Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/TW3HkLAuuprQpZI3enBiUd75zXg.roa
File: TW3HkLAuuprQpZI3enBiUd75zXg.roa (raw, json)
Hash identifier: PbdUXLNpa6rZbFJV0WinMCv5Ha81uQa2KrPFSy/vFYI=
Subject key identifier: 4D:6D:C7:90:B0:2E:BA:9A:D0:A5:92:37:7A:70:62:51:DE:F9:CD:78
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0124
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/TW3HkLAuuprQpZI3enBiUd75zXg.roa
Signing time: Thu 08 May 2025 14:37:41 +0000
ROA not before: Thu 08 May 2025 14:37:41 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 292 (0x124)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 8 14:37:41 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=4D6DC790B02EBA9AD0A592377A706251DEF9CD78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:2d:9e:0a:76:9b:cd:b6:0b:23:5e:62:2f:97:
f4:08:b7:bc:cc:c5:24:70:5b:2c:be:30:46:13:9b:
81:60:81:53:27:bd:54:9d:48:3e:61:08:0b:09:6f:
a6:33:00:9c:7b:57:22:8f:7f:52:bf:c0:12:1d:73:
d4:06:e7:bf:bd:6d:f1:65:7b:06:da:36:af:f5:7e:
1a:5e:c9:79:2e:79:1d:a2:d5:c3:37:4a:7e:ec:7e:
95:6a:9e:13:1b:2c:64:4c:34:13:83:ce:02:6e:b5:
4f:67:5d:8a:29:f8:96:fc:69:43:55:15:55:8d:fc:
66:b1:b6:a1:5b:7d:d3:56:b8:e3:40:05:e3:df:55:
a9:1d:d9:f3:90:e8:07:42:37:14:89:da:9f:4e:36:
bd:1f:04:e2:ed:72:d9:9f:5f:c2:0d:8d:15:67:89:
bc:56:36:d9:ba:5e:1d:9c:c8:1a:4c:fd:6a:46:e9:
2f:de:96:1c:e9:20:2d:24:12:f8:c2:ab:ed:89:6d:
8d:3b:fc:3e:82:4e:d0:b1:23:b4:53:d3:fb:1e:d4:
db:67:ec:5f:85:e5:23:6c:f3:f8:ee:41:06:4a:20:
9e:6d:8d:31:06:a9:f6:63:30:c3:b1:36:17:f4:a6:
38:b2:3b:ac:b4:16:2d:35:a6:05:1e:41:eb:86:dd:
c5:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:6D:C7:90:B0:2E:BA:9A:D0:A5:92:37:7A:70:62:51:DE:F9:CD:78
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/TW3HkLAuuprQpZI3enBiUd75zXg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3c:a7:b8:0a:3e:f6:cf:39:c9:74:fb:44:f5:8b:96:68:81:16:
f1:3d:d2:fc:84:a1:b6:bf:db:c6:6e:9f:27:fc:b3:34:96:b5:
98:50:58:89:92:6f:7d:bd:e3:d7:a0:2a:08:79:dd:65:5c:95:
b5:39:0a:24:fe:f5:18:29:51:6d:28:13:0e:b1:9e:1f:ba:36:
3b:23:9d:65:58:cf:30:86:72:15:69:b8:7f:7c:8a:f1:38:8d:
91:85:5a:e1:73:38:23:2b:68:1e:72:18:75:be:60:4d:e8:24:
ed:4f:f4:0f:6b:8f:85:24:88:c3:e9:47:6b:bc:2e:71:09:94:
b0:84:c9:20:09:16:73:84:21:26:53:87:5a:d4:da:58:e3:28:
af:dd:20:f6:85:91:2e:fd:14:69:aa:0e:27:6f:bd:57:58:7f:
dd:86:92:1a:44:ab:1f:8c:40:5d:24:bb:ce:ad:2d:d4:5a:fc:
ed:fb:bc:7a:dc:52:51:5b:4b:ef:27:cd:b5:ef:ac:1c:6c:f8:
35:42:77:0c:f3:eb:82:a1:b0:24:ef:9f:26:76:e6:c2:05:05:
4c:e2:ef:c4:41:bb:bf:1c:23:83:be:61:a5:93:e9:8c:d2:05:
ae:96:1a:de:d4:de:db:43:43:77:a7:07:62:8f:82:33:86:ca:
f0:4f:82:81
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICASQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MDgx
NDM3NDFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDRENkRDNzkwQjAyRUJB
OUFEMEE1OTIzNzdBNzA2MjUxREVGOUNENzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQLZ4KdpvNtgsjXmIvl/QIt7zMxSRwWyy+MEYTm4FggVMnvVSd
SD5hCAsJb6YzAJx7VyKPf1K/wBIdc9QG57+9bfFlewbaNq/1fhpeyXkueR2i1cM3
Sn7sfpVqnhMbLGRMNBODzgJutU9nXYop+Jb8aUNVFVWN/GaxtqFbfdNWuONABePf
Vakd2fOQ6AdCNxSJ2p9ONr0fBOLtctmfX8INjRVnibxWNtm6Xh2cyBpM/WpG6S/e
lhzpIC0kEvjCq+2JbY07/D6CTtCxI7RT0/se1Ntn7F+F5SNs8/juQQZKIJ5tjTEG
qfZjMMOxNhf0pjiyO6y0Fi01pgUeQeuG3cWlAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUTW3HkLAuuprQpZI3enBiUd75zXgwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9UVzNIa0xBdXVwclFwWkkz
ZW5CaVVkNzV6WGcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBADynuAo+9s85yXT7RPWLlmiBFvE90vyEoba/
28Zunyf8szSWtZhQWImSb32949egKgh53WVclbU5CiT+9RgpUW0oEw6xnh+6Njsj
nWVYzzCGchVpuH98ivE4jZGFWuFzOCMraB5yGHW+YE3oJO1P9A9rj4UkiMPpR2u8
LnEJlLCEySAJFnOEISZTh1rU2ljjKK/dIPaFkS79FGmqDidvvVdYf92GkhpEqx+M
QF0ku86tLdRa/O37vHrcUlFbS+8nzbXvrBxs+DVCdwzz64KhsCTvnyZ25sIFBUzi
78RBu78cI4O+YaWT6YzSBa6WGt7U3ttDQ3enB2KPgjOGyvBPgoE=
-----END CERTIFICATE-----
Generated at Sun May 18 03:54:24 2025 by rpki-client