Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/We83KhVRGQZ0ZQjSe0x-O_8LkiA.roa
File: We83KhVRGQZ0ZQjSe0x-O_8LkiA.roa (raw, json)
Hash identifier: dbwhUTouEKVjjp08k6yl6MQaq4I02iMut0FHPEaNvmA=
Subject key identifier: 59:EF:37:2A:15:51:19:06:74:65:08:D2:7B:4C:7E:3B:FF:0B:92:20
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 05A8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/We83KhVRGQZ0ZQjSe0x-O_8LkiA.roa
Signing time: Wed 14 May 2025 15:08:02 +0000
ROA not before: Wed 14 May 2025 15:08:02 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1448 (0x5a8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 14 15:08:02 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=59EF372A15511906746508D27B4C7E3BFF0B9220
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:a6:42:49:a0:cf:ae:b3:6c:af:56:ac:68:91:
18:80:17:31:64:7c:70:0c:e9:d8:4d:b9:ce:60:fb:
0d:b9:c4:c0:cf:bc:86:24:c1:94:cf:dd:79:73:6d:
c9:2c:49:cb:01:b3:29:a6:9f:14:f1:69:f7:60:25:
25:e2:9f:2b:5d:3c:34:48:fd:4d:8d:ef:46:6c:fc:
0b:61:f3:e4:0d:f3:0b:f1:65:f3:54:70:1c:e8:77:
f2:44:91:43:86:da:18:1a:a3:e2:b8:40:aa:3f:22:
8b:31:d8:f7:a4:30:34:89:4d:ae:23:b5:77:d0:57:
e7:83:a2:47:d1:19:39:9a:24:48:ab:2e:17:47:b1:
f7:05:ba:7e:02:1f:69:d9:f3:e4:86:d0:69:5c:2b:
f1:c0:b5:34:fa:f4:f6:04:ad:ba:7b:a1:5e:31:1a:
f4:67:bb:ae:29:64:61:36:97:b6:17:e3:ac:04:c4:
3f:0a:a9:d8:9c:f8:62:ad:c4:ab:d3:63:91:38:76:
50:b5:b1:0a:e3:3c:03:9d:c9:78:53:3e:61:5a:ad:
9d:e2:95:cf:e6:b4:7a:7c:ea:fb:dc:bc:28:2a:64:
10:87:98:d7:2a:ec:e1:b5:e4:f4:e9:1b:12:5c:56:
0f:0b:10:60:db:8b:e0:1c:91:8d:c7:62:80:b3:a3:
bc:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:EF:37:2A:15:51:19:06:74:65:08:D2:7B:4C:7E:3B:FF:0B:92:20
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/We83KhVRGQZ0ZQjSe0x-O_8LkiA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7d:a7:4c:66:88:7b:1f:02:a9:97:be:53:f5:ea:7d:30:31:39:
83:a8:f1:d1:0d:6d:db:5d:f9:09:7e:c5:54:98:5c:05:90:f0:
6b:87:c5:5f:e1:76:d3:74:d3:62:4a:03:c0:77:57:fa:51:c7:
0b:0d:59:a5:27:69:e4:3c:ff:37:11:70:06:a3:fa:07:cd:d5:
eb:f7:89:6d:36:98:e4:48:ff:04:1a:d1:47:74:75:8a:49:3e:
ee:67:a3:ea:d6:48:8b:41:04:11:c1:cd:b3:2d:a5:a9:4b:b1:
57:59:0c:69:2f:83:94:cf:95:7f:4e:e4:e9:66:6b:a4:1c:3d:
8e:b5:cf:2d:b8:ad:f9:1d:12:c4:43:29:bc:c1:53:72:9f:97:
9f:e3:87:08:bf:42:91:79:49:07:be:df:81:52:3d:5b:9b:41:
d8:55:eb:2a:bc:fe:e1:3d:30:26:2d:5e:27:f0:9e:62:7d:dd:
69:2a:bc:70:61:8a:e6:db:72:23:ec:a2:bc:97:16:07:46:dd:
8d:1c:ce:66:2b:21:56:c2:0a:58:64:7d:d2:a1:da:43:60:42:
2b:4d:dd:c0:d8:f1:4c:1b:61:3b:c8:62:0f:75:87:a9:8b:41:
b7:b3:e5:b3:db:3f:aa:fe:3d:44:3c:22:f9:5e:aa:66:73:ad:
c5:d6:ba:43
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBagwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTQx
NTA4MDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDU5RUYzNzJBMTU1MTE5
MDY3NDY1MDhEMjdCNEM3RTNCRkYwQjkyMjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLpkJJoM+us2yvVqxokRiAFzFkfHAM6dhNuc5g+w25xMDPvIYk
wZTP3XlzbcksScsBsymmnxTxafdgJSXinytdPDRI/U2N70Zs/Ath8+QN8wvxZfNU
cBzod/JEkUOG2hgao+K4QKo/Iosx2PekMDSJTa4jtXfQV+eDokfRGTmaJEirLhdH
sfcFun4CH2nZ8+SG0GlcK/HAtTT69PYErbp7oV4xGvRnu64pZGE2l7YX46wExD8K
qdic+GKtxKvTY5E4dlC1sQrjPAOdyXhTPmFarZ3ilc/mtHp86vvcvCgqZBCHmNcq
7OG15PTpGxJcVg8LEGDbi+AckY3HYoCzo7yTAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUWe83KhVRGQZ0ZQjSe0x+O/8LkiAwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9XZTgzS2hWUkdRWjBaUWpT
ZTB4LU9fOExraUEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAH2nTGaIex8CqZe+U/XqfTAxOYOo8dENbdtd
+Ql+xVSYXAWQ8GuHxV/hdtN002JKA8B3V/pRxwsNWaUnaeQ8/zcRcAaj+gfN1ev3
iW02mORI/wQa0Ud0dYpJPu5no+rWSItBBBHBzbMtpalLsVdZDGkvg5TPlX9O5Olm
a6QcPY61zy24rfkdEsRDKbzBU3Kfl5/jhwi/QpF5SQe+34FSPVubQdhV6yq8/uE9
MCYtXifwnmJ93WkqvHBhiubbciPsoryXFgdG3Y0czmYrIVbCClhkfdKh2kNgQitN
3cDY8UwbYTvIYg91h6mLQbez5bPbP6r+PUQ8IvleqmZzrcXWukM=
-----END CERTIFICATE-----
Generated at Sat May 17 19:59:54 2025 by rpki-client