Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/XnIZ_Rwiv9O3f_gQ4FsHtmqfDA4.roa
File: XnIZ_Rwiv9O3f_gQ4FsHtmqfDA4.roa (raw, json)
Hash identifier: cOdvSFIlSpJORUaGOp6NY10oQuz/HtXo5rRu0ulpVsI=
Subject key identifier: 5E:72:19:FD:1C:22:BF:D3:B7:7F:F8:10:E0:5B:07:B6:6A:9F:0C:0E
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0798
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XnIZ_Rwiv9O3f_gQ4FsHtmqfDA4.roa
Signing time: Sat 17 May 2025 05:08:18 +0000
ROA not before: Sat 17 May 2025 05:08:18 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1944 (0x798)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 17 05:08:18 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=5E7219FD1C22BFD3B77FF810E05B07B66A9F0C0E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:17:7a:9d:44:7b:dc:82:de:b5:e1:9c:2a:f5:
ed:3f:66:3b:6d:e6:48:99:11:74:db:c7:4b:98:92:
1f:3a:34:4f:49:9c:5c:c6:c0:07:e4:ae:58:78:00:
2f:5f:52:72:9a:cd:9e:c3:5d:02:5d:bc:a8:ca:b1:
19:66:f3:5f:0f:1c:cf:81:01:8a:10:30:fb:ea:eb:
b1:a4:bf:d0:af:c3:66:a4:8f:ff:81:39:da:49:7e:
2c:3b:40:d3:ff:b9:ab:67:f6:ec:94:08:cc:d4:a5:
da:58:e9:31:5e:38:df:d7:b0:9a:ed:f1:29:cb:20:
a9:df:e5:d3:59:d3:47:ee:5f:19:3e:e0:cb:35:e2:
e6:30:d6:ed:ba:de:42:d2:db:e4:13:27:9a:6b:09:
f1:7e:87:a4:ea:4c:64:5b:ae:e3:3d:c9:a8:bd:77:
59:89:f6:0f:ba:c6:77:9a:57:07:86:c7:01:fc:b2:
1c:c9:10:4e:dc:29:c5:a2:33:42:0d:4b:2f:d4:35:
ab:43:17:5b:35:32:89:31:ad:b8:88:31:12:ed:47:
47:49:72:2d:32:73:f8:77:0b:1b:9e:2b:33:fb:12:
f7:23:ca:89:78:e9:10:e2:19:bc:9e:37:0f:3e:bb:
ac:1b:33:94:70:6f:18:0c:f0:a3:c1:20:2a:82:55:
ef:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:72:19:FD:1C:22:BF:D3:B7:7F:F8:10:E0:5B:07:B6:6A:9F:0C:0E
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XnIZ_Rwiv9O3f_gQ4FsHtmqfDA4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
58:28:3c:08:d6:98:57:ab:fd:1f:76:3c:df:9d:df:9a:fc:99:
2d:74:bf:63:ac:ea:87:c2:10:dd:9d:86:72:7d:c6:1c:04:ea:
fa:cd:91:8e:f9:58:ff:e6:ca:5b:63:3a:3f:ff:df:56:3a:19:
f2:10:61:04:06:42:52:38:81:a5:c7:89:ea:9a:a4:1c:6f:b9:
9f:75:2b:1d:a2:96:b8:02:75:d5:ef:c4:e1:c2:70:aa:a1:08:
02:66:c3:c3:48:b7:14:a9:89:98:1a:0b:cd:b2:58:9a:fe:7b:
f4:46:17:3c:2d:fc:dc:dd:41:1a:0a:90:fe:56:63:91:9d:ec:
6d:f4:18:98:5b:5b:01:99:62:4b:66:3d:63:ca:25:6c:8d:39:
6b:3a:02:c1:6a:f7:24:74:2d:d9:0b:bb:84:34:db:4f:b8:ae:
90:5f:51:f4:ec:b2:c7:ff:6d:6e:14:25:48:85:51:36:ed:e5:
56:cb:75:54:21:8b:1c:4f:e7:30:ef:93:c5:f5:17:6b:26:bf:
6e:56:9b:9c:a4:52:51:3f:36:f3:99:95:44:6d:03:60:5d:35:
cf:be:58:da:10:94:b3:51:6b:88:2c:48:84:57:18:d1:e1:d2:
40:27:fe:8c:7b:33:d3:99:85:4e:61:e6:34:8f:36:5a:33:62:
2e:92:c2:32
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICB5gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTcw
NTA4MThaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDVFNzIxOUZEMUMyMkJG
RDNCNzdGRjgxMEUwNUIwN0I2NkE5RjBDMEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxF3qdRHvcgt614Zwq9e0/Zjtt5kiZEXTbx0uYkh86NE9JnFzG
wAfkrlh4AC9fUnKazZ7DXQJdvKjKsRlm818PHM+BAYoQMPvq67Gkv9Cvw2akj/+B
OdpJfiw7QNP/uatn9uyUCMzUpdpY6TFeON/XsJrt8SnLIKnf5dNZ00fuXxk+4Ms1
4uYw1u263kLS2+QTJ5prCfF+h6TqTGRbruM9yai9d1mJ9g+6xneaVweGxwH8shzJ
EE7cKcWiM0INSy/UNatDF1s1MokxrbiIMRLtR0dJci0yc/h3CxueKzP7Evcjyol4
6RDiGbyeNw8+u6wbM5RwbxgM8KPBICqCVe/JAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUXnIZ/Rwiv9O3f/gQ4FsHtmqfDA4wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9YbklaX1J3aXY5TzNmX2dR
NEZzSHRtcWZEQTQucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAFgoPAjWmFer/R92PN+d35r8mS10v2Os6ofC
EN2dhnJ9xhwE6vrNkY75WP/myltjOj//31Y6GfIQYQQGQlI4gaXHieqapBxvuZ91
Kx2ilrgCddXvxOHCcKqhCAJmw8NItxSpiZgaC82yWJr+e/RGFzwt/NzdQRoKkP5W
Y5Gd7G30GJhbWwGZYktmPWPKJWyNOWs6AsFq9yR0LdkLu4Q020+4rpBfUfTsssf/
bW4UJUiFUTbt5VbLdVQhixxP5zDvk8X1F2smv25Wm5ykUlE/NvOZlURtA2BdNc++
WNoQlLNRa4gsSIRXGNHh0kAn/ox7M9OZhU5h5jSPNlozYi6SwjI=
-----END CERTIFICATE-----
Generated at Sun May 18 04:50:04 2025 by rpki-client