Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/F8Br5PfaErjgTnBssPpHWyvpam4.roa
File: F8Br5PfaErjgTnBssPpHWyvpam4.roa (raw, json)
Hash identifier: UXezTxq76/qsGNXswJe857V5CrW5Psw6XeKqeQ6mqrk=
Subject key identifier: 17:C0:6B:E4:F7:DA:12:B8:E0:4E:70:6C:B0:FA:47:5B:2B:E9:6A:6E
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0210
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/F8Br5PfaErjgTnBssPpHWyvpam4.roa
Signing time: Fri 09 May 2025 20:08:14 +0000
ROA not before: Fri 09 May 2025 20:08:14 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 528 (0x210)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 9 20:08:14 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=17C06BE4F7DA12B8E04E706CB0FA475B2BE96A6E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:99:6d:a4:0b:9c:28:8f:ac:9b:de:1f:77:d4:
8c:6d:12:5e:d7:c3:8a:f8:e9:dc:8a:a5:3f:74:f4:
15:46:2a:16:c6:a7:42:7b:c9:8b:81:48:0d:b3:5d:
ee:84:cb:fc:2d:5e:c3:0d:0e:0c:2b:61:a2:60:40:
5f:e2:23:b4:7b:60:ee:26:bf:71:21:2a:1a:92:f0:
18:43:04:e9:89:dd:6c:16:f2:29:57:92:9a:9f:19:
c0:11:5d:d1:d1:e8:3b:59:9c:bf:58:65:22:88:07:
9a:de:af:b6:20:2d:2a:50:ee:c7:58:8c:0c:72:4b:
a2:3a:54:2b:bd:a6:99:20:2c:ac:a4:11:e2:2b:31:
5d:36:07:f4:b9:d3:d2:79:67:7f:cd:d0:c1:05:7d:
1e:24:25:35:b2:a6:d8:65:a6:fc:d7:79:7d:bb:82:
39:a6:a2:43:97:4a:49:3b:cc:ca:be:2d:d9:b7:10:
eb:94:56:20:34:98:01:1b:90:98:44:26:30:82:d2:
71:e2:63:b7:dd:3a:0c:b6:f6:69:b8:33:87:ba:f7:
11:7e:ec:12:ba:e7:77:2a:ae:09:d6:16:fa:8e:bc:
47:7b:47:bd:a7:c4:1c:37:8f:37:f0:ce:b8:6b:c4:
c8:4f:c9:48:a1:5c:0c:50:44:8d:73:69:eb:6c:12:
95:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:C0:6B:E4:F7:DA:12:B8:E0:4E:70:6C:B0:FA:47:5B:2B:E9:6A:6E
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/F8Br5PfaErjgTnBssPpHWyvpam4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
0a:3f:ec:5a:17:0d:24:e5:d5:3d:e8:01:cc:9f:65:91:5d:b8:
b6:d6:41:81:41:31:41:e0:36:be:4d:70:92:f4:ad:d3:df:22:
66:8b:3a:64:c0:ca:0f:29:4f:1e:98:32:90:bc:a6:cb:a5:b5:
4e:15:00:b1:27:01:38:5f:b0:16:16:39:e7:46:7e:f8:1c:d4:
9a:2a:5b:e9:b3:a8:cb:ce:3b:29:bb:fe:99:81:dc:65:87:d0:
b4:ad:bc:66:c5:c7:70:1d:df:2b:5c:ae:2f:d0:63:94:da:3e:
3f:0b:63:63:ae:6d:3f:4c:09:d7:2f:b6:98:eb:18:2e:5e:67:
0f:0c:2d:85:61:51:f9:26:8a:b7:1e:4e:c1:ea:c3:82:5e:f8:
6a:40:0a:85:ae:a6:81:5e:26:b2:56:58:31:f1:6c:1b:a4:ee:
2a:ef:66:11:a3:31:0f:a6:37:df:e0:86:10:1d:73:db:41:63:
83:64:24:22:06:1b:54:1e:77:89:47:d0:38:e5:60:4d:6f:dc:
b2:c4:1d:37:44:12:22:ee:81:ff:78:95:10:82:3a:68:22:4c:
05:de:05:42:19:df:29:a5:e4:bc:89:fa:d7:65:27:cd:9a:59:
a7:53:cc:10:bb:7a:25:bd:d9:1c:1f:b2:1b:4d:3b:5c:88:1d:
75:ee:92:08
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAhAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MDky
MDA4MTRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDE3QzA2QkU0RjdEQTEy
QjhFMDRFNzA2Q0IwRkE0NzVCMkJFOTZBNkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7mW2kC5woj6yb3h931IxtEl7Xw4r46dyKpT909BVGKhbGp0J7
yYuBSA2zXe6Ey/wtXsMNDgwrYaJgQF/iI7R7YO4mv3EhKhqS8BhDBOmJ3WwW8ilX
kpqfGcARXdHR6DtZnL9YZSKIB5rer7YgLSpQ7sdYjAxyS6I6VCu9ppkgLKykEeIr
MV02B/S509J5Z3/N0MEFfR4kJTWypthlpvzXeX27gjmmokOXSkk7zMq+Ldm3EOuU
ViA0mAEbkJhEJjCC0nHiY7fdOgy29mm4M4e69xF+7BK653cqrgnWFvqOvEd7R72n
xBw3jzfwzrhrxMhPyUihXAxQRI1zaetsEpXNAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUF8Br5PfaErjgTnBssPpHWyvpam4wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9GOEJyNVBmYUVyamdUbkJz
c1BwSFd5dnBhbTQucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAAo/7FoXDSTl1T3oAcyfZZFduLbWQYFBMUHg
Nr5NcJL0rdPfImaLOmTAyg8pTx6YMpC8psultU4VALEnAThfsBYWOedGfvgc1Joq
W+mzqMvOOym7/pmB3GWH0LStvGbFx3Ad3ytcri/QY5TaPj8LY2OubT9MCdcvtpjr
GC5eZw8MLYVhUfkmirceTsHqw4Je+GpACoWupoFeJrJWWDHxbBuk7irvZhGjMQ+m
N9/ghhAdc9tBY4NkJCIGG1Qed4lH0DjlYE1v3LLEHTdEEiLugf94lRCCOmgiTAXe
BUIZ3yml5LyJ+tdlJ82aWadTzBC7eiW92RwfshtNO1yIHXXukgg=
-----END CERTIFICATE-----
Generated at Sat May 17 22:37:12 2025 by rpki-client