Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/NOZvL28wqaOaWns1tj1fPENejyQ.roa
File: NOZvL28wqaOaWns1tj1fPENejyQ.roa (raw, json)
Hash identifier: UpEpVBaOLOXH0HO+7DRLxDmpWdW3mOqF4XP2Om9hu8A=
Subject key identifier: 34:E6:6F:2F:6F:30:A9:A3:9A:5A:7B:35:B6:3D:5F:3C:43:5E:8F:24
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 06B0
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/NOZvL28wqaOaWns1tj1fPENejyQ.roa
Signing time: Fri 16 May 2025 00:08:03 +0000
ROA not before: Fri 16 May 2025 00:08:03 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1712 (0x6b0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 16 00:08:03 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=34E66F2F6F30A9A39A5A7B35B63D5F3C435E8F24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:bc:b5:00:8c:72:9e:54:3d:fa:23:13:93:c3:
7a:99:ba:52:4d:9c:be:9e:d4:f7:fe:79:98:7c:b6:
f1:ff:ca:70:e3:3e:48:18:ad:73:96:42:ef:1e:36:
59:e7:66:80:e6:6b:a7:3c:c3:13:76:fd:ec:f3:16:
11:57:15:4f:47:59:b7:57:70:67:81:60:c2:67:0c:
b6:f5:ef:12:d8:06:93:fd:87:87:5e:21:43:35:e9:
30:47:3b:76:69:3b:a8:a3:42:fd:ec:aa:47:4f:5e:
c1:cd:41:bf:9f:67:2b:27:28:17:18:17:7f:52:40:
11:82:8c:61:44:5d:26:52:85:ea:ae:85:1a:68:6f:
52:81:2a:9a:36:f0:af:70:d7:1c:6d:d0:69:44:c7:
9b:03:1b:2d:40:39:d7:1a:9f:37:7b:6b:15:3a:96:
7a:ac:4e:3f:cc:c7:bc:a2:4a:20:0a:18:41:9d:b8:
8d:e0:00:dc:e5:ad:11:0e:0c:e5:00:0b:c7:a1:15:
d3:a9:7f:d8:46:d5:cc:17:63:94:e3:5e:fb:13:9f:
8e:81:a4:e7:3b:6f:3b:43:66:d2:66:f2:50:d1:24:
23:56:21:2b:ef:32:1b:8a:e6:65:54:00:b9:32:f4:
c1:98:be:19:94:61:2b:a8:6c:83:8d:6a:3b:06:1e:
5f:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:E6:6F:2F:6F:30:A9:A3:9A:5A:7B:35:B6:3D:5F:3C:43:5E:8F:24
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/NOZvL28wqaOaWns1tj1fPENejyQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a2:95:03:a4:d7:61:11:b7:12:f2:1e:0f:51:ba:82:02:14:ae:
75:fa:0d:40:ab:c6:9b:99:86:c3:52:e0:66:d7:68:ad:ed:9a:
15:03:10:a3:cb:d0:23:5d:c3:ee:c0:1a:70:a1:aa:94:98:5f:
24:9b:ab:1f:3d:60:1e:ef:ec:12:6a:aa:4c:e6:33:a5:7f:e1:
bd:cd:19:0a:9f:e5:70:3d:a1:02:fe:83:d1:14:f4:d2:db:7b:
f4:a7:e6:60:45:4f:e5:7f:e1:13:25:aa:2b:89:c0:f0:75:ac:
b2:07:80:15:92:9e:75:76:d7:62:e5:5d:65:d1:76:82:75:4b:
7a:9d:5f:80:fc:cb:36:c9:32:0d:25:f2:ab:7c:db:10:28:e5:
71:83:c7:7d:10:73:35:42:d6:1e:1b:cf:1e:28:59:7c:05:e1:
3b:47:c8:6e:f4:e9:0e:81:e6:97:65:1a:ff:58:ab:ef:c5:4b:
14:aa:a7:4c:1e:91:46:ee:21:8d:af:19:7b:6d:51:a2:d4:3e:
64:9d:ae:b3:d6:90:01:31:b8:ed:67:2c:5a:f4:f0:2d:be:68:
2c:26:81:7b:4a:65:9c:ca:43:b5:05:79:4f:45:fc:7e:c1:0b:
fa:68:8e:27:90:a3:1b:22:75:99:be:3c:99:5a:d3:9d:fd:b4:
8b:0f:72:e8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBrAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTYw
MDA4MDNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDM0RTY2RjJGNkYzMEE5
QTM5QTVBN0IzNUI2M0Q1RjNDNDM1RThGMjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDmvLUAjHKeVD36IxOTw3qZulJNnL6e1Pf+eZh8tvH/ynDjPkgY
rXOWQu8eNlnnZoDma6c8wxN2/ezzFhFXFU9HWbdXcGeBYMJnDLb17xLYBpP9h4de
IUM16TBHO3ZpO6ijQv3sqkdPXsHNQb+fZysnKBcYF39SQBGCjGFEXSZShequhRpo
b1KBKpo28K9w1xxt0GlEx5sDGy1AOdcanzd7axU6lnqsTj/Mx7yiSiAKGEGduI3g
ANzlrREODOUAC8ehFdOpf9hG1cwXY5TjXvsTn46BpOc7bztDZtJm8lDRJCNWISvv
MhuK5mVUALky9MGYvhmUYSuobIONajsGHl8zAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUNOZvL28wqaOaWns1tj1fPENejyQwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9OT1p2TDI4d3FhT2FXbnMx
dGoxZlBFTmVqeVEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAKKVA6TXYRG3EvIeD1G6ggIUrnX6DUCrxpuZ
hsNS4GbXaK3tmhUDEKPL0CNdw+7AGnChqpSYXySbqx89YB7v7BJqqkzmM6V/4b3N
GQqf5XA9oQL+g9EU9NLbe/Sn5mBFT+V/4RMlqiuJwPB1rLIHgBWSnnV212LlXWXR
doJ1S3qdX4D8yzbJMg0l8qt82xAo5XGDx30QczVC1h4bzx4oWXwF4TtHyG706Q6B
5pdlGv9Yq+/FSxSqp0wekUbuIY2vGXttUaLUPmSdrrPWkAExuO1nLFr08C2+aCwm
gXtKZZzKQ7UFeU9F/H7BC/pojieQoxsidZm+PJla0539tIsPcug=
-----END CERTIFICATE-----
Generated at Sun May 18 12:22:34 2025 by rpki-client