Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/AWBay2xDnCzwaX140plonk4kNLw.roa
File: AWBay2xDnCzwaX140plonk4kNLw.roa (raw, json)
Hash identifier: FjVPYE9lBmkJ1aSCeNByO7SZ8lbac51tvzkH1m1pzrQ=
Subject key identifier: 01:60:5A:CB:6C:43:9C:2C:F0:69:7D:78:D2:99:68:9E:4E:24:34:BC
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0570
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/AWBay2xDnCzwaX140plonk4kNLw.roa
Signing time: Wed 14 May 2025 08:08:01 +0000
ROA not before: Wed 14 May 2025 08:08:01 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1392 (0x570)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 14 08:08:01 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=01605ACB6C439C2CF0697D78D299689E4E2434BC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:3a:70:ab:b8:6e:7e:d2:a3:f8:4c:44:7b:d4:
af:9b:0c:dc:43:8d:81:d6:7d:1e:33:ec:c0:5a:f1:
dc:fd:2b:01:b2:c0:c1:f8:a9:e2:21:47:5e:fa:56:
17:29:b4:07:91:a9:a2:28:bc:26:8e:7b:5e:48:2d:
47:05:e7:44:f0:ee:02:f8:f7:a2:62:e2:ec:60:28:
65:74:9f:33:3f:dc:87:c9:6b:dc:62:fa:3a:fd:80:
2e:34:a9:3a:9c:e6:3c:65:49:6f:82:bc:a8:71:dd:
7e:07:c6:69:28:a6:2a:14:2f:5c:a3:66:15:47:44:
87:13:e4:d8:13:66:57:a4:4f:a7:38:df:d9:2b:14:
b8:dd:87:10:d7:9a:86:63:0e:73:40:ce:e9:56:3a:
ef:8c:86:e4:cf:97:66:d5:24:3b:34:86:57:e1:93:
6b:30:ab:01:ca:d4:f5:7f:aa:2d:b3:53:bc:e8:00:
5b:d4:3e:e4:70:09:17:88:1e:15:5b:71:2a:a1:27:
95:02:dc:b7:f0:4c:03:14:a4:91:e0:b5:98:12:0c:
b5:bd:33:3d:36:5f:5c:04:ad:d6:35:8c:f6:5f:54:
e4:6a:f7:81:6c:48:4a:a0:43:90:16:62:a3:53:9c:
9b:b9:1f:80:f6:a5:db:71:c9:dd:5c:5c:d8:94:a6:
1d:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:60:5A:CB:6C:43:9C:2C:F0:69:7D:78:D2:99:68:9E:4E:24:34:BC
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/AWBay2xDnCzwaX140plonk4kNLw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3f:a8:72:1e:ed:2d:7f:73:b7:dc:5d:19:4d:1c:ae:10:a1:e3:
4d:0d:ce:d2:40:08:c4:e5:e3:f7:bd:19:01:b4:8c:88:94:56:
e3:2d:39:a4:df:d2:7a:d1:76:6b:bf:77:0f:46:81:3b:e3:7c:
74:f0:fb:6c:b6:13:38:e6:37:1c:e3:01:bc:fe:78:07:6e:31:
6e:80:5a:f0:2d:f5:21:f2:1f:3c:f5:0c:78:d6:b6:67:5e:31:
ed:d5:7b:a8:bd:23:04:71:a1:60:15:2a:fc:0a:2a:a5:3e:fe:
7c:6f:0e:a5:1d:63:dd:b1:68:06:9a:f2:fc:51:6b:cc:e8:97:
85:1b:57:8b:83:da:68:eb:e4:e6:b2:b9:25:a8:c2:da:a4:8c:
e6:05:b8:74:ea:46:9d:9c:c5:05:45:f7:6b:71:20:64:1e:f5:
6a:de:16:4a:6c:9c:03:11:70:12:63:a1:59:0c:6e:dd:cf:6f:
86:54:dd:ff:37:09:5c:1b:87:c6:17:12:41:b6:67:b7:7c:6b:
54:e1:37:d2:43:1a:6b:7a:7d:d6:11:9c:1e:43:75:b5:84:8f:
e8:68:d8:3a:0b:06:64:f5:78:d0:65:9d:ca:97:f1:be:94:d2:
f6:23:e4:6f:d4:c8:36:42:24:5f:e2:3c:45:f6:cc:d1:7a:8b:
c2:48:40:01
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBXAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTQw
ODA4MDFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDAxNjA1QUNCNkM0MzlD
MkNGMDY5N0Q3OEQyOTk2ODlFNEUyNDM0QkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCnOnCruG5+0qP4TER71K+bDNxDjYHWfR4z7MBa8dz9KwGywMH4
qeIhR176VhcptAeRqaIovCaOe15ILUcF50Tw7gL496Ji4uxgKGV0nzM/3IfJa9xi
+jr9gC40qTqc5jxlSW+CvKhx3X4HxmkopioUL1yjZhVHRIcT5NgTZlekT6c439kr
FLjdhxDXmoZjDnNAzulWOu+MhuTPl2bVJDs0hlfhk2swqwHK1PV/qi2zU7zoAFvU
PuRwCReIHhVbcSqhJ5UC3LfwTAMUpJHgtZgSDLW9Mz02X1wErdY1jPZfVORq94Fs
SEqgQ5AWYqNTnJu5H4D2pdtxyd1cXNiUph2hAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUAWBay2xDnCzwaX140plonk4kNLwwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9BV0JheTJ4RG5DendhWDE0
MHBsb25rNGtOTHcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAD+och7tLX9zt9xdGU0crhCh400NztJACMTl
4/e9GQG0jIiUVuMtOaTf0nrRdmu/dw9GgTvjfHTw+2y2EzjmNxzjAbz+eAduMW6A
WvAt9SHyHzz1DHjWtmdeMe3Ve6i9IwRxoWAVKvwKKqU+/nxvDqUdY92xaAaa8vxR
a8zol4UbV4uD2mjr5OayuSWowtqkjOYFuHTqRp2cxQVF92txIGQe9WreFkpsnAMR
cBJjoVkMbt3Pb4ZU3f83CVwbh8YXEkG2Z7d8a1ThN9JDGmt6fdYRnB5DdbWEj+ho
2DoLBmT1eNBlncqX8b6U0vYj5G/UyDZCJF/iPEX2zNF6i8JIQAE=
-----END CERTIFICATE-----
Generated at Sun May 18 04:04:15 2025 by rpki-client