Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/U8zGXUTROrNTeFdQ-xz2ZdR9IOQ.roa
File: U8zGXUTROrNTeFdQ-xz2ZdR9IOQ.roa (raw, json)
Hash identifier: ZNZaCBU1P2LHua10nYLOSg5dvddntTexO1/rSJQDBeM=
Subject key identifier: 53:CC:C6:5D:44:D1:3A:B3:53:78:57:50:FB:1C:F6:65:D4:7D:20:E4
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 069C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/U8zGXUTROrNTeFdQ-xz2ZdR9IOQ.roa
Signing time: Thu 15 May 2025 21:38:45 +0000
ROA not before: Thu 15 May 2025 21:38:45 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1692 (0x69c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 15 21:38:45 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=53CCC65D44D13AB353785750FB1CF665D47D20E4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:82:98:b4:31:c3:aa:26:97:c3:3f:e6:72:e9:
51:dc:a2:b8:d7:cf:a5:53:32:19:7f:b9:d3:b0:97:
99:2a:8d:f1:f7:0c:5b:58:cb:b2:d5:ce:ab:71:da:
2e:e3:ff:14:58:b0:13:9c:ff:0e:d5:aa:45:cc:a8:
9a:54:1e:c2:4e:1f:26:14:d4:87:29:fb:c0:93:08:
1f:fb:80:fd:91:b0:98:ba:e0:e9:50:5e:65:10:d8:
a6:11:56:75:25:45:56:b6:65:60:98:4f:80:8b:83:
1c:7f:46:55:50:dd:11:e3:bc:5a:8d:79:fb:a4:32:
7b:23:d2:79:51:63:7a:60:bb:84:44:bc:64:74:ae:
0d:f7:31:f7:77:58:e0:55:16:e1:83:34:56:42:df:
7a:f0:b8:2b:f7:d0:1c:cf:31:fe:92:05:ed:33:4b:
0c:d4:f0:6a:31:91:66:71:9f:64:57:ea:a8:0c:cd:
19:e6:23:0b:38:af:1f:81:0b:00:07:40:28:cd:60:
4c:88:bf:53:45:38:0b:a9:3f:be:6a:91:6b:ec:de:
d0:b2:eb:17:d4:a1:18:70:46:69:8a:49:42:58:13:
56:68:0f:31:e6:4d:0d:2c:a9:a5:ac:05:15:b3:db:
dc:13:21:6b:14:6f:94:a2:f2:39:40:84:fc:5e:97:
c2:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:CC:C6:5D:44:D1:3A:B3:53:78:57:50:FB:1C:F6:65:D4:7D:20:E4
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/U8zGXUTROrNTeFdQ-xz2ZdR9IOQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
69:92:64:6d:68:af:2a:89:a1:49:3e:df:ac:fd:8a:cb:e5:a5:
d8:b9:95:1c:a4:3f:8b:4b:0f:93:d4:b9:74:a0:76:23:f0:61:
3e:65:02:de:5f:47:14:49:c0:a9:b5:a2:94:dd:2f:ae:ab:44:
ef:99:46:85:72:26:ab:55:49:e5:67:a1:5b:77:c5:37:21:cb:
af:88:98:54:e5:ac:84:1b:fa:7d:e7:57:a3:e2:ca:a0:f2:f3:
33:61:c8:2e:76:81:e0:d0:01:9c:a4:b5:72:d1:f4:29:00:83:
f4:42:c3:71:6d:3a:7a:c0:57:e9:0c:44:79:61:86:af:05:33:
ea:29:37:af:04:c1:b5:ee:ca:9f:06:ba:f0:18:95:1c:a1:6d:
cf:1e:c6:96:29:b4:61:d8:f3:8a:fc:09:b9:e0:fa:47:cb:35:
67:b2:5c:35:c1:ab:94:79:5c:74:15:46:5e:9c:c0:50:4e:9b:
90:79:2f:06:f7:11:71:a3:b7:6d:fc:3e:81:1d:7a:f7:a6:cf:
65:7a:a8:5e:af:ee:f4:aa:db:32:48:6b:9e:5b:44:a6:44:e7:
ce:20:be:ba:e3:3a:77:7c:c1:4c:74:bf:f0:4b:57:d7:db:62:
ce:40:16:5d:70:02:91:d2:0e:37:dc:9d:84:fe:09:3f:7b:09:
45:82:82:70
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBpwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTUy
MTM4NDVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDUzQ0NDNjVENDREMTNB
QjM1Mzc4NTc1MEZCMUNGNjY1RDQ3RDIwRTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1gpi0McOqJpfDP+Zy6VHcorjXz6VTMhl/udOwl5kqjfH3DFtY
y7LVzqtx2i7j/xRYsBOc/w7VqkXMqJpUHsJOHyYU1Icp+8CTCB/7gP2RsJi64OlQ
XmUQ2KYRVnUlRVa2ZWCYT4CLgxx/RlVQ3RHjvFqNefukMnsj0nlRY3pgu4REvGR0
rg33Mfd3WOBVFuGDNFZC33rwuCv30BzPMf6SBe0zSwzU8GoxkWZxn2RX6qgMzRnm
Iws4rx+BCwAHQCjNYEyIv1NFOAupP75qkWvs3tCy6xfUoRhwRmmKSUJYE1ZoDzHm
TQ0sqaWsBRWz29wTIWsUb5Si8jlAhPxel8LnAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUU8zGXUTROrNTeFdQ+xz2ZdR9IOQwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9VOHpHWFVUUk9yTlRlRmRR
LXh6MlpkUjlJT1Eucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAGmSZG1oryqJoUk+36z9isvlpdi5lRykP4tL
D5PUuXSgdiPwYT5lAt5fRxRJwKm1opTdL66rRO+ZRoVyJqtVSeVnoVt3xTchy6+I
mFTlrIQb+n3nV6PiyqDy8zNhyC52geDQAZyktXLR9CkAg/RCw3FtOnrAV+kMRHlh
hq8FM+opN68EwbXuyp8GuvAYlRyhbc8expYptGHY84r8Cbng+kfLNWeyXDXBq5R5
XHQVRl6cwFBOm5B5Lwb3EXGjt238PoEdevemz2V6qF6v7vSq2zJIa55bRKZE584g
vrrjOnd8wUx0v/BLV9fbYs5AFl1wApHSDjfcnYT+CT97CUWCgnA=
-----END CERTIFICATE-----
Generated at Sun May 18 02:11:42 2025 by rpki-client