Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/Ef9M5KqrQSsWuQQAB4TM5Z2cYME.roa
File: Ef9M5KqrQSsWuQQAB4TM5Z2cYME.roa (raw, json)
Hash identifier: lrvkX5I+eNi+ZOso8PqIErNPVGuwElfShp5W8T+KzL4=
Subject key identifier: 11:FF:4C:E4:AA:AB:41:2B:16:B9:04:00:07:84:CC:E5:9D:9C:60:C1
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0438
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Ef9M5KqrQSsWuQQAB4TM5Z2cYME.roa
Signing time: Mon 12 May 2025 17:07:57 +0000
ROA not before: Mon 12 May 2025 17:07:57 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1080 (0x438)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 12 17:07:57 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=11FF4CE4AAAB412B16B904000784CCE59D9C60C1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:e8:b7:ac:20:75:b3:6f:5d:26:55:fd:e3:05:
3f:f3:c2:f9:9b:2b:88:23:7f:1c:57:cd:7b:b0:4b:
cf:e7:8b:dc:3b:61:1b:a7:7f:5e:32:3d:7b:fa:14:
28:af:c5:c4:48:f9:9f:de:3e:5e:98:91:85:9a:ac:
51:3c:20:6b:77:d7:5a:b1:bf:73:7f:14:2e:0d:c7:
d7:61:2b:75:87:84:7a:c2:6a:b5:f2:d0:21:e1:ec:
f6:69:f3:2d:13:4a:ee:ea:e1:ab:bc:39:d7:85:15:
f8:7f:29:e2:10:f1:f2:78:af:21:59:c4:f7:fd:3c:
23:b7:d9:b8:8e:16:6a:d1:b8:31:fd:ea:1b:11:b1:
be:96:6f:1b:72:c7:9d:84:59:9d:05:4b:98:2d:1c:
3b:3d:27:96:35:69:db:90:28:39:13:9e:50:60:76:
f0:b6:ec:9a:d9:e6:23:98:c1:17:9b:48:62:aa:b4:
c9:b7:b5:e8:03:36:4a:56:ad:47:95:9b:95:38:03:
94:a9:3f:d7:7b:ce:0f:7a:d3:3c:06:95:23:ca:ed:
2f:8f:1a:d5:84:2f:3a:9e:9f:2b:2e:dd:15:6e:94:
aa:a7:aa:71:42:39:4f:dc:7c:e3:3e:d9:71:25:25:
cc:34:b4:35:f2:bb:1d:f0:e0:64:16:f0:46:88:ae:
60:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:FF:4C:E4:AA:AB:41:2B:16:B9:04:00:07:84:CC:E5:9D:9C:60:C1
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Ef9M5KqrQSsWuQQAB4TM5Z2cYME.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7f:f8:0a:18:5a:c0:95:e2:cf:bb:70:d1:2b:49:8c:84:ac:2e:
b5:1b:c4:7f:1e:50:2a:cd:31:2f:cc:3d:f7:e6:81:ac:08:7c:
79:39:b4:45:96:95:68:ec:39:84:5b:2e:8b:c3:bf:63:65:2f:
7e:24:33:55:ee:65:c8:3d:fb:f8:4e:21:1b:8e:d4:76:c8:56:
ef:e1:bc:0e:a0:98:51:58:df:42:57:d3:8a:43:17:12:cf:28:
51:07:c1:32:8b:2a:86:48:34:28:91:a6:2a:a0:25:a7:58:e3:
3f:1f:60:bd:4f:98:0d:2c:91:f9:12:82:dd:92:4a:01:14:b9:
b9:4d:be:52:a3:85:b0:c1:68:58:19:f7:cd:85:3a:fb:93:35:
80:73:6f:a1:5c:5c:94:45:db:83:95:22:0c:a0:83:93:19:9a:
c9:5d:d3:8f:42:32:27:33:e0:4e:25:4b:a6:a6:8f:83:41:dd:
af:74:26:aa:30:60:be:38:27:47:2d:71:62:62:31:5d:fa:5b:
bf:c3:62:b4:23:05:41:fb:47:45:65:18:ce:64:6d:46:1b:b8:
50:3e:16:99:a6:d3:b8:8b:55:a1:8d:c5:93:c1:b8:fa:b4:94:
61:54:1c:dc:e7:1f:bb:ba:79:af:6f:13:7d:67:19:61:40:42:
bc:b9:97:eb
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBDgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTIx
NzA3NTdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDExRkY0Q0U0QUFBQjQx
MkIxNkI5MDQwMDA3ODRDQ0U1OUQ5QzYwQzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCk6LesIHWzb10mVf3jBT/zwvmbK4gjfxxXzXuwS8/ni9w7YRun
f14yPXv6FCivxcRI+Z/ePl6YkYWarFE8IGt311qxv3N/FC4Nx9dhK3WHhHrCarXy
0CHh7PZp8y0TSu7q4au8OdeFFfh/KeIQ8fJ4ryFZxPf9PCO32biOFmrRuDH96hsR
sb6Wbxtyx52EWZ0FS5gtHDs9J5Y1aduQKDkTnlBgdvC27JrZ5iOYwRebSGKqtMm3
tegDNkpWrUeVm5U4A5SpP9d7zg960zwGlSPK7S+PGtWELzqenysu3RVulKqnqnFC
OU/cfOM+2XElJcw0tDXyux3w4GQW8EaIrmD1AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUEf9M5KqrQSsWuQQAB4TM5Z2cYMEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9FZjlNNUtxclFTc1d1UVFB
QjRUTTVaMmNZTUUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAH/4ChhawJXiz7tw0StJjISsLrUbxH8eUCrN
MS/MPffmgawIfHk5tEWWlWjsOYRbLovDv2NlL34kM1XuZcg9+/hOIRuO1HbIVu/h
vA6gmFFY30JX04pDFxLPKFEHwTKLKoZINCiRpiqgJadY4z8fYL1PmA0skfkSgt2S
SgEUublNvlKjhbDBaFgZ982FOvuTNYBzb6FcXJRF24OVIgygg5MZmsld049CMicz
4E4lS6amj4NB3a90JqowYL44J0ctcWJiMV36W7/DYrQjBUH7R0VlGM5kbUYbuFA+
Fpmm07iLVaGNxZPBuPq0lGFUHNznH7u6ea9vE31nGWFAQry5l+s=
-----END CERTIFICATE-----
Generated at Sat May 17 19:40:08 2025 by rpki-client