Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/2SLh50dd2E1LpBk9XWTc7hRmcHY.roa
File: 2SLh50dd2E1LpBk9XWTc7hRmcHY.roa (raw, json)
Hash identifier: ipVfnCpL5u2VA1WI2dD/qARX4svG6PCSxu0hYh4L1A4=
Subject key identifier: D9:22:E1:E7:47:5D:D8:4D:4B:A4:19:3D:5D:64:DC:EE:14:66:70:76
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 03FC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/2SLh50dd2E1LpBk9XWTc7hRmcHY.roa
Signing time: Mon 12 May 2025 09:37:54 +0000
ROA not before: Mon 12 May 2025 09:37:54 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1020 (0x3fc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 12 09:37:54 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=D922E1E7475DD84D4BA4193D5D64DCEE14667076
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:ca:77:8e:ca:9b:4f:80:86:38:e8:a0:a6:e9:
4f:e5:97:b4:29:7f:cd:34:68:ef:15:31:62:53:e5:
dc:a9:bc:d6:43:1a:ab:b6:31:c2:56:1d:be:b9:ea:
09:49:10:64:4a:00:db:21:95:a9:64:82:ab:9b:20:
ec:7e:fa:75:f8:86:72:f8:f2:60:7c:e1:36:97:ce:
68:0c:5c:2e:af:c4:dc:f1:40:1a:c4:db:28:af:d3:
e8:88:84:be:da:0f:d9:f5:8f:90:9d:42:a3:1d:3c:
34:af:39:84:87:ee:4c:fc:b5:c4:38:b8:28:be:30:
97:47:c6:89:2b:18:c3:63:12:6d:f4:51:f7:81:a7:
1e:26:03:e6:e5:76:79:d6:bd:e9:3d:ba:7a:5c:b8:
42:ac:0d:25:e9:61:f9:f5:00:8b:c4:ad:fe:1b:f5:
5b:40:93:dd:18:fc:aa:54:df:d9:01:a5:92:0e:ed:
85:0e:36:f8:96:ed:71:9a:21:f7:53:06:0d:b8:b1:
ce:26:2b:88:77:59:3c:3b:8f:8f:dc:61:d3:a6:bf:
11:6d:7c:60:15:78:76:d4:cc:41:35:a9:36:1f:de:
f8:eb:37:66:49:6d:3c:b7:06:4e:05:f9:5f:14:6c:
bc:01:61:53:8c:41:9f:6f:ae:01:a4:bc:29:b8:70:
9b:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:22:E1:E7:47:5D:D8:4D:4B:A4:19:3D:5D:64:DC:EE:14:66:70:76
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/2SLh50dd2E1LpBk9XWTc7hRmcHY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
53:05:4f:a4:56:18:4b:e0:b7:d3:87:ee:a8:86:77:00:7a:1c:
58:ad:40:b1:72:1a:e6:03:4a:1e:b2:73:5d:54:8c:ee:24:99:
fe:3b:ca:e6:b9:f4:3a:d5:d9:e0:74:b8:ad:0a:35:7d:c1:e0:
a0:fc:86:30:0a:30:cd:91:a7:c7:3d:d9:7a:f8:a4:61:96:12:
c6:ca:84:d1:ad:d6:75:52:e8:3b:be:c2:de:6d:de:97:94:59:
a4:52:7b:bf:c9:ac:bf:95:56:73:6b:a5:14:45:8e:c5:64:8f:
6c:00:54:da:6a:52:b4:fc:b8:df:2c:25:90:34:a8:b1:ff:d6:
69:be:80:1e:2b:2f:a4:9e:2d:a9:71:94:16:96:37:64:64:63:
80:7e:5c:5c:95:cb:ae:42:16:fb:bf:27:f0:dc:d4:2f:ca:cc:
2c:d1:3f:e5:fc:71:08:28:72:9f:28:a7:98:70:b1:54:f3:d4:
2d:5a:09:88:82:b1:fa:1c:2b:1b:bd:01:d5:f1:e3:06:30:de:
bf:1e:95:22:54:88:93:31:2e:51:71:c3:df:c0:00:c4:98:56:
6c:2d:1f:71:ac:1a:ca:b1:20:62:c1:9e:eb:0b:ef:e2:33:37:
87:78:90:c4:f9:43:69:b0:c5:35:17:68:40:b4:0a:05:3d:b1:
eb:c7:b8:fa
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICA/wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTIw
OTM3NTRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEQ5MjJFMUU3NDc1REQ4
NEQ0QkE0MTkzRDVENjREQ0VFMTQ2NjcwNzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCXyneOyptPgIY46KCm6U/ll7Qpf800aO8VMWJT5dypvNZDGqu2
McJWHb656glJEGRKANshlalkgqubIOx++nX4hnL48mB84TaXzmgMXC6vxNzxQBrE
2yiv0+iIhL7aD9n1j5CdQqMdPDSvOYSH7kz8tcQ4uCi+MJdHxokrGMNjEm30UfeB
px4mA+bldnnWvek9unpcuEKsDSXpYfn1AIvErf4b9VtAk90Y/KpU39kBpZIO7YUO
NviW7XGaIfdTBg24sc4mK4h3WTw7j4/cYdOmvxFtfGAVeHbUzEE1qTYf3vjrN2ZJ
bTy3Bk4F+V8UbLwBYVOMQZ9vrgGkvCm4cJshAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU2SLh50dd2E1LpBk9XWTc7hRmcHYwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni8yU0xoNTBkZDJFMUxwQms5
WFdUYzdoUm1jSFkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAFMFT6RWGEvgt9OH7qiGdwB6HFitQLFyGuYD
Sh6yc11UjO4kmf47yua59DrV2eB0uK0KNX3B4KD8hjAKMM2Rp8c92Xr4pGGWEsbK
hNGt1nVS6Du+wt5t3peUWaRSe7/JrL+VVnNrpRRFjsVkj2wAVNpqUrT8uN8sJZA0
qLH/1mm+gB4rL6SeLalxlBaWN2RkY4B+XFyVy65CFvu/J/Dc1C/KzCzRP+X8cQgo
cp8op5hwsVTz1C1aCYiCsfocKxu9AdXx4wYw3r8elSJUiJMxLlFxw9/AAMSYVmwt
H3GsGsqxIGLBnusL7+IzN4d4kMT5Q2mwxTUXaEC0CgU9sevHuPo=
-----END CERTIFICATE-----
Generated at Sat May 17 21:13:21 2025 by rpki-client