Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/Kj4UkDHzSQK0dZzmiKRL7_ONj-o.roa
File: Kj4UkDHzSQK0dZzmiKRL7_ONj-o.roa (raw, json)
Hash identifier: Z5iwj0JvJciT7f3xLMJDyh11YGw60GPvY6G3Xdb6zMo=
Subject key identifier: 2A:3E:14:90:31:F3:49:02:B4:75:9C:E6:88:A4:4B:EF:F3:8D:8F:EA
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0460
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Kj4UkDHzSQK0dZzmiKRL7_ONj-o.roa
Signing time: Mon 12 May 2025 22:07:58 +0000
ROA not before: Mon 12 May 2025 22:07:58 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1120 (0x460)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 12 22:07:58 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=2A3E149031F34902B4759CE688A44BEFF38D8FEA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:52:47:15:5c:39:44:14:27:2d:b1:fa:35:1a:
60:5f:70:96:51:14:78:f6:03:32:f9:e1:d4:cb:5a:
e3:52:19:02:4d:30:34:44:07:5a:93:bf:a9:97:2c:
11:70:e9:e9:7b:a4:4d:4a:66:24:dd:b5:4c:07:16:
98:c0:22:d9:76:7b:7b:6a:f0:3b:fd:91:7c:6d:72:
b7:ba:0c:d4:06:c3:22:d7:77:0c:36:35:9e:90:64:
a0:99:0d:46:65:0e:c1:d0:47:bf:26:fd:37:e0:40:
10:e4:91:9d:93:be:c8:b4:d9:42:18:61:b9:34:23:
17:68:dd:02:3c:a2:64:e1:c3:df:88:6a:8a:bb:bb:
01:ae:01:62:66:aa:8f:5d:ad:d0:16:1c:9e:5b:22:
c7:5b:45:82:f4:1c:53:f2:9f:af:80:cb:09:3c:77:
93:23:26:55:b7:c4:d9:50:7d:5a:77:25:87:8e:e3:
5f:e2:22:f9:5f:c8:57:f7:47:7d:1a:cb:a9:dc:b2:
c7:19:ea:8b:86:a0:43:83:6d:ca:e3:94:a4:5b:b2:
f6:b1:65:81:99:38:1a:58:19:3b:90:b6:ef:38:e0:
88:2d:f9:85:ec:62:5d:3f:d9:c4:87:8b:b0:47:df:
44:28:38:62:ec:5d:d9:56:19:ab:f5:4a:07:25:04:
05:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:3E:14:90:31:F3:49:02:B4:75:9C:E6:88:A4:4B:EF:F3:8D:8F:EA
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Kj4UkDHzSQK0dZzmiKRL7_ONj-o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
21:2f:68:76:96:89:07:70:6b:c2:89:6c:de:e7:c0:da:0c:2f:
72:90:39:e7:e5:0a:e2:94:57:8f:24:33:46:30:ab:b8:a8:4a:
c2:47:60:94:ab:b4:f3:c6:3a:96:d5:82:e3:69:a2:43:7b:4e:
d0:30:48:2d:81:af:b6:03:a3:1c:22:31:81:9a:bc:21:b6:03:
86:d9:0f:57:da:98:a4:e9:e3:8d:d6:d2:77:5a:6c:c2:98:2f:
54:8c:02:68:7c:81:7e:03:65:62:5f:5f:32:ca:bc:a6:f5:4b:
6e:77:82:ac:71:5e:c4:d5:60:bf:ca:c0:18:0e:f4:2c:ff:f7:
de:dc:3c:8c:a2:f3:1c:e0:d1:28:e1:b6:9c:45:a6:d0:07:8f:
45:ab:4c:96:be:13:e5:1f:5c:27:93:f5:8b:c5:bb:7c:09:a8:
8b:bf:60:2a:af:33:2b:08:bd:b8:89:a5:82:e4:fc:f7:1e:c6:
8e:a0:29:c5:0b:b5:69:28:2c:e8:5c:a7:24:85:3e:86:e2:58:
7c:80:b6:43:82:13:9a:0a:9b:d6:a6:d7:3b:2f:fe:c9:26:21:
70:2c:5b:ec:34:33:be:48:bb:4f:67:7d:95:91:01:64:e9:f5:
05:f6:3f:db:3c:a8:2e:41:06:18:04:14:cf:aa:6d:37:bc:f1:
c0:16:ee:38
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBGAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTIy
MjA3NThaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDJBM0UxNDkwMzFGMzQ5
MDJCNDc1OUNFNjg4QTQ0QkVGRjM4RDhGRUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEUkcVXDlEFCctsfo1GmBfcJZRFHj2AzL54dTLWuNSGQJNMDRE
B1qTv6mXLBFw6el7pE1KZiTdtUwHFpjAItl2e3tq8Dv9kXxtcre6DNQGwyLXdww2
NZ6QZKCZDUZlDsHQR78m/TfgQBDkkZ2Tvsi02UIYYbk0Ixdo3QI8omThw9+Iaoq7
uwGuAWJmqo9drdAWHJ5bIsdbRYL0HFPyn6+Aywk8d5MjJlW3xNlQfVp3JYeO41/i
IvlfyFf3R30ay6ncsscZ6ouGoEODbcrjlKRbsvaxZYGZOBpYGTuQtu844Igt+YXs
Yl0/2cSHi7BH30QoOGLsXdlWGav1SgclBAUlAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUKj4UkDHzSQK0dZzmiKRL7/ONj+owHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9LajRVa0RIelNRSzBkWnpt
aUtSTDdfT05qLW8ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACEvaHaWiQdwa8KJbN7nwNoML3KQOeflCuKU
V48kM0Ywq7ioSsJHYJSrtPPGOpbVguNpokN7TtAwSC2Br7YDoxwiMYGavCG2A4bZ
D1famKTp443W0ndabMKYL1SMAmh8gX4DZWJfXzLKvKb1S253gqxxXsTVYL/KwBgO
9Cz/997cPIyi8xzg0SjhtpxFptAHj0WrTJa+E+UfXCeT9YvFu3wJqIu/YCqvMysI
vbiJpYLk/Pcexo6gKcULtWkoLOhcpySFPobiWHyAtkOCE5oKm9am1zsv/skmIXAs
W+w0M75Iu09nfZWRAWTp9QX2P9s8qC5BBhgEFM+qbTe88cAW7jg=
-----END CERTIFICATE-----
Generated at Sun May 18 04:50:55 2025 by rpki-client