Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/Q2DP5iONhYuANJGpqVHLJmzELrA.roa
File: Q2DP5iONhYuANJGpqVHLJmzELrA.roa (raw, json)
Hash identifier: g1qWL9Bw9YwDmHeni0EoQoDb2+sgEXy4Z4zZ1xJsLsI=
Subject key identifier: 43:60:CF:E6:23:8D:85:8B:80:34:91:A9:A9:51:CB:26:6C:C4:2E:B0
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0388
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Q2DP5iONhYuANJGpqVHLJmzELrA.roa
Signing time: Sun 11 May 2025 19:08:19 +0000
ROA not before: Sun 11 May 2025 19:08:19 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 904 (0x388)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 11 19:08:19 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=4360CFE6238D858B803491A9A951CB266CC42EB0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:91:f2:9b:5a:92:bb:67:13:9a:2b:2d:a6:d7:
3f:f5:96:5a:42:8d:bb:cd:0a:a7:4f:cf:d3:4d:75:
9f:cb:c0:9f:52:9e:77:bb:1c:18:5a:ed:bb:70:f3:
d6:4f:56:84:98:1b:42:8b:eb:b2:17:b7:ac:59:04:
d2:1c:01:6a:bb:c9:63:ec:6f:ab:fe:97:ad:16:5e:
fa:bf:2f:75:4c:65:86:f9:56:23:59:f8:3e:4a:19:
bf:1c:5d:6a:4a:7e:55:de:a4:14:ec:b7:3b:2d:17:
75:2e:74:b7:b4:49:5c:b6:60:7a:97:31:47:7c:9e:
80:3d:26:8c:51:17:f0:77:c8:b4:66:15:f5:ad:72:
3c:3e:53:ee:e8:19:a2:35:93:94:d2:58:b4:96:62:
66:10:b2:47:99:db:c5:b0:13:bf:67:16:87:d0:ea:
f1:8a:a3:fd:01:a5:e7:6f:0e:1d:a6:16:d7:f0:11:
1e:93:02:3e:50:f1:dc:01:a6:e5:d0:55:28:49:e6:
aa:1e:a3:bc:9b:1a:cb:45:9e:62:ea:da:b2:7c:30:
a8:a9:ec:c2:f5:53:3a:85:8c:ec:f5:02:78:55:63:
83:7d:a4:36:df:19:08:db:2e:c3:48:ae:b7:d5:2c:
c5:d1:81:9c:f7:c1:de:ec:85:a4:5d:df:b2:5f:fc:
de:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:60:CF:E6:23:8D:85:8B:80:34:91:A9:A9:51:CB:26:6C:C4:2E:B0
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Q2DP5iONhYuANJGpqVHLJmzELrA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
53:f5:6f:d3:1a:44:90:25:f0:02:ab:ce:de:ad:78:6e:d0:62:
dc:17:8a:17:37:c7:41:18:c6:9d:b3:99:4e:5f:cf:a2:db:e7:
a2:19:4b:97:26:74:da:fb:0b:ea:78:91:69:86:7a:9d:56:d5:
45:b0:1d:03:32:4f:0c:a8:25:ef:ad:43:3d:0e:89:17:c4:92:
38:3e:d1:ea:6b:bf:f8:9c:87:0a:15:b0:2b:78:ce:f3:60:5c:
22:90:0b:59:bb:55:75:a1:a3:59:ed:b8:de:21:1b:31:f2:2d:
3d:51:22:c7:6b:36:9d:7f:45:1c:06:20:a5:19:3b:5a:10:ea:
03:b5:42:ac:be:4b:42:4e:2c:8b:ab:ae:9c:e1:17:8d:1a:93:
f1:29:cf:78:59:48:4d:f7:93:b7:4c:e3:47:e1:29:2f:a9:70:
dc:85:9a:94:20:b0:6a:0a:66:36:de:97:86:d7:f4:2d:11:93:
d3:55:d5:9d:d3:5d:54:b9:32:a8:aa:3f:32:65:00:c0:dc:4d:
91:37:51:65:ad:33:e5:a4:af:e3:bc:6c:83:90:50:70:3c:c7:
21:bc:28:8c:13:89:14:ec:13:39:30:a7:b0:2b:5d:d5:42:e9:
89:13:95:7b:d5:6e:17:05:40:7c:70:e1:a4:b5:9d:ce:60:c5:
10:da:3a:3a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICA4gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTEx
OTA4MTlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDQzNjBDRkU2MjM4RDg1
OEI4MDM0OTFBOUE5NTFDQjI2NkNDNDJFQjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxkfKbWpK7ZxOaKy2m1z/1llpCjbvNCqdPz9NNdZ/LwJ9Snne7
HBha7btw89ZPVoSYG0KL67IXt6xZBNIcAWq7yWPsb6v+l60WXvq/L3VMZYb5ViNZ
+D5KGb8cXWpKflXepBTstzstF3UudLe0SVy2YHqXMUd8noA9JoxRF/B3yLRmFfWt
cjw+U+7oGaI1k5TSWLSWYmYQskeZ28WwE79nFofQ6vGKo/0BpedvDh2mFtfwER6T
Aj5Q8dwBpuXQVShJ5qoeo7ybGstFnmLq2rJ8MKip7ML1UzqFjOz1AnhVY4N9pDbf
GQjbLsNIrrfVLMXRgZz3wd7shaRd37Jf/N7lAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUQ2DP5iONhYuANJGpqVHLJmzELrAwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9RMkRQNWlPTmhZdUFOSkdw
cVZITEptekVMckEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAFP1b9MaRJAl8AKrzt6teG7QYtwXihc3x0EY
xp2zmU5fz6Lb56IZS5cmdNr7C+p4kWmGep1W1UWwHQMyTwyoJe+tQz0OiRfEkjg+
0eprv/ichwoVsCt4zvNgXCKQC1m7VXWho1ntuN4hGzHyLT1RIsdrNp1/RRwGIKUZ
O1oQ6gO1Qqy+S0JOLIurrpzhF40ak/Epz3hZSE33k7dM40fhKS+pcNyFmpQgsGoK
Zjbel4bX9C0Rk9NV1Z3TXVS5MqiqPzJlAMDcTZE3UWWtM+Wkr+O8bIOQUHA8xyG8
KIwTiRTsEzkwp7ArXdVC6YkTlXvVbhcFQHxw4aS1nc5gxRDaOjo=
-----END CERTIFICATE-----
Generated at Sat May 17 23:35:04 2025 by rpki-client