Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/tEwIaRLCw1cd0_4XrylEwQEZFvU.roa
File: tEwIaRLCw1cd0_4XrylEwQEZFvU.roa (raw, json)
Hash identifier: Qfi5AVkr41kwoOSZ3hLe118okRdlPBtsKRQP3yuZ/Xk=
Subject key identifier: B4:4C:08:69:12:C2:C3:57:1D:D3:FE:17:AF:29:44:C1:01:19:16:F5
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0C48
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/tEwIaRLCw1cd0_4XrylEwQEZFvU.roa
Signing time: Fri 23 May 2025 11:08:44 +0000
ROA not before: Fri 23 May 2025 11:08:44 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3144 (0xc48)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 23 11:08:44 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=B44C086912C2C3571DD3FE17AF2944C1011916F5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:08:2b:9f:bf:4d:22:15:06:71:05:55:80:82:
bc:9b:4d:98:6a:27:05:1e:e0:be:1d:63:b9:d9:a9:
52:60:83:d5:e8:68:5b:af:fd:b3:d1:87:5c:91:cf:
b2:78:60:7a:d6:71:4a:a6:9b:27:1c:c0:0d:48:af:
52:bb:67:92:05:78:55:8e:6f:09:4d:2f:a1:32:60:
46:73:b3:e4:a7:2a:c1:14:23:c8:17:a0:b2:32:10:
31:f7:7d:89:cc:ce:7d:74:e8:e3:49:fd:47:40:a5:
8c:e1:93:82:7e:70:ae:5f:f3:fd:1a:4f:ee:13:50:
ff:a7:6b:9c:87:85:b5:cf:95:ca:65:5c:85:2c:5c:
d7:dd:a8:da:c8:66:72:6d:34:d4:24:a0:71:ff:37:
48:2b:0c:e5:ce:c2:a3:13:7a:54:62:88:26:e9:ae:
54:44:91:69:ed:62:59:dd:62:2d:6f:85:3f:de:ae:
50:3a:04:5c:ca:46:12:da:9c:ed:b8:ab:41:b1:41:
1a:a4:28:25:b2:14:9f:85:80:e4:b9:73:0a:b3:04:
f7:9d:a2:ea:77:d1:ee:2e:fb:52:50:91:15:c7:25:
04:a8:b7:75:c1:e1:db:8f:c9:68:63:b8:5c:0c:db:
90:72:7c:2b:74:c7:66:6f:f1:6a:da:3b:b7:dc:d2:
19:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:4C:08:69:12:C2:C3:57:1D:D3:FE:17:AF:29:44:C1:01:19:16:F5
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/tEwIaRLCw1cd0_4XrylEwQEZFvU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
85:fc:d8:93:d0:92:9b:47:a3:f2:07:60:3a:34:77:2c:e4:fe:
be:4a:54:b4:29:38:28:b9:0e:14:1c:35:f2:f9:f2:ac:66:73:
97:8e:67:82:9a:3d:db:7a:70:6f:a8:b9:9d:46:70:1b:48:cf:
0d:cb:ae:96:7f:5c:85:7f:60:03:99:11:f9:fb:14:a5:65:ec:
32:c4:8c:f0:17:c5:3a:66:4c:84:28:13:5e:a4:4c:b2:ab:0c:
b1:56:68:51:3d:fd:31:f0:fd:ac:90:38:12:1c:95:29:13:1b:
ad:c4:e5:94:78:57:4f:00:97:2c:3e:70:c8:b1:20:07:ac:73:
1a:95:27:6d:15:5e:9b:fb:5d:16:5d:19:94:0e:76:4e:dc:01:
43:71:f2:fe:c4:a6:75:3f:31:1a:20:7e:03:e3:ed:cc:a7:b1:
b5:4e:d0:22:37:18:c0:50:ed:b8:26:dd:09:4f:18:a1:0f:32:
a9:4d:97:16:59:ca:d3:a5:c6:b4:e6:2f:db:1c:9a:b6:52:31:
88:04:08:9f:01:2a:0d:de:8c:b4:bf:9e:87:6d:4e:5a:d3:35:
6a:e9:5b:43:79:6f:a3:00:b1:41:60:fc:0b:5d:ba:65:8a:ae:
6f:b9:94:6c:05:e9:02:89:bc:c6:31:34:d6:43:4f:1a:62:e7:
88:7c:7c:5e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDEgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjMx
MTA4NDRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEI0NEMwODY5MTJDMkMz
NTcxREQzRkUxN0FGMjk0NEMxMDExOTE2RjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDoCCufv00iFQZxBVWAgrybTZhqJwUe4L4dY7nZqVJgg9XoaFuv
/bPRh1yRz7J4YHrWcUqmmyccwA1Ir1K7Z5IFeFWObwlNL6EyYEZzs+SnKsEUI8gX
oLIyEDH3fYnMzn106ONJ/UdApYzhk4J+cK5f8/0aT+4TUP+na5yHhbXPlcplXIUs
XNfdqNrIZnJtNNQkoHH/N0grDOXOwqMTelRiiCbprlREkWntYlndYi1vhT/erlA6
BFzKRhLanO24q0GxQRqkKCWyFJ+FgOS5cwqzBPedoup30e4u+1JQkRXHJQSot3XB
4duPyWhjuFwM25ByfCt0x2Zv8WraO7fc0hmLAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUtEwIaRLCw1cd0/4XrylEwQEZFvUwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni90RXdJYVJMQ3cxY2QwXzRY
cnlsRXdRRVpGdlUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIX82JPQkptHo/IHYDo0dyzk/r5KVLQpOCi5
DhQcNfL58qxmc5eOZ4KaPdt6cG+ouZ1GcBtIzw3LrpZ/XIV/YAOZEfn7FKVl7DLE
jPAXxTpmTIQoE16kTLKrDLFWaFE9/THw/ayQOBIclSkTG63E5ZR4V08Alyw+cMix
IAescxqVJ20VXpv7XRZdGZQOdk7cAUNx8v7EpnU/MRogfgPj7cynsbVO0CI3GMBQ
7bgm3QlPGKEPMqlNlxZZytOlxrTmL9scmrZSMYgECJ8BKg3ejLS/nodtTlrTNWrp
W0N5b6MAsUFg/AtdumWKrm+5lGwF6QKJvMYxNNZDTxpi54h8fF4=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:52:50 2025 by rpki-client