Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/TTvyh3s3YesKs9GoIn5T_1fI2Wc.roa
File: TTvyh3s3YesKs9GoIn5T_1fI2Wc.roa (raw, json)
Hash identifier: Co2nCw1JuooaYHKtXrrHNkJ+1ML+bEs9tT8P4uhDe38=
Subject key identifier: 4D:3B:F2:87:7B:37:61:EB:0A:B3:D1:A8:22:7E:53:FF:57:C8:D9:67
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0164
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/TTvyh3s3YesKs9GoIn5T_1fI2Wc.roa
Signing time: Thu 08 May 2025 22:37:44 +0000
ROA not before: Thu 08 May 2025 22:37:44 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 356 (0x164)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 8 22:37:44 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=4D3BF2877B3761EB0AB3D1A8227E53FF57C8D967
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:05:f7:e7:fc:22:0c:cc:58:1a:c2:18:23:3b:
20:91:fa:05:12:e2:f2:7a:98:f6:7d:b2:69:74:af:
b8:32:3a:1f:40:a1:a1:28:f8:d5:fd:ba:ae:20:e3:
74:79:0a:c6:79:34:1d:3f:46:1b:66:f7:cf:a0:0d:
7f:8a:83:a4:14:b1:5d:eb:60:f8:a9:03:fa:49:86:
1c:8d:0e:0a:44:20:ef:24:fd:39:72:98:62:13:b3:
af:92:9c:a4:81:e6:96:3a:88:e8:ed:55:1a:a5:dc:
39:0c:e2:f1:18:75:ae:8c:c6:b9:24:f9:46:15:53:
57:9a:0f:37:af:c3:de:b4:73:58:8a:2e:51:97:e3:
5f:95:54:bb:75:55:7c:28:02:6e:d2:72:98:1e:54:
b6:a3:70:84:95:18:2f:35:df:ad:30:c8:65:5e:95:
5b:c0:4e:9d:41:72:93:22:43:3c:90:d7:50:19:e6:
1b:5c:ea:b2:43:bb:e3:32:96:83:10:20:4e:5b:0b:
a7:7d:67:45:fd:26:ce:c1:21:ac:8a:f1:96:ff:a9:
76:77:f5:bb:b4:75:aa:0a:2f:92:97:f9:82:3d:38:
82:20:fd:49:61:f0:7e:89:48:1b:25:c3:0b:07:76:
2d:8a:cc:65:36:f6:05:c3:89:e9:3e:ce:95:7f:8f:
9c:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:3B:F2:87:7B:37:61:EB:0A:B3:D1:A8:22:7E:53:FF:57:C8:D9:67
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/TTvyh3s3YesKs9GoIn5T_1fI2Wc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
84:48:b6:d4:fc:78:28:67:95:48:82:e6:7a:a4:e5:3d:78:4e:
b3:de:fe:27:b0:0a:41:f6:a0:9a:5f:4e:7f:84:7d:f4:65:3d:
02:61:29:c3:31:0a:8d:9f:7a:29:11:df:bc:8f:29:b8:00:85:
cc:89:e3:ee:12:fd:e7:5a:9d:c9:23:33:58:d3:e3:a0:2a:fb:
eb:39:44:20:de:a6:41:d8:72:55:21:90:89:b3:07:90:5c:e8:
80:4d:cd:69:d9:87:50:22:95:c9:fd:96:2b:71:1b:4f:58:d0:
89:95:13:01:8a:94:b2:5c:7d:e8:8e:96:91:0c:27:4c:b4:af:
8b:2c:35:c5:40:c2:d1:54:23:5b:5c:41:74:ab:28:63:6a:37:
a0:c3:61:29:bf:74:93:2f:a5:ec:35:77:bd:cd:72:9e:c1:b0:
50:05:e6:d2:c1:ee:96:91:6c:ad:c1:0c:01:2e:06:41:bd:2a:
5d:43:2d:be:ca:30:19:0f:50:e5:4e:78:c9:a1:20:e0:aa:5a:
f2:04:52:ac:6b:de:16:b6:e7:f1:74:61:15:cf:86:d6:43:e7:
fb:d7:87:7c:85:c2:a3:78:f6:7c:20:51:68:ac:f9:d8:f3:29:
13:fb:73:8f:88:e6:33:23:6b:32:39:00:5f:c5:0a:28:ff:bf:
95:8f:25:c8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAWQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MDgy
MjM3NDRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDREM0JGMjg3N0IzNzYx
RUIwQUIzRDFBODIyN0U1M0ZGNTdDOEQ5NjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD0Bffn/CIMzFgawhgjOyCR+gUS4vJ6mPZ9sml0r7gyOh9AoaEo
+NX9uq4g43R5CsZ5NB0/Rhtm98+gDX+Kg6QUsV3rYPipA/pJhhyNDgpEIO8k/Tly
mGITs6+SnKSB5pY6iOjtVRql3DkM4vEYda6Mxrkk+UYVU1eaDzevw960c1iKLlGX
41+VVLt1VXwoAm7ScpgeVLajcISVGC81360wyGVelVvATp1BcpMiQzyQ11AZ5htc
6rJDu+MyloMQIE5bC6d9Z0X9Js7BIayK8Zb/qXZ39bu0daoKL5KX+YI9OIIg/Ulh
8H6JSBslwwsHdi2KzGU29gXDiek+zpV/j5xfAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUTTvyh3s3YesKs9GoIn5T/1fI2WcwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9UVHZ5aDNzM1llc0tzOUdv
SW41VF8xZkkyV2Mucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIRIttT8eChnlUiC5nqk5T14TrPe/iewCkH2
oJpfTn+EffRlPQJhKcMxCo2feikR37yPKbgAhcyJ4+4S/edanckjM1jT46Aq++s5
RCDepkHYclUhkImzB5Bc6IBNzWnZh1Ailcn9litxG09Y0ImVEwGKlLJcfeiOlpEM
J0y0r4ssNcVAwtFUI1tcQXSrKGNqN6DDYSm/dJMvpew1d73Ncp7BsFAF5tLB7paR
bK3BDAEuBkG9Kl1DLb7KMBkPUOVOeMmhIOCqWvIEUqxr3ha25/F0YRXPhtZD5/vX
h3yFwqN49nwgUWis+djzKRP7c4+I5jMjazI5AF/FCij/v5WPJcg=
-----END CERTIFICATE-----
Generated at Sat May 17 22:38:16 2025 by rpki-client