Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/QREheMtDc0ZTHXJDAE-J0v3l3D0.roa
File: QREheMtDc0ZTHXJDAE-J0v3l3D0.roa (raw, json)
Hash identifier: I/mNLrmjJ0DKi1EG8fpC0OyV2MXnRWl64x4EH0klW/o=
Subject key identifier: 41:11:21:78:CB:43:73:46:53:1D:72:43:00:4F:89:D2:FD:E5:DC:3D
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 05BC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/QREheMtDc0ZTHXJDAE-J0v3l3D0.roa
Signing time: Wed 14 May 2025 17:38:00 +0000
ROA not before: Wed 14 May 2025 17:38:00 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1468 (0x5bc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 14 17:38:00 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=41112178CB437346531D7243004F89D2FDE5DC3D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:50:fb:d7:04:77:27:e6:51:8e:b3:da:60:a0:
e4:0e:03:95:8c:cd:db:ff:f0:67:bb:59:5a:8e:70:
04:45:9d:7c:9a:12:e6:83:b3:a1:a4:49:75:92:de:
b7:db:ae:0a:c2:6e:d9:39:e8:77:c9:dc:2b:60:d3:
a9:95:a9:cc:6d:da:3e:b8:a7:99:3a:45:53:1c:6e:
28:d4:31:05:77:e3:22:2d:20:70:f0:cf:7a:e4:6c:
e6:07:ca:f3:85:81:ba:f8:aa:2e:66:86:88:ad:2a:
d5:94:e9:29:25:c2:f1:d6:d8:f9:a5:52:4a:1c:ec:
31:3a:ce:0e:4c:28:44:5a:0c:23:0f:d2:d5:76:ce:
4a:1c:ab:ea:1f:34:3b:fd:84:90:a9:19:bc:5f:4a:
03:d4:c0:5a:9c:e1:1d:3a:75:97:2f:25:b8:03:d3:
37:60:bc:d0:23:57:c8:f7:e0:2f:a9:7d:da:f5:9b:
1a:6c:11:e2:4e:b9:ab:ce:c9:1f:96:a3:da:e7:1f:
5b:e7:3c:90:e1:50:f0:c6:58:30:8e:66:de:15:39:
e8:b2:b5:09:c6:51:c8:c6:e4:b2:3a:24:fe:c2:91:
01:3a:ef:a3:cf:d9:5d:c7:bc:c9:78:71:72:3b:4b:
96:9d:69:f4:47:41:b7:29:23:7b:6d:82:d5:82:69:
70:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:11:21:78:CB:43:73:46:53:1D:72:43:00:4F:89:D2:FD:E5:DC:3D
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/QREheMtDc0ZTHXJDAE-J0v3l3D0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
ad:53:bc:e2:ba:f1:3c:4d:bf:34:e6:d1:74:74:c0:f4:af:96:
4b:86:8c:4d:31:3c:61:3f:bb:1c:f2:42:f2:93:38:d1:5b:4a:
d7:31:d4:f0:cd:7c:5a:46:c5:50:83:0a:15:f8:bb:8d:f6:a6:
8b:75:c0:34:a2:3a:8c:3a:6f:78:61:7b:92:4f:bd:84:22:bf:
8b:26:df:ab:e3:bf:24:43:ba:84:3b:ec:41:9a:fb:af:38:fe:
30:87:9b:c5:e4:4e:f3:72:2e:db:55:5e:ac:8d:95:14:bd:ca:
8b:38:4e:e6:a0:1b:4c:f2:c4:cf:9c:d6:c8:19:ef:de:62:dc:
f3:8a:2b:dd:65:a8:c5:44:04:22:86:dd:21:75:f1:71:2e:f3:
20:2d:b3:be:0d:16:31:30:aa:65:80:95:92:1c:38:ef:90:84:
6e:dd:5a:c4:18:83:40:4f:01:80:8e:c9:1f:41:8d:a5:94:42:
24:03:45:04:eb:47:07:1d:2d:23:43:6e:42:c7:23:16:e2:0c:
64:2c:39:ef:40:2f:65:33:64:f7:a0:5e:fc:86:fa:29:cf:eb:
1c:2d:81:f3:9f:5e:9a:ac:04:f2:47:ea:d6:08:76:ac:e0:23:
ae:5c:e8:4a:7e:69:96:03:cb:06:00:84:15:99:8a:2f:e5:cb:
ae:0e:e6:e3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBbwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTQx
NzM4MDBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDQxMTEyMTc4Q0I0Mzcz
NDY1MzFENzI0MzAwNEY4OUQyRkRFNURDM0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDtUPvXBHcn5lGOs9pgoOQOA5WMzdv/8Ge7WVqOcARFnXyaEuaD
s6GkSXWS3rfbrgrCbtk56HfJ3Ctg06mVqcxt2j64p5k6RVMcbijUMQV34yItIHDw
z3rkbOYHyvOFgbr4qi5mhoitKtWU6SklwvHW2PmlUkoc7DE6zg5MKERaDCMP0tV2
zkocq+ofNDv9hJCpGbxfSgPUwFqc4R06dZcvJbgD0zdgvNAjV8j34C+pfdr1mxps
EeJOuavOyR+Wo9rnH1vnPJDhUPDGWDCOZt4VOeiytQnGUcjG5LI6JP7CkQE676PP
2V3HvMl4cXI7S5adafRHQbcpI3ttgtWCaXCjAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUQREheMtDc0ZTHXJDAE+J0v3l3D0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9RUkVoZU10RGMwWlRIWEpE
QUUtSjB2M2wzRDAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAK1TvOK68TxNvzTm0XR0wPSvlkuGjE0xPGE/
uxzyQvKTONFbStcx1PDNfFpGxVCDChX4u432pot1wDSiOow6b3hhe5JPvYQiv4sm
36vjvyRDuoQ77EGa+684/jCHm8XkTvNyLttVXqyNlRS9yos4TuagG0zyxM+c1sgZ
795i3POKK91lqMVEBCKG3SF18XEu8yAts74NFjEwqmWAlZIcOO+QhG7dWsQYg0BP
AYCOyR9BjaWUQiQDRQTrRwcdLSNDbkLHIxbiDGQsOe9AL2UzZPegXvyG+inP6xwt
gfOfXpqsBPJH6tYIdqzgI65c6Ep+aZYDywYAhBWZii/ly64O5uM=
-----END CERTIFICATE-----
Generated at Sun May 18 04:47:53 2025 by rpki-client