Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/DOXQLza0M0doPgEKwN69IImQnKo.roa
File: DOXQLza0M0doPgEKwN69IImQnKo.roa (raw, json)
Hash identifier: oNfcz0nC7qxB2Yua9nYrm3LUfoA3BHLsLY+H01AtbQA=
Subject key identifier: 0C:E5:D0:2F:36:B4:33:47:68:3E:01:0A:C0:DE:BD:20:89:90:9C:AA
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 057C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/DOXQLza0M0doPgEKwN69IImQnKo.roa
Signing time: Wed 14 May 2025 09:38:11 +0000
ROA not before: Wed 14 May 2025 09:38:11 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1404 (0x57c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 14 09:38:11 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=0CE5D02F36B43347683E010AC0DEBD2089909CAA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:db:06:bf:22:15:e9:25:09:c7:6a:07:98:37:
68:a9:cc:8d:ef:02:e4:a9:1e:45:73:6a:74:88:99:
d2:a2:cf:d6:5f:b7:61:b6:2e:70:05:cb:b8:61:47:
15:c9:73:93:33:16:23:8b:fe:7a:82:50:ac:34:be:
ea:21:c0:a1:e9:83:74:16:8d:8a:b8:73:90:ce:5c:
18:fc:dc:c1:87:00:bc:2c:cb:4f:19:b9:fa:2d:d6:
79:a3:ad:cc:19:1e:b1:6f:89:c2:08:6c:36:5a:9f:
bb:2c:c8:72:c0:7d:a0:44:6b:03:16:f3:4f:6d:be:
70:e5:85:b9:20:dd:d0:ff:93:71:c1:b5:e8:2b:93:
88:26:dc:df:e3:d5:d6:36:ec:c0:3a:74:0e:9c:9c:
a8:10:35:1e:d5:07:81:f7:5c:3b:ce:de:47:6c:74:
89:a6:8a:7c:28:50:df:bd:6a:5c:78:d2:22:ff:e5:
60:ab:c2:4d:7c:84:af:ab:44:ff:57:84:d3:21:8f:
53:0a:e2:45:14:7a:90:95:89:ff:d2:53:82:8e:18:
b0:0e:3c:51:77:3a:66:03:c7:0e:fe:57:ef:65:f3:
72:ab:03:0d:e3:6a:b2:a7:08:49:af:49:48:1c:d0:
36:1a:8e:fd:93:a9:3d:3e:3d:7f:5a:cb:0d:98:e8:
9a:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:E5:D0:2F:36:B4:33:47:68:3E:01:0A:C0:DE:BD:20:89:90:9C:AA
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/DOXQLza0M0doPgEKwN69IImQnKo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8b:67:b7:6a:3b:ca:6c:bc:48:45:6a:1e:f2:2b:c4:da:b4:db:
db:21:35:ae:1f:5d:b1:2d:ea:08:ad:14:40:c1:55:1d:ae:7d:
cc:af:e0:5a:bf:cd:67:0a:ef:24:5b:e8:10:d7:48:24:8a:be:
87:e8:95:63:11:c6:a6:7b:8b:55:86:e1:9f:59:40:e7:1f:c2:
48:61:51:cf:ff:d9:68:1f:77:93:3a:a8:55:48:55:ec:4e:a3:
97:7d:65:9a:b2:a1:72:6c:0b:c9:78:47:d1:37:3e:a2:b6:5a:
9e:ba:30:b8:04:50:16:df:93:2e:bd:b9:3e:ab:60:83:c8:70:
f8:e7:87:14:82:1a:ed:c1:48:70:b9:6b:c2:7f:42:2a:32:6b:
38:6c:f8:b6:9c:28:89:f0:80:2c:cf:b0:36:a9:62:27:cc:09:
25:3e:74:a7:d2:b0:8b:f2:f2:8f:fc:ac:dc:eb:9f:2f:30:21:
3d:51:57:be:4e:75:f0:a7:79:90:79:b7:68:db:9b:f6:2d:cc:
21:b4:d8:aa:2c:6f:28:a5:3e:cd:8b:d8:cc:98:9a:8d:b6:09:
3d:84:97:24:d3:50:1e:a4:17:5d:75:df:65:11:32:a4:97:bf:
88:0e:61:02:f4:da:38:d2:96:10:b3:74:20:27:9c:6e:ab:7e:
36:55:64:d9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBXwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTQw
OTM4MTFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDBDRTVEMDJGMzZCNDMz
NDc2ODNFMDEwQUMwREVCRDIwODk5MDlDQUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDR2wa/IhXpJQnHageYN2ipzI3vAuSpHkVzanSImdKiz9Zft2G2
LnAFy7hhRxXJc5MzFiOL/nqCUKw0vuohwKHpg3QWjYq4c5DOXBj83MGHALwsy08Z
ufot1nmjrcwZHrFvicIIbDZan7ssyHLAfaBEawMW809tvnDlhbkg3dD/k3HBtegr
k4gm3N/j1dY27MA6dA6cnKgQNR7VB4H3XDvO3kdsdImminwoUN+9alx40iL/5WCr
wk18hK+rRP9XhNMhj1MK4kUUepCVif/SU4KOGLAOPFF3OmYDxw7+V+9l83KrAw3j
arKnCEmvSUgc0DYajv2TqT0+PX9ayw2Y6JqBAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUDOXQLza0M0doPgEKwN69IImQnKowHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9ET1hRTHphME0wZG9QZ0VL
d042OUlJbVFuS28ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAItnt2o7ymy8SEVqHvIrxNq029shNa4fXbEt
6gitFEDBVR2ufcyv4Fq/zWcK7yRb6BDXSCSKvofolWMRxqZ7i1WG4Z9ZQOcfwkhh
Uc//2Wgfd5M6qFVIVexOo5d9ZZqyoXJsC8l4R9E3PqK2Wp66MLgEUBbfky69uT6r
YIPIcPjnhxSCGu3BSHC5a8J/Qioyazhs+LacKInwgCzPsDapYifMCSU+dKfSsIvy
8o/8rNzrny8wIT1RV75OdfCneZB5t2jbm/YtzCG02KosbyilPs2L2MyYmo22CT2E
lyTTUB6kF11132URMqSXv4gOYQL02jjSlhCzdCAnnG6rfjZVZNk=
-----END CERTIFICATE-----
Generated at Sat May 17 22:41:20 2025 by rpki-client