Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/7DfANIQ9NZGMDuS-3LMu03s3lB4.roa
File: 7DfANIQ9NZGMDuS-3LMu03s3lB4.roa (raw, json)
Hash identifier: cN/Xz+Y0qJcLtMvKJc/V41ZzNq47TEB9zMomvknYa2I=
Subject key identifier: EC:37:C0:34:84:3D:35:91:8C:0E:E4:BE:DC:B3:2E:D3:7B:37:94:1E
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0708
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/7DfANIQ9NZGMDuS-3LMu03s3lB4.roa
Signing time: Fri 16 May 2025 11:08:05 +0000
ROA not before: Fri 16 May 2025 11:08:05 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1800 (0x708)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 16 11:08:05 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=EC37C034843D35918C0EE4BEDCB32ED37B37941E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:39:67:11:8d:cc:98:e8:57:6d:a8:d0:59:14:
a2:48:52:41:bb:aa:25:4b:d5:d6:ff:f3:f0:94:54:
55:c8:12:3a:b1:6a:3e:c0:12:8f:e7:15:ba:da:2e:
86:ec:c1:cf:bb:e6:95:12:c9:4c:95:93:52:61:51:
6c:5c:bf:79:41:19:59:8b:7a:69:58:44:8c:92:67:
83:c8:05:fb:5a:2d:6d:db:e0:29:33:47:6e:f6:14:
e1:3a:e2:0f:35:a3:c1:93:da:23:08:cc:b5:93:05:
e7:8e:d0:cc:f8:ab:11:53:66:8e:3d:88:a3:a6:57:
e7:8d:ba:d8:61:e0:0b:af:27:51:64:cd:ff:3a:22:
96:e3:a6:e6:bc:41:df:b7:99:d4:3f:09:e9:fe:b0:
44:6d:18:b1:79:1c:0d:d8:d7:12:66:de:82:5b:70:
56:fe:8f:ec:43:c1:bc:bd:8b:96:70:7a:1c:12:db:
a5:23:d1:d1:ef:a8:a6:f7:8c:e4:35:44:a5:6d:8e:
c4:1a:cb:14:e3:a9:3a:37:d4:66:15:9e:c8:e6:45:
39:c1:cf:2f:9b:a7:93:81:83:81:02:a3:6b:f1:41:
b2:e3:f4:01:6c:c4:dc:bc:59:30:c0:57:a1:bf:58:
c9:7c:73:12:e7:38:c7:f2:6d:3c:15:6c:54:6e:b6:
93:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:37:C0:34:84:3D:35:91:8C:0E:E4:BE:DC:B3:2E:D3:7B:37:94:1E
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/7DfANIQ9NZGMDuS-3LMu03s3lB4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
46:76:b0:7b:90:bb:3b:84:1d:5a:03:62:a3:4c:ca:7a:33:2d:
1c:84:99:87:15:41:07:63:2e:e7:3f:66:2e:4a:c4:ca:10:5c:
5a:9a:27:ba:e0:92:7b:74:07:ae:7b:9e:4b:00:83:d1:ce:99:
d7:d6:b6:70:fe:07:d2:29:a5:7e:a9:96:0b:3a:57:94:61:4b:
06:18:34:5a:05:ca:15:54:c6:fc:16:5f:c8:1f:2f:0c:26:ad:
73:48:60:ec:1b:22:ae:1e:34:bd:3c:ba:7b:c4:73:75:ce:8a:
2b:47:4f:d0:69:ef:67:bd:46:4e:69:1d:02:b4:16:da:73:31:
42:bf:ec:23:e5:d3:bf:38:4c:78:e6:cc:d9:26:ee:11:92:00:
3f:ef:f5:8d:e3:24:ef:17:f2:36:26:2a:f6:99:35:d6:e2:77:
8d:6c:23:15:c2:0b:57:d5:9e:ac:fe:7d:ec:92:e0:9f:2c:ec:
01:9a:47:54:54:10:3e:5f:09:30:9e:88:42:55:d6:5d:fd:39:
9d:61:9c:b8:a0:9d:82:dc:1c:a6:48:ba:82:19:17:e5:c5:27:
5c:82:61:97:76:e2:25:b9:44:11:20:6b:46:b8:08:24:3d:79:
af:75:71:42:0c:71:e9:a6:37:e7:75:f7:23:6a:68:47:5b:dd:
12:9e:24:ca
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBwgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTYx
MTA4MDVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEVDMzdDMDM0ODQzRDM1
OTE4QzBFRTRCRURDQjMyRUQzN0IzNzk0MUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDgOWcRjcyY6FdtqNBZFKJIUkG7qiVL1db/8/CUVFXIEjqxaj7A
Eo/nFbraLobswc+75pUSyUyVk1JhUWxcv3lBGVmLemlYRIySZ4PIBftaLW3b4Ckz
R272FOE64g81o8GT2iMIzLWTBeeO0Mz4qxFTZo49iKOmV+eNuthh4AuvJ1Fkzf86
Ipbjpua8Qd+3mdQ/Cen+sERtGLF5HA3Y1xJm3oJbcFb+j+xDwby9i5ZwehwS26Uj
0dHvqKb3jOQ1RKVtjsQayxTjqTo31GYVnsjmRTnBzy+bp5OBg4ECo2vxQbLj9AFs
xNy8WTDAV6G/WMl8cxLnOMfybTwVbFRutpNrAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU7DfANIQ9NZGMDuS+3LMu03s3lB4wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni83RGZBTklROU5aR01EdVMt
M0xNdTAzczNsQjQucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAEZ2sHuQuzuEHVoDYqNMynozLRyEmYcVQQdj
Luc/Zi5KxMoQXFqaJ7rgknt0B657nksAg9HOmdfWtnD+B9IppX6plgs6V5RhSwYY
NFoFyhVUxvwWX8gfLwwmrXNIYOwbIq4eNL08unvEc3XOiitHT9Bp72e9Rk5pHQK0
FtpzMUK/7CPl0784THjmzNkm7hGSAD/v9Y3jJO8X8jYmKvaZNdbid41sIxXCC1fV
nqz+feyS4J8s7AGaR1RUED5fCTCeiEJV1l39OZ1hnLignYLcHKZIuoIZF+XFJ1yC
YZd24iW5RBEga0a4CCQ9ea91cUIMcemmN+d19yNqaEdb3RKeJMo=
-----END CERTIFICATE-----
Generated at Sun May 18 09:12:19 2025 by rpki-client