Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/O0g2-fpYG00WbECUbFb02igBvow.roa
File: O0g2-fpYG00WbECUbFb02igBvow.roa (raw, json)
Hash identifier: UEZ9W94y5TL3EGZiubN2U1F/nkcOJmGvishhoh4ZLys=
Subject key identifier: 3B:48:36:F9:FA:58:1B:4D:16:6C:40:94:6C:56:F4:DA:28:01:BE:8C
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0558
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/O0g2-fpYG00WbECUbFb02igBvow.roa
Signing time: Wed 14 May 2025 05:08:00 +0000
ROA not before: Wed 14 May 2025 05:08:00 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1368 (0x558)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 14 05:08:00 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=3B4836F9FA581B4D166C40946C56F4DA2801BE8C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:bb:7b:d9:08:0d:5f:76:6e:5e:2c:77:ed:14:
d2:fa:11:87:d9:3f:8a:34:6b:70:0e:99:7b:69:22:
72:5b:8f:df:06:c0:77:52:3a:85:87:73:bc:13:6b:
0b:97:56:08:17:be:16:8f:df:6f:e1:c9:67:e3:1e:
9e:3d:c8:12:1a:cf:87:f9:d5:53:6d:1f:fc:c7:3b:
8b:85:de:c2:8e:9f:22:1c:e6:25:9c:6a:da:3e:7f:
bb:61:3e:a5:0d:fe:19:0e:38:f2:cf:0e:4a:40:18:
db:81:3f:34:1e:65:a8:26:6e:60:0f:61:31:9e:2e:
e2:45:e8:75:6d:ae:ba:43:7a:53:9b:80:d7:d7:4a:
ad:df:e8:e7:28:37:cd:d8:d8:34:92:0f:ad:02:98:
9d:e6:7b:04:01:e8:e9:d5:bc:a4:02:c8:7e:0a:3b:
d8:f7:82:d9:aa:26:2f:41:1a:94:87:1f:dd:cc:3a:
11:2f:26:ca:c8:b1:70:e0:88:a6:96:2a:0e:71:51:
48:90:b6:cd:2a:42:ef:6c:9f:bf:c9:5b:ed:35:f0:
cd:8c:e0:e4:65:34:c1:e2:53:79:e3:c9:c6:ab:be:
fc:20:01:6c:18:90:18:00:db:c3:c7:58:a8:36:aa:
bf:90:b3:a3:76:d2:66:1a:05:61:b3:68:52:34:67:
10:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:48:36:F9:FA:58:1B:4D:16:6C:40:94:6C:56:F4:DA:28:01:BE:8C
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/O0g2-fpYG00WbECUbFb02igBvow.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6c:ad:f5:35:aa:17:96:2c:72:08:3c:4c:02:5d:ab:03:7e:ca:
90:0d:18:8e:8d:ae:1d:fb:a9:df:fe:78:35:04:81:3e:95:7f:
40:d8:0e:cb:41:a5:0d:d3:6e:3b:76:ae:14:83:bb:f5:d7:57:
45:eb:c2:23:5d:8f:c9:23:09:9c:51:be:70:9d:95:cc:7f:5c:
1a:0f:f9:96:71:80:d8:0b:41:d9:5c:49:09:36:c1:73:85:e3:
bf:8a:23:0d:51:a6:23:5c:01:7e:92:b1:23:4f:bb:fd:f5:3d:
aa:58:75:16:fd:65:a3:08:14:66:ad:af:b4:6f:95:2c:06:2b:
2b:ee:fe:0e:15:47:6d:28:ef:41:1f:96:0e:72:6a:fd:4b:28:
95:c7:51:6f:f1:e5:82:7a:50:6a:3a:fc:ea:d3:c1:9a:62:0b:
22:10:a3:92:33:bc:24:d9:79:79:23:a5:ac:26:56:8d:25:63:
b8:1f:46:b2:b3:71:55:8c:d0:1a:64:7a:3d:66:f9:49:d8:3d:
7f:64:55:08:77:52:25:30:4b:af:43:e4:27:cc:b6:6b:98:00:
03:b6:be:3c:37:57:be:85:89:0c:da:13:b0:0c:ac:56:35:f5:
a3:93:3d:d6:0f:09:08:f0:9e:d2:05:fb:b1:74:af:a5:d1:3e:
fc:87:d1:5f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBVgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTQw
NTA4MDBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDNCNDgzNkY5RkE1ODFC
NEQxNjZDNDA5NDZDNTZGNERBMjgwMUJFOEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDmu3vZCA1fdm5eLHftFNL6EYfZP4o0a3AOmXtpInJbj98GwHdS
OoWHc7wTawuXVggXvhaP32/hyWfjHp49yBIaz4f51VNtH/zHO4uF3sKOnyIc5iWc
ato+f7thPqUN/hkOOPLPDkpAGNuBPzQeZagmbmAPYTGeLuJF6HVtrrpDelObgNfX
Sq3f6OcoN83Y2DSSD60CmJ3mewQB6OnVvKQCyH4KO9j3gtmqJi9BGpSHH93MOhEv
JsrIsXDgiKaWKg5xUUiQts0qQu9sn7/JW+018M2M4ORlNMHiU3njycarvvwgAWwY
kBgA28PHWKg2qr+Qs6N20mYaBWGzaFI0ZxDNAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUO0g2+fpYG00WbECUbFb02igBvowwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9PMGcyLWZwWUcwMFdiRUNV
YkZiMDJpZ0J2b3cucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAGyt9TWqF5Yscgg8TAJdqwN+ypANGI6Nrh37
qd/+eDUEgT6Vf0DYDstBpQ3Tbjt2rhSDu/XXV0XrwiNdj8kjCZxRvnCdlcx/XBoP
+ZZxgNgLQdlcSQk2wXOF47+KIw1RpiNcAX6SsSNPu/31PapYdRb9ZaMIFGatr7Rv
lSwGKyvu/g4VR20o70Eflg5yav1LKJXHUW/x5YJ6UGo6/OrTwZpiCyIQo5IzvCTZ
eXkjpawmVo0lY7gfRrKzcVWM0Bpkej1m+UnYPX9kVQh3UiUwS69D5CfMtmuYAAO2
vjw3V76FiQzaE7AMrFY19aOTPdYPCQjwntIF+7F0r6XRPvyH0V8=
-----END CERTIFICATE-----
Generated at Sat May 17 22:37:21 2025 by rpki-client