:19:8c:76:
40:fd:62:23:9e:d4:07:57:be:a1:38:93:95:4c:56:56:4a:b7:
2b:f7:09:07:96:8f:fb:5c:c3:cc:5b:fd:35:d9:a8:55:a4:24:
a6:5d:b7:43:1c:65:d9:c6:d1:b3:0c:07:86:5f:4c:db:ee:ba:
6f:ed:a2:3e:15:80:e6:14:21:52:21:bd:f1:c6:85:75:d8:5e:
d6:21:71:d0:c8:03:8a:12:f5:4b:bd:39:51:67:11:79:f8:5a:
ab:55:83:f0:6b:96:9b:ec:3d:84:f3:da:fd:37:84:56:ee:a0:
8a:3a:1a:4e:ee:44:c5:63:f6:78:c1:80:7b:60:e4:9c:43:a5:
0a:c6:c1:16
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBMwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTMx
MTM4MDFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEFDNDdGMUREQzIyN0RE
N0EzRkY2NkIwNDlDNDlFMDg5QzM2NTc2QjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKCCrIeGrCmYtknG5vtxlUjJLxTFURAQqv5ivbnt7dM4PzyUlZ
Eo7m/lQl+xE+smwg1CpMQgCdBQEyArHVZv0dWC//2OOVYfsU5rK9xYf8L1MYBrz8
0/NCiujSVHHZ9U/EFzvDn3Qlnd9XewGDtFfcDohji3agmyUTKfD9GqY7atHLIwYX
uCktn9fLXblWUII0fjGBO0jOS5tA8TDT4kB6qla5/D2c5LCiK7UfbbcJBLhkAEEJ
0TCgYVCqLnkJce3E/6JCEggDeuoyU49LIQE6XnlYT+YdWoquTYSY+qwOmsa+poSp
8kLX7tcKJ0dyWitj2QmOhkKa4ZA5uMrZa+V/AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUrEfx3cIn3Xo/9msEnEngicNldrMwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9yRWZ4M2NJbjNYb185bXNF
bkVuZ2ljTmxkck0ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBABAUeho+1biX8adXW/t99aMEVSS5P/nFjiCN
nJDv/CncVckim8FscZElXphsX62zbDqn15JpI3y1lzadeolBBfOOBWmawJzQ5Hog
Umd57mzEveorH40XYrH97GYNq4hTPORQDJlbeanTlMP+a+tGQAgHpoIzvf7ZTVb8
dxmMdkD9YiOe1AdXvqE4k5VMVlZKtyv3CQeWj/tcw8xb/TXZqFWkJKZdt0McZdnG
0bMMB4ZfTNvuum/toj4VgOYUIVIhvfHGhXXYXtYhcdDIA4oS9Uu9OVFnEXn4WqtV
g/BrlpvsPYTz2v03hFbuoIo6Gk7uRMVj9njBgHtg5JxDpQrGwRY=
-----END CERTIFICATE-----
Generated at Sat Jun 21 02:34:33 2025 by rpki-client