Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/3SKx-fK5YYIazanL8WNDxbkwFlM.roa
File: 3SKx-fK5YYIazanL8WNDxbkwFlM.roa (raw, json)
Hash identifier: EFw7sS8Dk4H41kPFlDfAsZAD3/W4yHdDkS9pEgFJBVI=
Subject key identifier: DD:22:B1:F9:F2:B9:61:82:1A:CD:A9:CB:F1:63:43:C5:B9:30:16:53
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 034C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/3SKx-fK5YYIazanL8WNDxbkwFlM.roa
Signing time: Sun 11 May 2025 11:37:52 +0000
ROA not before: Sun 11 May 2025 11:37:52 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 844 (0x34c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 11 11:37:52 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=DD22B1F9F2B961821ACDA9CBF16343C5B9301653
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:ff:e7:4d:33:ec:cc:cc:b0:03:ff:f0:40:3a:
6a:9e:2a:cc:dd:0f:c1:4c:11:29:e9:72:24:ac:7d:
b6:05:c3:7b:64:ec:a1:fe:08:f9:1b:80:6b:52:61:
0f:10:f3:ad:e8:46:71:3e:ff:c8:0c:21:c2:d9:d4:
99:64:bb:69:0c:2e:b3:9b:50:4f:4d:6f:26:ad:96:
53:3a:1a:6c:1d:9d:21:a5:2f:27:51:b5:a6:4e:4a:
2d:68:d3:73:d4:97:7a:06:fb:2a:b9:b1:d3:b3:6f:
be:13:3b:9d:2d:2a:0e:dc:39:0d:ed:e7:4c:ef:2f:
ed:96:2f:7f:57:57:d0:ca:9f:0e:42:63:80:de:ef:
cf:ef:3f:99:5e:89:7a:d8:0e:ed:3e:f7:f9:8c:07:
e9:c7:4d:ef:a3:2a:b6:40:7c:1a:b2:50:cd:00:88:
f4:5f:10:9f:ce:d8:ac:9a:80:ae:8c:4f:cd:cb:79:
55:d2:f1:09:89:5d:ce:4e:ba:21:31:34:69:65:7a:
db:5f:eb:32:04:fe:7e:36:54:10:d8:f1:50:9b:e1:
c6:85:01:80:44:dc:b5:a4:af:a1:1a:d9:6d:97:c1:
f4:10:5f:8e:e2:38:3a:ef:78:4b:57:df:ef:b9:70:
16:38:96:7b:8b:da:82:00:7f:e0:90:b8:b2:81:75:
f6:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:22:B1:F9:F2:B9:61:82:1A:CD:A9:CB:F1:63:43:C5:B9:30:16:53
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/3SKx-fK5YYIazanL8WNDxbkwFlM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
51:42:d4:0e:ad:35:f2:4f:c2:40:62:c3:1c:2c:e2:15:9d:3a:
1d:72:e0:0b:e7:46:cf:0e:50:c2:f5:da:ca:4f:a7:e2:e6:ca:
0a:d3:ea:ba:61:4b:7e:85:58:b6:18:f8:24:ca:21:37:9d:6e:
2f:84:5f:3d:e5:a0:71:07:24:d1:6a:0b:bf:70:ab:27:1b:34:
ad:c5:e7:22:b3:4f:f1:83:03:b3:f7:0a:9b:88:34:d4:23:c3:
f8:08:22:19:f8:b7:5e:32:04:22:49:98:57:cc:53:ff:b0:cb:
ae:e5:24:c8:0c:e8:a0:b6:54:3a:33:07:ef:42:39:ac:cf:24:
bf:ba:18:56:e0:7d:68:ad:a3:a6:20:86:ba:c0:7a:0e:fe:30:
59:39:19:a8:08:d0:22:cc:44:1d:e6:24:50:02:f6:23:b5:49:
6d:2b:ef:17:6e:ca:b3:d5:e6:d7:e5:e1:d6:18:07:35:9e:6f:
92:a5:6d:8a:dc:fb:6d:75:ef:f9:85:18:7f:9d:a5:41:ef:9c:
fe:49:e2:9e:96:47:2b:98:75:47:52:6f:01:b7:95:e6:59:ca:
dc:0c:60:3f:f1:4a:6d:b5:43:ea:14:d3:12:36:1b:c4:1d:68:
3a:f5:fe:af:19:4f:f7:1d:1d:1e:d1:66:8b:dc:ae:f6:54:2b:
ba:99:70:ea
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICA0wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTEx
MTM3NTJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEREMjJCMUY5RjJCOTYx
ODIxQUNEQTlDQkYxNjM0M0M1QjkzMDE2NTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDC/+dNM+zMzLAD//BAOmqeKszdD8FMESnpciSsfbYFw3tk7KH+
CPkbgGtSYQ8Q863oRnE+/8gMIcLZ1Jlku2kMLrObUE9NbyatllM6GmwdnSGlLydR
taZOSi1o03PUl3oG+yq5sdOzb74TO50tKg7cOQ3t50zvL+2WL39XV9DKnw5CY4De
78/vP5leiXrYDu0+9/mMB+nHTe+jKrZAfBqyUM0AiPRfEJ/O2KyagK6MT83LeVXS
8QmJXc5OuiExNGllettf6zIE/n42VBDY8VCb4caFAYBE3LWkr6Ea2W2XwfQQX47i
ODrveEtX3++5cBY4lnuL2oIAf+CQuLKBdfZNAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU3SKx+fK5YYIazanL8WNDxbkwFlMwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni8zU0t4LWZLNVlZSWF6YW5M
OFdORHhia3dGbE0ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAFFC1A6tNfJPwkBiwxws4hWdOh1y4AvnRs8O
UML12spPp+LmygrT6rphS36FWLYY+CTKITedbi+EXz3loHEHJNFqC79wqycbNK3F
5yKzT/GDA7P3CpuINNQjw/gIIhn4t14yBCJJmFfMU/+wy67lJMgM6KC2VDozB+9C
OazPJL+6GFbgfWito6YghrrAeg7+MFk5GagI0CLMRB3mJFAC9iO1SW0r7xduyrPV
5tfl4dYYBzWeb5KlbYrc+2117/mFGH+dpUHvnP5J4p6WRyuYdUdSbwG3leZZytwM
YD/xSm21Q+oU0xI2G8QdaDr1/q8ZT/cdHR7RZovcrvZUK7qZcOo=
-----END CERTIFICATE-----
Generated at Sun May 18 12:22:39 2025 by rpki-client