Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/XhaCcyBGRUSJPTwrJ_gsahV91sk.roa
File: XhaCcyBGRUSJPTwrJ_gsahV91sk.roa (raw, json)
Hash identifier: Fgetp4xJ/1+8P9E0Qo66Yr2nbgj+kKZzFv+pL5SFB2Y=
Subject key identifier: 5E:16:82:73:20:46:45:44:89:3D:3C:2B:27:F8:2C:6A:15:7D:D6:C9
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0228
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XhaCcyBGRUSJPTwrJ_gsahV91sk.roa
Signing time: Fri 09 May 2025 23:08:20 +0000
ROA not before: Fri 09 May 2025 23:08:20 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 552 (0x228)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 9 23:08:20 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=5E16827320464544893D3C2B27F82C6A157DD6C9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:cf:44:6b:a4:85:65:42:8f:bf:f7:a3:7f:c1:
40:7c:b1:d9:62:76:fc:8d:eb:84:34:7b:8c:1c:45:
e4:e1:6b:aa:e8:0a:b2:6e:eb:f2:cb:c1:99:f0:48:
b0:27:9d:2d:7b:cf:ff:8a:c5:f0:b9:f7:3f:f4:99:
f3:52:cf:cc:1c:2c:d2:d7:d8:c1:d4:49:c9:c8:50:
5f:f6:be:98:ba:c0:47:65:cf:cb:fd:0c:ec:32:4e:
9c:12:36:3f:e2:e3:87:c5:75:1c:df:d5:b9:0f:88:
18:e7:ba:e3:47:b0:a8:0b:18:e5:92:67:06:89:8d:
03:12:c9:e3:d7:a2:40:0e:dc:ca:40:1d:00:15:cd:
13:f8:d5:60:00:d6:39:f7:64:fd:89:6d:24:ed:5b:
46:cf:0a:75:2f:00:b0:fc:19:42:10:bb:c3:5d:1c:
ef:00:b6:26:c0:fa:dc:cf:ac:b7:95:8f:e1:28:f2:
e5:2d:4d:52:dd:17:46:b8:c0:85:62:01:b2:b1:cc:
fa:4e:5c:33:cb:c5:c9:c6:4e:31:9a:7e:5f:4d:cc:
d7:f9:2a:02:93:df:32:3e:99:cb:5d:70:58:b6:a0:
cd:f4:ab:a4:73:28:4e:e6:7b:24:02:5b:68:be:33:
26:99:ad:56:49:f2:3a:58:ff:35:6b:dc:e5:6c:43:
cd:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:16:82:73:20:46:45:44:89:3D:3C:2B:27:F8:2C:6A:15:7D:D6:C9
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XhaCcyBGRUSJPTwrJ_gsahV91sk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
16:04:6d:76:14:c4:15:96:36:ae:f2:38:0d:e8:fa:ea:7d:1d:
cf:b1:d0:82:1f:83:5b:f2:6f:a1:3e:1c:94:bf:a8:24:62:01:
98:d8:4c:17:5f:ed:a3:04:cc:13:c6:f9:15:d0:4d:81:a3:83:
37:ce:60:b0:0b:d0:f2:c9:08:6e:39:f2:6f:c8:57:e7:53:1a:
81:d3:72:65:98:bb:c5:dc:ae:6c:78:a8:ae:a8:72:12:b3:46:
21:01:3f:f4:d8:31:a1:45:08:5d:86:7a:b5:87:05:67:fc:13:
29:28:b9:d7:d5:58:ea:0e:ed:97:f3:49:81:d0:00:75:7c:99:
c7:be:7d:6d:c9:e6:ea:41:81:f6:87:2e:89:8c:97:4d:52:27:
90:30:eb:df:34:ad:30:d2:b2:cf:03:5f:c1:23:6e:d6:e8:5d:
66:27:38:77:ec:5b:d0:4f:39:aa:e3:a4:6e:78:8a:61:86:53:
c1:af:a1:f3:89:5f:b4:22:07:10:79:60:15:be:3b:4f:92:a4:
f1:e9:61:b2:75:7b:50:7b:8a:3d:64:9e:53:65:96:3c:86:b9:
cc:54:5c:f1:2b:30:6a:9c:f2:ca:fc:06:48:fd:db:0f:05:ee:
49:e6:48:f1:67:84:27:50:b8:0a:4d:77:24:1c:b7:ad:0f:14:
57:66:aa:1e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAigwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MDky
MzA4MjBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDVFMTY4MjczMjA0NjQ1
NDQ4OTNEM0MyQjI3RjgyQzZBMTU3REQ2QzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/z0RrpIVlQo+/96N/wUB8sdlidvyN64Q0e4wcReTha6roCrJu
6/LLwZnwSLAnnS17z/+KxfC59z/0mfNSz8wcLNLX2MHUScnIUF/2vpi6wEdlz8v9
DOwyTpwSNj/i44fFdRzf1bkPiBjnuuNHsKgLGOWSZwaJjQMSyePXokAO3MpAHQAV
zRP41WAA1jn3ZP2JbSTtW0bPCnUvALD8GUIQu8NdHO8AtibA+tzPrLeVj+Eo8uUt
TVLdF0a4wIViAbKxzPpOXDPLxcnGTjGafl9NzNf5KgKT3zI+mctdcFi2oM30q6Rz
KE7meyQCW2i+MyaZrVZJ8jpY/zVr3OVsQ83/AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUXhaCcyBGRUSJPTwrJ/gsahV91skwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9YaGFDY3lCR1JVU0pQVHdy
Sl9nc2FoVjkxc2sucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBABYEbXYUxBWWNq7yOA3o+up9Hc+x0IIfg1vy
b6E+HJS/qCRiAZjYTBdf7aMEzBPG+RXQTYGjgzfOYLAL0PLJCG458m/IV+dTGoHT
cmWYu8Xcrmx4qK6ochKzRiEBP/TYMaFFCF2GerWHBWf8EykoudfVWOoO7ZfzSYHQ
AHV8mce+fW3J5upBgfaHLomMl01SJ5Aw6980rTDSss8DX8EjbtboXWYnOHfsW9BP
OarjpG54imGGU8GvofOJX7QiBxB5YBW+O0+SpPHpYbJ1e1B7ij1knlNlljyGucxU
XPErMGqc8sr8Bkj92w8F7knmSPFnhCdQuApNdyQct60PFFdmqh4=
-----END CERTIFICATE-----
Generated at Sun May 18 10:02:30 2025 by rpki-client