Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/aFkzDzzZUguBjrlea2y0qCWV3ls.roa
File: aFkzDzzZUguBjrlea2y0qCWV3ls.roa (raw, json)
Hash identifier: rzGon/cuktta9GmIHZmbBR1c6fg+5/J/BATaYLpw8Oo=
Subject key identifier: 68:59:33:0F:3C:D9:52:0B:81:8E:B9:5E:6B:6C:B4:A8:25:95:DE:5B
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 02B0
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/aFkzDzzZUguBjrlea2y0qCWV3ls.roa
Signing time: Sat 10 May 2025 16:07:51 +0000
ROA not before: Sat 10 May 2025 16:07:51 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 688 (0x2b0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 10 16:07:51 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=6859330F3CD9520B818EB95E6B6CB4A82595DE5B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:9c:88:d5:e3:db:d9:e4:34:a1:f9:f0:9f:7b:
be:54:5d:35:4c:c7:3a:d4:bd:a7:30:5d:fd:01:a8:
7d:c3:83:92:53:63:06:f6:51:f9:cf:e5:ba:10:c2:
28:a5:f9:8c:94:f1:a8:21:bf:87:9d:75:89:af:ae:
ee:ae:3e:b5:e5:3a:bb:86:2f:59:fe:aa:1e:3d:4b:
09:0e:49:2a:cc:21:b7:39:00:24:3d:71:30:cc:39:
50:7e:9b:55:95:cd:79:13:6a:25:8d:5d:2e:48:59:
56:94:84:aa:a0:5d:d1:8f:1d:63:fc:5a:b5:7f:e9:
9c:f7:37:7c:02:60:20:a6:b5:17:16:12:01:68:b2:
b4:a1:4a:20:72:5d:40:99:89:88:85:12:90:f9:3f:
ac:fd:f3:81:71:01:93:b7:3a:57:e3:bf:b3:fc:71:
d6:90:d3:12:8c:12:54:03:0e:cc:05:86:0e:90:01:
bb:27:1e:64:cc:62:f5:37:b0:e2:d9:75:11:4c:93:
96:04:c8:99:78:2f:bf:2e:43:7d:c0:b7:26:f3:89:
60:95:3f:3a:d3:cc:51:6f:c2:22:61:92:b1:7b:76:
8a:fa:d5:00:54:75:1b:b1:5e:8a:bc:6e:09:8d:a9:
ba:2e:cb:8d:41:5c:a5:0d:25:d0:db:23:71:3b:20:
bd:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:59:33:0F:3C:D9:52:0B:81:8E:B9:5E:6B:6C:B4:A8:25:95:DE:5B
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/aFkzDzzZUguBjrlea2y0qCWV3ls.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
84:4a:51:31:9e:7d:87:c0:33:ab:23:7b:6d:91:4d:3e:36:70:
24:a7:48:51:b6:f2:56:01:8d:6a:8f:f5:f7:8c:c5:4e:fb:14:
36:a5:95:b5:b0:12:6a:f8:48:e2:a9:b7:8a:7a:78:c6:bf:31:
d3:0a:3a:b5:3c:5f:6e:3e:99:fc:14:a7:a0:f7:1d:82:8a:da:
2f:16:9f:7e:15:66:fc:a5:4b:0a:0b:ce:34:8f:3e:53:c0:f5:
52:d0:bd:1a:1d:4b:5e:c3:83:58:d3:cd:2d:b8:ee:25:62:65:
a1:bf:6a:3f:3d:d2:95:56:cc:4a:0f:dd:58:d2:54:c0:22:25:
7a:d3:ff:87:22:de:42:d5:b4:d0:bb:74:0f:11:ec:ca:e2:d7:
31:53:87:72:0d:cd:a2:1f:90:5f:97:95:bf:62:ee:88:b2:4c:
db:54:02:15:bc:33:b7:36:60:da:d7:3a:98:8f:71:96:2b:78:
45:05:1e:bd:67:7d:db:eb:e9:c9:dc:fb:0e:6c:3b:b4:02:b6:
99:14:ff:1c:84:30:de:7b:5f:c0:c7:e8:2f:bc:3a:8b:ed:af:
64:6f:9c:97:66:c3:47:cc:a1:4e:0c:ef:67:80:60:a3:64:3f:
c6:a3:8e:93:36:be:20:a3:3b:f6:62:b7:e4:b7:4e:a5:b4:cb:
f0:f0:e6:ce
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICArAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTAx
NjA3NTFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDY4NTkzMzBGM0NEOTUy
MEI4MThFQjk1RTZCNkNCNEE4MjU5NURFNUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC+nIjV49vZ5DSh+fCfe75UXTVMxzrUvacwXf0BqH3Dg5JTYwb2
UfnP5boQwiil+YyU8aghv4eddYmvru6uPrXlOruGL1n+qh49SwkOSSrMIbc5ACQ9
cTDMOVB+m1WVzXkTaiWNXS5IWVaUhKqgXdGPHWP8WrV/6Zz3N3wCYCCmtRcWEgFo
srShSiByXUCZiYiFEpD5P6z984FxAZO3Olfjv7P8cdaQ0xKMElQDDswFhg6QAbsn
HmTMYvU3sOLZdRFMk5YEyJl4L78uQ33AtybziWCVPzrTzFFvwiJhkrF7dor61QBU
dRuxXoq8bgmNqbouy41BXKUNJdDbI3E7IL0/AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUaFkzDzzZUguBjrlea2y0qCWV3lswHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9hRmt6RHp6WlVndUJqcmxl
YTJ5MHFDV1YzbHMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIRKUTGefYfAM6sje22RTT42cCSnSFG28lYB
jWqP9feMxU77FDallbWwEmr4SOKpt4p6eMa/MdMKOrU8X24+mfwUp6D3HYKK2i8W
n34VZvylSwoLzjSPPlPA9VLQvRodS17Dg1jTzS247iViZaG/aj890pVWzEoP3VjS
VMAiJXrT/4ci3kLVtNC7dA8R7Mri1zFTh3INzaIfkF+Xlb9i7oiyTNtUAhW8M7c2
YNrXOpiPcZYreEUFHr1nfdvr6cnc+w5sO7QCtpkU/xyEMN57X8DH6C+8Oovtr2Rv
nJdmw0fMoU4M72eAYKNkP8ajjpM2viCjO/Zit+S3TqW0y/Dw5s4=
-----END CERTIFICATE-----
Generated at Sat May 17 21:03:06 2025 by rpki-client