Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/KiVARrm3ifGFGZGMG9koGr83uyk.roa
File: KiVARrm3ifGFGZGMG9koGr83uyk.roa (raw, json)
Hash identifier: BBozotpeMKCFt9E1/RsfQceD597PLMlZuuyNWe3+Okw=
Subject key identifier: 2A:25:40:46:B9:B7:89:F1:85:19:91:8C:1B:D9:28:1A:BF:37:BB:29
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0738
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KiVARrm3ifGFGZGMG9koGr83uyk.roa
Signing time: Fri 16 May 2025 17:08:46 +0000
ROA not before: Fri 16 May 2025 17:08:46 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1848 (0x738)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 16 17:08:46 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=2A254046B9B789F18519918C1BD9281ABF37BB29
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:45:43:65:3f:bc:f0:29:15:6d:d4:05:53:68:
33:a0:b4:8f:6b:a8:65:1d:96:59:33:4c:4b:d9:7d:
84:34:5c:1d:7e:dc:b1:5a:0d:65:1a:c4:15:69:88:
fd:12:fa:37:c5:2f:60:a9:d4:f2:7d:5b:4d:2f:19:
c2:c0:14:45:5a:f1:a6:dc:03:74:32:19:c4:0d:db:
83:34:68:4b:4e:eb:27:0e:70:9e:06:34:56:19:c7:
4a:78:de:f1:ee:58:e3:47:59:4a:1f:94:37:8e:00:
9e:15:ce:4c:35:b7:8a:16:4e:70:e2:3b:fb:5c:2c:
7f:21:ce:7e:7b:2a:8c:9d:c7:8c:49:eb:28:8f:ca:
62:9b:ef:53:02:8e:dd:ca:63:69:92:34:a8:e8:6f:
2e:ee:db:7b:a6:a4:5b:a9:f6:3e:fd:19:51:12:d5:
40:e6:ad:1e:dc:91:b3:9d:26:5d:69:dd:15:6b:99:
59:68:5d:77:0f:42:3d:e7:f2:65:d7:13:49:31:00:
f4:f8:8b:67:4d:44:f4:f7:90:df:a4:6d:71:11:82:
1e:bf:e3:7d:89:37:77:c6:94:25:68:9e:96:b5:67:
90:3c:08:80:85:ba:4e:fc:0e:cb:1f:d7:62:e2:48:
87:d5:1f:ab:04:d5:f8:90:bf:eb:12:7f:ca:72:3c:
89:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:25:40:46:B9:B7:89:F1:85:19:91:8C:1B:D9:28:1A:BF:37:BB:29
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KiVARrm3ifGFGZGMG9koGr83uyk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
09:17:34:2e:3a:5f:6a:64:ff:f2:3d:42:fe:7d:bf:e1:f3:9a:
20:1e:ce:77:6b:0f:38:30:c9:56:9f:a3:5b:29:a6:88:13:10:
bd:e1:c8:f1:53:a5:b3:ff:f3:96:13:83:fd:ad:08:b5:9f:8a:
10:1a:16:0e:e4:2d:3c:cd:f2:aa:15:55:05:cb:80:33:b3:08:
20:9b:e5:e0:94:4a:60:45:93:c9:80:24:62:3d:95:14:d0:8e:
5d:fe:b0:5d:c5:42:54:a9:70:af:f7:24:f8:32:cd:06:04:86:
62:a3:3f:c3:4e:70:ce:45:80:b3:b9:c1:fe:c5:75:fc:ba:05:
57:fc:d2:c7:5f:c8:ed:af:fe:b7:72:8b:41:42:a2:08:ed:39:
d1:77:d5:ef:78:ca:3f:89:87:0c:78:5c:ab:d9:75:d0:e6:5f:
f1:6b:25:5d:c9:98:1d:41:2a:7f:d9:c4:2b:94:85:00:2a:75:
98:e2:1a:97:b1:00:a9:4e:f9:df:98:a8:76:df:0e:5d:3c:aa:
94:0d:9c:3e:0d:b7:61:97:02:1b:74:c0:58:99:80:61:79:88:
c2:55:f4:0b:89:0a:8f:57:b7:12:19:32:1e:dd:43:a3:bd:18:
69:97:01:c6:50:f7:08:9c:85:15:4b:5f:e9:dc:32:de:36:c1:
1e:71:c9:00
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBzgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTYx
NzA4NDZaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDJBMjU0MDQ2QjlCNzg5
RjE4NTE5OTE4QzFCRDkyODFBQkYzN0JCMjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDRUNlP7zwKRVt1AVTaDOgtI9rqGUdllkzTEvZfYQ0XB1+3LFa
DWUaxBVpiP0S+jfFL2Cp1PJ9W00vGcLAFEVa8abcA3QyGcQN24M0aEtO6ycOcJ4G
NFYZx0p43vHuWONHWUoflDeOAJ4Vzkw1t4oWTnDiO/tcLH8hzn57Koydx4xJ6yiP
ymKb71MCjt3KY2mSNKjoby7u23umpFup9j79GVES1UDmrR7ckbOdJl1p3RVrmVlo
XXcPQj3n8mXXE0kxAPT4i2dNRPT3kN+kbXERgh6/432JN3fGlCVonpa1Z5A8CICF
uk78Dssf12LiSIfVH6sE1fiQv+sSf8pyPIlzAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUKiVARrm3ifGFGZGMG9koGr83uykwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9LaVZBUnJtM2lmR0ZHWkdN
Rzlrb0dyODN1eWsucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAAkXNC46X2pk//I9Qv59v+HzmiAezndrDzgw
yVafo1sppogTEL3hyPFTpbP/85YTg/2tCLWfihAaFg7kLTzN8qoVVQXLgDOzCCCb
5eCUSmBFk8mAJGI9lRTQjl3+sF3FQlSpcK/3JPgyzQYEhmKjP8NOcM5FgLO5wf7F
dfy6BVf80sdfyO2v/rdyi0FCogjtOdF31e94yj+Jhwx4XKvZddDmX/FrJV3JmB1B
Kn/ZxCuUhQAqdZjiGpexAKlO+d+YqHbfDl08qpQNnD4Nt2GXAht0wFiZgGF5iMJV
9AuJCo9XtxIZMh7dQ6O9GGmXAcZQ9wichRVLX+ncMt42wR5xyQA=
-----END CERTIFICATE-----
Generated at Sun May 18 01:54:46 2025 by rpki-client