Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/3qHrIgUPZdYbH4HK3TvXaqM4DO0.roa
File: 3qHrIgUPZdYbH4HK3TvXaqM4DO0.roa (raw, json)
Hash identifier: jyxwg+i45fOnsIf6d7t1insqUOAgQQOFKwKRdRNoFV8=
Subject key identifier: DE:A1:EB:22:05:0F:65:D6:1B:1F:81:CA:DD:3B:D7:6A:A3:38:0C:ED
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 040C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/3qHrIgUPZdYbH4HK3TvXaqM4DO0.roa
Signing time: Mon 12 May 2025 11:37:57 +0000
ROA not before: Mon 12 May 2025 11:37:57 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1036 (0x40c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 12 11:37:57 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=DEA1EB22050F65D61B1F81CADD3BD76AA3380CED
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:48:61:03:62:5d:90:66:cf:74:6e:30:69:22:
fb:5e:36:57:f0:52:83:31:e7:06:8d:06:54:ad:df:
e3:5f:22:6a:0b:8f:c0:d5:d0:cb:2d:55:35:35:cc:
ab:d2:85:77:b0:aa:83:a4:b3:54:a5:f4:41:ab:27:
06:86:b7:4d:cb:1f:db:a7:d5:86:b4:c0:08:e8:f8:
25:1a:41:f3:3f:44:42:cf:ab:2a:39:af:73:92:46:
42:51:4b:34:b9:33:3a:12:c5:7a:a0:1d:da:e8:23:
78:31:ad:4c:cd:41:1f:04:69:f3:98:0c:90:d0:3e:
ea:f0:f0:58:97:15:84:7b:68:2e:2d:b7:ae:f0:2a:
29:fe:9c:aa:78:27:6e:97:46:be:0f:8b:41:0b:f0:
ed:f7:98:2d:b4:5a:5d:a5:00:be:86:d7:83:7b:47:
3b:7a:fc:11:08:35:ea:f7:bf:d3:8b:27:08:fa:97:
c5:3a:12:43:97:0e:fa:dc:f5:34:b2:2a:d3:0e:47:
2e:eb:7f:d8:17:45:9d:58:1d:e6:08:79:e9:d0:87:
dc:54:f0:88:e9:9c:af:bd:b2:69:e8:26:b4:33:40:
17:3a:6c:a1:0d:6d:a1:8a:13:f6:7a:25:6f:2d:52:
31:f5:2b:c3:52:75:07:bd:57:cf:51:37:d3:54:b2:
de:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:A1:EB:22:05:0F:65:D6:1B:1F:81:CA:DD:3B:D7:6A:A3:38:0C:ED
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/3qHrIgUPZdYbH4HK3TvXaqM4DO0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
25:3d:7f:f3:3a:ac:dc:a9:41:07:17:5a:9b:6d:65:93:5d:bf:
e4:0f:4e:b5:a4:cc:07:8a:d0:e2:2f:5e:39:b7:4b:08:44:87:
cf:a5:26:e9:49:a3:a8:c3:dc:16:e3:24:1d:64:cb:57:a5:bc:
4c:f1:4d:fc:72:d7:5a:d6:8e:41:b6:e1:40:f1:5b:61:69:d3:
1c:d1:86:d9:1d:35:df:44:73:c3:fb:9d:ca:33:8b:c8:ca:8c:
d0:fd:19:80:81:d8:26:38:3d:89:46:f6:76:c8:6d:80:a0:8f:
fc:e7:7a:1a:36:42:dc:e2:e7:c4:a9:7b:0a:20:69:16:df:c8:
69:d3:ba:09:4a:b8:d2:76:6b:72:6f:be:11:d7:a3:7c:82:f1:
59:d3:2e:dc:55:d1:d4:98:bc:1d:b7:12:76:8a:c9:4c:b8:30:
7c:7c:8f:94:b3:95:62:5c:21:df:6d:7d:cf:08:cb:f5:24:14:
76:2b:ea:2b:c3:65:26:5e:a1:d5:22:13:5e:57:cc:53:02:d2:
4b:0e:b7:d4:4a:cf:4e:08:b6:f6:d0:dd:45:4c:f1:a5:ca:57:
a0:97:0f:dd:da:1e:16:6f:db:bb:a8:5d:cc:dd:75:34:92:ab:
98:b4:8e:6c:70:d0:de:c1:fd:a7:15:1f:3e:0a:38:e7:9b:67:
1a:8f:8a:2e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBAwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTIx
MTM3NTdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKERFQTFFQjIyMDUwRjY1
RDYxQjFGODFDQUREM0JENzZBQTMzODBDRUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDwSGEDYl2QZs90bjBpIvteNlfwUoMx5waNBlSt3+NfImoLj8DV
0MstVTU1zKvShXewqoOks1Sl9EGrJwaGt03LH9un1Ya0wAjo+CUaQfM/RELPqyo5
r3OSRkJRSzS5MzoSxXqgHdroI3gxrUzNQR8EafOYDJDQPurw8FiXFYR7aC4tt67w
Kin+nKp4J26XRr4Pi0EL8O33mC20Wl2lAL6G14N7Rzt6/BEINer3v9OLJwj6l8U6
EkOXDvrc9TSyKtMORy7rf9gXRZ1YHeYIeenQh9xU8IjpnK+9smnoJrQzQBc6bKEN
baGKE/Z6JW8tUjH1K8NSdQe9V89RN9NUst6DAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU3qHrIgUPZdYbH4HK3TvXaqM4DO0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni8zcUhySWdVUFpkWWJINEhL
M1R2WGFxTTRETzAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACU9f/M6rNypQQcXWpttZZNdv+QPTrWkzAeK
0OIvXjm3SwhEh8+lJulJo6jD3BbjJB1ky1elvEzxTfxy11rWjkG24UDxW2Fp0xzR
htkdNd9Ec8P7ncozi8jKjND9GYCB2CY4PYlG9nbIbYCgj/zneho2Qtzi58Spewog
aRbfyGnTuglKuNJ2a3JvvhHXo3yC8VnTLtxV0dSYvB23EnaKyUy4MHx8j5SzlWJc
Id9tfc8Iy/UkFHYr6ivDZSZeodUiE15XzFMC0ksOt9RKz04ItvbQ3UVM8aXKV6CX
D93aHhZv27uoXczddTSSq5i0jmxw0N7B/acVHz4KOOebZxqPii4=
-----END CERTIFICATE-----
Generated at Sun May 18 12:20:42 2025 by rpki-client