Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/OxVedCpi3voemFQGu3BpvYx7IA4.roa
File: OxVedCpi3voemFQGu3BpvYx7IA4.roa (raw, json)
Hash identifier: V23lSM/aFUvy7zU33P0o86jHoRyOO/LG79Vl33dhq0o=
Subject key identifier: 3B:15:5E:74:2A:62:DE:FA:1E:98:54:06:BB:70:69:BD:8C:7B:20:0E
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0468
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/OxVedCpi3voemFQGu3BpvYx7IA4.roa
Signing time: Mon 12 May 2025 23:07:57 +0000
ROA not before: Mon 12 May 2025 23:07:57 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1128 (0x468)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 12 23:07:57 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=3B155E742A62DEFA1E985406BB7069BD8C7B200E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:62:07:da:a3:24:1a:cf:78:49:4c:85:9e:4c:
9f:52:fe:3a:a9:3e:8f:b8:c7:49:3d:b2:3e:85:42:
83:4d:8c:89:dc:c9:c4:dd:ef:a5:1b:0c:a8:63:66:
04:ce:6d:60:77:7d:db:82:60:69:e5:6d:0a:0d:3e:
43:05:5b:8d:58:06:14:77:d9:5e:ef:d2:8d:85:ff:
de:10:6a:2d:7b:bf:e2:c1:5f:05:45:19:2a:37:3d:
80:69:e9:b6:e8:fe:01:09:66:dd:f7:23:15:f9:cd:
43:62:d8:de:bc:a7:a5:d3:34:8b:41:3f:18:50:c4:
09:74:e7:56:ba:99:f6:f8:42:2a:cd:21:19:83:5b:
07:63:a8:22:c2:ca:9b:ee:38:dd:90:a8:54:26:fd:
54:ea:92:a3:be:fe:2c:46:3c:68:75:10:3d:13:c2:
8f:7a:c4:9f:1a:99:b9:99:2b:5e:0f:5a:31:4c:55:
13:5c:ac:01:e7:78:d3:78:f3:7b:4a:35:79:48:74:
4f:f1:b0:2b:4f:b2:8e:50:12:82:2c:8f:a1:2d:67:
20:a6:1c:cf:93:a8:fe:5f:ec:e9:3b:6f:d8:91:38:
46:c8:25:bf:09:09:d3:f0:a7:f4:2e:5f:c1:0d:73:
4a:0c:40:69:be:50:03:ae:ff:f4:2b:d0:05:df:a6:
44:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:15:5E:74:2A:62:DE:FA:1E:98:54:06:BB:70:69:BD:8C:7B:20:0E
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/OxVedCpi3voemFQGu3BpvYx7IA4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
29:d2:a5:60:df:3c:ad:3a:a2:4e:69:07:ec:1e:2f:1f:25:32:
9c:a2:62:f9:7a:da:7d:ad:d9:4e:06:a4:09:de:98:cd:ea:d5:
21:d6:82:09:4c:74:f9:0f:7f:ca:3d:d7:a6:1e:f3:2d:34:98:
21:c2:d3:d6:38:7e:b1:05:0c:87:71:e8:ed:b4:4c:d6:57:d2:
db:98:91:3a:d2:18:2a:6b:49:e6:38:d4:24:ec:c3:d0:af:c1:
07:f6:5c:a8:49:74:4d:e5:22:15:21:cd:d4:0b:05:57:62:0e:
bd:76:89:ae:1f:d2:4b:bf:3c:ed:6f:62:50:75:6e:b5:96:98:
93:8d:f2:04:e6:07:fa:6d:38:17:7a:b6:10:d9:92:fb:12:2d:
d0:b1:8b:33:48:80:a9:f0:e3:b3:95:2b:ff:17:e7:03:b5:74:
dd:36:91:81:de:c1:cc:1a:e5:4c:28:94:4a:33:30:72:1a:68:
a3:8e:cf:e4:f4:0a:7f:be:bc:68:4a:c3:7a:17:b3:85:03:96:
24:3c:f5:0e:ca:09:36:cd:57:27:7c:bd:ae:90:b1:ff:bc:fe:
f0:86:60:64:2b:6e:e7:44:38:63:15:6b:40:fc:ef:ee:85:84:
b5:84:10:ec:63:8b:51:24:20:0d:52:55:2b:ab:57:1c:e4:a8:
23:5d:5d:2d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBGgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTIy
MzA3NTdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDNCMTU1RTc0MkE2MkRF
RkExRTk4NTQwNkJCNzA2OUJEOEM3QjIwMEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDrYgfaoyQaz3hJTIWeTJ9S/jqpPo+4x0k9sj6FQoNNjIncycTd
76UbDKhjZgTObWB3fduCYGnlbQoNPkMFW41YBhR32V7v0o2F/94Qai17v+LBXwVF
GSo3PYBp6bbo/gEJZt33IxX5zUNi2N68p6XTNItBPxhQxAl051a6mfb4QirNIRmD
WwdjqCLCypvuON2QqFQm/VTqkqO+/ixGPGh1ED0Two96xJ8ambmZK14PWjFMVRNc
rAHneNN483tKNXlIdE/xsCtPso5QEoIsj6EtZyCmHM+TqP5f7Ok7b9iROEbIJb8J
CdPwp/QuX8ENc0oMQGm+UAOu//Qr0AXfpkTjAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUOxVedCpi3voemFQGu3BpvYx7IA4wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9PeFZlZENwaTN2b2VtRlFH
dTNCcHZZeDdJQTQucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACnSpWDfPK06ok5pB+weLx8lMpyiYvl62n2t
2U4GpAnemM3q1SHWgglMdPkPf8o916Ye8y00mCHC09Y4frEFDIdx6O20TNZX0tuY
kTrSGCprSeY41CTsw9CvwQf2XKhJdE3lIhUhzdQLBVdiDr12ia4f0ku/PO1vYlB1
brWWmJON8gTmB/ptOBd6thDZkvsSLdCxizNIgKnw47OVK/8X5wO1dN02kYHewcwa
5UwolEozMHIaaKOOz+T0Cn++vGhKw3oXs4UDliQ89Q7KCTbNVyd8va6Qsf+8/vCG
YGQrbudEOGMVa0D87+6FhLWEEOxji1EkIA1SVSurVxzkqCNdXS0=
-----END CERTIFICATE-----
Generated at Sun May 18 04:52:55 2025 by rpki-client