Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/O_wmuvUUonQII7fI0hQE7ahCQC0.roa
File: O_wmuvUUonQII7fI0hQE7ahCQC0.roa (raw, json)
Hash identifier: YCm/gW+3D9khLF0KfGcaYS2we7z6845enCTm/1tFuso=
Subject key identifier: 3B:FC:26:BA:F5:14:A2:74:08:23:B7:C8:D2:14:04:ED:A8:42:40:2D
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0190
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/O_wmuvUUonQII7fI0hQE7ahCQC0.roa
Signing time: Fri 09 May 2025 04:08:17 +0000
ROA not before: Fri 09 May 2025 04:08:17 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 400 (0x190)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 9 04:08:17 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=3BFC26BAF514A2740823B7C8D21404EDA842402D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:25:a2:07:24:f3:b0:08:0f:0e:00:83:0e:d1:
75:b6:65:59:0f:2c:18:58:57:50:a9:c6:e0:60:c5:
d8:54:cd:6b:34:a8:bf:b9:8e:e0:32:b5:d3:dd:65:
a7:b2:0a:26:66:b9:14:d4:aa:a0:db:cb:7e:8f:e4:
12:6d:02:a1:96:4f:18:01:cb:81:9d:07:ff:98:9a:
57:7b:4e:cf:77:b5:de:38:cf:31:7e:cd:ad:1c:46:
52:97:e7:75:63:86:4b:f7:9f:d8:ae:40:69:bc:e8:
38:f8:0b:da:91:e1:a1:43:91:d0:72:d6:af:08:49:
74:7f:77:e1:9b:b6:30:0d:ef:f6:73:64:03:e3:b9:
e8:dc:6a:97:d0:6a:be:3f:cb:56:c7:3d:58:85:6c:
be:55:21:8d:32:8f:11:97:c7:27:83:fd:05:a7:98:
5d:5d:c7:a3:3f:53:41:9d:d1:f1:92:a3:24:d3:d4:
29:e5:35:c0:5b:d3:76:33:e1:e2:3a:68:d1:6d:e3:
e3:1b:e1:88:e6:43:b4:c3:6e:52:6b:54:c1:a8:ec:
72:cc:a2:b8:7b:3f:ae:45:a8:09:a7:be:59:59:8f:
dd:dd:f9:46:ac:e3:70:cd:79:ab:80:cf:93:b0:9e:
35:a1:7a:f4:c7:6f:6c:50:02:a0:4c:db:c6:30:74:
e7:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:FC:26:BA:F5:14:A2:74:08:23:B7:C8:D2:14:04:ED:A8:42:40:2D
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/O_wmuvUUonQII7fI0hQE7ahCQC0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
25:17:6a:99:8e:4b:89:d8:0f:f0:8e:cf:5c:eb:6f:2f:fa:5a:
57:27:e4:0d:c8:86:17:ba:57:e2:66:4a:0b:33:27:30:cd:3a:
18:b4:7e:5b:03:77:91:a6:0d:fc:df:ae:5f:66:26:49:33:69:
4c:5f:f6:0b:2d:86:fc:6b:fd:ae:9f:c7:79:2d:f1:0c:41:9e:
17:2c:94:d3:af:2e:61:8a:bf:35:de:35:e7:7d:8b:53:d6:77:
e3:6c:9e:4b:a3:5d:ab:15:2a:67:0b:47:1c:62:c8:1f:63:89:
fd:02:f5:ff:be:be:b9:a0:d9:bc:80:6b:79:e8:9a:35:98:bd:
b4:46:82:32:11:46:cd:15:c6:79:4d:a5:37:9e:98:fd:53:44:
d7:5a:ae:fe:47:26:6f:61:62:04:c5:21:22:fa:28:9a:45:1f:
83:d9:c2:d3:be:71:a1:b8:88:ff:ad:44:e3:ba:e2:f0:6f:98:
d0:0c:14:7c:6d:3c:56:13:65:84:72:f0:3e:5f:f6:ff:fd:a3:
ae:d7:cc:b5:76:b7:8d:31:95:70:39:7c:cb:a3:af:92:96:5c:
39:d2:5f:8e:a0:dd:08:e1:7a:84:2a:1d:df:8f:ed:93:62:d1:
45:e6:31:d4:eb:82:2f:b0:66:9d:b8:b1:50:a4:a9:80:8e:2b:
1d:57:ff:e6
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAZAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MDkw
NDA4MTdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDNCRkMyNkJBRjUxNEEy
NzQwODIzQjdDOEQyMTQwNEVEQTg0MjQwMkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCJaIHJPOwCA8OAIMO0XW2ZVkPLBhYV1CpxuBgxdhUzWs0qL+5
juAytdPdZaeyCiZmuRTUqqDby36P5BJtAqGWTxgBy4GdB/+Ymld7Ts93td44zzF+
za0cRlKX53Vjhkv3n9iuQGm86Dj4C9qR4aFDkdBy1q8ISXR/d+GbtjAN7/ZzZAPj
uejcapfQar4/y1bHPViFbL5VIY0yjxGXxyeD/QWnmF1dx6M/U0Gd0fGSoyTT1Cnl
NcBb03Yz4eI6aNFt4+Mb4YjmQ7TDblJrVMGo7HLMorh7P65FqAmnvllZj93d+Uas
43DNeauAz5OwnjWhevTHb2xQAqBM28YwdOctAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUO/wmuvUUonQII7fI0hQE7ahCQC0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9PX3dtdXZVVW9uUUlJN2ZJ
MGhRRTdhaENRQzAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACUXapmOS4nYD/COz1zrby/6Wlcn5A3Ihhe6
V+JmSgszJzDNOhi0flsDd5GmDfzfrl9mJkkzaUxf9gsthvxr/a6fx3kt8QxBnhcs
lNOvLmGKvzXeNed9i1PWd+NsnkujXasVKmcLRxxiyB9jif0C9f++vrmg2byAa3no
mjWYvbRGgjIRRs0VxnlNpTeemP1TRNdarv5HJm9hYgTFISL6KJpFH4PZwtO+caG4
iP+tROO64vBvmNAMFHxtPFYTZYRy8D5f9v/9o67XzLV2t40xlXA5fMujr5KWXDnS
X46g3QjheoQqHd+P7ZNi0UXmMdTrgi+wZp24sVCkqYCOKx1X/+Y=
-----END CERTIFICATE-----
Generated at Sat May 17 23:15:58 2025 by rpki-client