Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/xX_dj0P52sg2GBH26q1u0DQYumg.roa
File: xX_dj0P52sg2GBH26q1u0DQYumg.roa (raw, json)
Hash identifier: rAavxyG7q3aipagda6HmVbixEFJrLnnDq/SZViecypQ=
Subject key identifier: C5:7F:DD:8F:43:F9:DA:C8:36:18:11:F6:EA:AD:6E:D0:34:18:BA:68
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0408
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/xX_dj0P52sg2GBH26q1u0DQYumg.roa
Signing time: Mon 12 May 2025 11:07:55 +0000
ROA not before: Mon 12 May 2025 11:07:55 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1032 (0x408)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 12 11:07:55 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=C57FDD8F43F9DAC8361811F6EAAD6ED03418BA68
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:0c:c8:61:27:11:cf:dd:81:5a:9b:e2:3a:95:
f3:67:03:5f:9c:a8:67:ac:3c:a4:89:c3:be:5b:8b:
40:18:ca:28:a1:73:fa:0b:c2:0a:49:9b:57:5b:3b:
79:d1:2e:da:cd:33:6e:32:81:e1:9a:41:16:af:b6:
b0:0e:fa:b5:35:ac:ba:7a:83:b2:cd:90:d7:fa:35:
b0:12:73:bd:be:4f:6b:bb:01:52:2c:0e:66:b2:a6:
83:2e:30:a7:92:00:2e:71:f9:1e:2b:79:60:8a:3f:
f7:91:8a:0e:ea:de:23:76:02:62:f3:c8:55:f3:8a:
5d:dd:dd:1e:04:a7:19:31:8c:9b:42:bb:a4:4b:16:
1d:eb:ce:19:3f:0b:d5:8d:a7:78:cc:0b:a2:62:63:
d9:e4:8d:a9:78:6e:cf:ae:15:56:3f:9a:4b:01:ff:
73:6b:58:f5:a6:f6:6c:37:43:1e:6e:d1:af:e0:15:
39:73:0f:bb:03:c6:52:00:5f:66:f6:71:04:15:c5:
df:32:5e:9d:06:d3:48:ef:15:e8:20:e4:3b:c8:1d:
31:03:ce:7f:51:37:dd:e6:ea:72:5b:1c:f4:93:15:
9b:0b:da:d9:5f:f3:1b:73:b5:9b:0a:91:44:ca:3f:
13:2b:32:9d:67:ca:d8:4c:06:3a:cf:0f:b2:1a:71:
de:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:7F:DD:8F:43:F9:DA:C8:36:18:11:F6:EA:AD:6E:D0:34:18:BA:68
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/xX_dj0P52sg2GBH26q1u0DQYumg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2e:88:8e:bc:bb:b3:85:0b:dd:c3:08:41:b1:ce:1e:33:a1:f5:
37:97:93:58:c5:56:f6:c2:c4:3c:99:9a:5f:40:29:94:be:92:
bc:a5:7f:48:d1:ea:92:78:1c:0c:32:b2:41:11:04:0e:2f:74:
b9:84:f6:dc:0d:62:b2:49:b4:22:66:a4:ca:94:2e:e8:e7:b7:
e2:7b:b8:f3:f3:0c:c3:87:45:24:4e:04:1d:79:7a:69:93:0d:
30:51:61:eb:5a:06:39:ff:76:45:bf:13:52:d9:77:2c:3e:d9:
c0:03:6f:76:14:d6:0d:3f:4c:f2:61:22:9a:21:80:e5:04:93:
f5:94:e7:6f:03:b8:85:25:e9:17:f7:dd:78:bf:38:3f:b9:7d:
6c:cd:95:0e:9b:d6:3d:c2:d8:8b:8f:f2:f9:92:ff:bf:02:22:
01:42:30:49:94:5f:ee:73:c8:fd:2e:2c:98:50:b7:e0:0d:13:
b2:55:38:7b:6d:8f:6f:5a:94:d1:ec:eb:11:e3:f8:57:02:64:
67:1b:d6:75:3c:3f:94:7e:25:5a:33:ca:52:6d:e6:ac:5a:5b:
d1:39:88:70:8d:57:ef:5b:2e:23:36:1c:4e:21:89:a3:ba:f1:
ad:58:18:f4:6a:c2:1d:bf:67:59:b1:f3:24:c2:5a:cb:c2:1d:
e6:8f:76:8e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBAgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTIx
MTA3NTVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEM1N0ZERDhGNDNGOURB
QzgzNjE4MTFGNkVBQUQ2RUQwMzQxOEJBNjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8DMhhJxHP3YFam+I6lfNnA1+cqGesPKSJw75bi0AYyiihc/oL
wgpJm1dbO3nRLtrNM24ygeGaQRavtrAO+rU1rLp6g7LNkNf6NbASc72+T2u7AVIs
DmaypoMuMKeSAC5x+R4reWCKP/eRig7q3iN2AmLzyFXzil3d3R4EpxkxjJtCu6RL
Fh3rzhk/C9WNp3jMC6JiY9nkjal4bs+uFVY/mksB/3NrWPWm9mw3Qx5u0a/gFTlz
D7sDxlIAX2b2cQQVxd8yXp0G00jvFegg5DvIHTEDzn9RN93m6nJbHPSTFZsL2tlf
8xtztZsKkUTKPxMrMp1nythMBjrPD7Iacd6hAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUxX/dj0P52sg2GBH26q1u0DQYumgwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni94WF9kajBQNTJzZzJHQkgy
NnExdTBEUVl1bWcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAC6Ijry7s4UL3cMIQbHOHjOh9TeXk1jFVvbC
xDyZml9AKZS+krylf0jR6pJ4HAwyskERBA4vdLmE9twNYrJJtCJmpMqULujnt+J7
uPPzDMOHRSROBB15emmTDTBRYetaBjn/dkW/E1LZdyw+2cADb3YU1g0/TPJhIpoh
gOUEk/WU528DuIUl6Rf33Xi/OD+5fWzNlQ6b1j3C2IuP8vmS/78CIgFCMEmUX+5z
yP0uLJhQt+ANE7JVOHttj29alNHs6xHj+FcCZGcb1nU8P5R+JVozylJt5qxaW9E5
iHCNV+9bLiM2HE4hiaO68a1YGPRqwh2/Z1mx8yTCWsvCHeaPdo4=
-----END CERTIFICATE-----
Generated at Sun Jun 22 05:26:36 2025 by rpki-client