Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/aOfyJwv1j3-dfwyfNN0PHCyTNVc.roa
File: aOfyJwv1j3-dfwyfNN0PHCyTNVc.roa (raw, json)
Hash identifier: VKG7m+GQ3rbpCQPX1QaQJ/5e4trQfWZ48hleD65kXkg=
Subject key identifier: 68:E7:F2:27:0B:F5:8F:7F:9D:7F:0C:9F:34:DD:0F:1C:2C:93:35:57
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 02C8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/aOfyJwv1j3-dfwyfNN0PHCyTNVc.roa
Signing time: Sat 10 May 2025 19:07:51 +0000
ROA not before: Sat 10 May 2025 19:07:51 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 712 (0x2c8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 10 19:07:51 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=68E7F2270BF58F7F9D7F0C9F34DD0F1C2C933557
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:06:cc:e0:89:4a:db:dd:07:48:12:bd:37:99:
06:e5:ea:14:ff:ef:58:9f:a6:4b:ba:48:1a:06:16:
1f:90:d9:0c:34:91:1d:f8:54:99:d8:ac:13:48:43:
d8:78:9a:3b:d9:96:e5:2c:80:8a:0a:6d:a8:99:b5:
d2:41:02:ec:fb:68:fd:28:72:7a:60:a0:e5:f4:26:
8d:57:bf:46:05:12:de:c0:a1:85:7d:83:2b:b1:39:
aa:ed:5b:38:ff:f9:5d:64:35:45:23:ab:8d:f5:c8:
fa:62:db:84:de:b1:e0:ee:a6:4f:8c:86:03:a3:63:
27:a3:2f:5f:c0:d2:c9:7f:68:eb:42:9f:d0:ee:34:
0b:e5:c5:89:30:5b:97:22:a3:69:7f:ee:46:c4:66:
2e:fd:34:3b:f9:67:32:30:05:f4:72:1d:16:ba:c6:
1f:29:5d:79:b2:d3:35:31:09:fa:fd:46:7a:f3:c6:
35:86:27:d6:c9:fe:2a:18:87:62:69:41:fe:ac:52:
3b:c4:43:7e:7d:fe:0c:bb:c3:a8:a8:95:a6:b8:ac:
56:31:0c:e8:73:44:83:f9:60:5f:6f:84:93:d2:e7:
54:97:c3:23:d2:b9:91:26:4e:79:63:dd:b9:81:24:
ab:82:72:a0:42:33:96:42:a4:09:a3:a2:9a:d4:ec:
bf:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:E7:F2:27:0B:F5:8F:7F:9D:7F:0C:9F:34:DD:0F:1C:2C:93:35:57
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/aOfyJwv1j3-dfwyfNN0PHCyTNVc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
79:88:71:68:8a:86:cd:a9:26:4c:33:d6:81:63:e0:50:bc:df:
72:5c:dd:ef:2a:e9:5e:52:4c:2d:d7:b2:3b:24:bb:50:fe:0a:
da:ba:e1:96:d5:5f:3e:c6:84:e3:8e:fb:f4:c8:c5:2f:d8:10:
11:65:ff:ce:65:eb:98:33:8c:a9:19:88:15:a1:7a:73:3f:ad:
7a:a2:ac:2d:ab:d0:78:92:61:a7:d5:8c:44:f8:b2:29:d4:85:
20:63:29:0b:ec:40:e1:88:3e:2c:f9:5c:15:15:f9:f9:b8:27:
2a:da:56:39:9a:fa:9b:be:05:ba:2e:9d:22:68:a8:77:9b:df:
df:c3:0e:bc:60:56:f8:a2:aa:15:e3:3d:ed:c5:d1:ad:d2:33:
43:eb:df:28:b2:27:77:71:60:8b:18:0e:9d:91:94:ad:a4:5a:
29:81:f1:88:51:8c:21:d4:cc:18:bb:a5:df:e9:f9:3e:62:f2:
29:84:ec:a5:c8:39:6e:57:19:0a:31:ff:90:6e:5d:dd:8d:79:
5b:48:ca:bb:03:bc:96:81:9a:a9:c8:d3:46:a1:9c:84:01:5d:
eb:94:31:5f:4f:32:3d:10:d0:ec:28:38:7b:6e:0c:25:1e:b8:
be:7c:12:84:3e:34:bd:68:ce:f6:03:1c:03:7f:9e:3c:a1:ff:
fe:c5:2a:0a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAsgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTAx
OTA3NTFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDY4RTdGMjI3MEJGNThG
N0Y5RDdGMEM5RjM0REQwRjFDMkM5MzM1NTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5BszgiUrb3QdIEr03mQbl6hT/71ifpku6SBoGFh+Q2Qw0kR34
VJnYrBNIQ9h4mjvZluUsgIoKbaiZtdJBAuz7aP0ocnpgoOX0Jo1Xv0YFEt7AoYV9
gyuxOartWzj/+V1kNUUjq431yPpi24TeseDupk+MhgOjYyejL1/A0sl/aOtCn9Du
NAvlxYkwW5cio2l/7kbEZi79NDv5ZzIwBfRyHRa6xh8pXXmy0zUxCfr9RnrzxjWG
J9bJ/ioYh2JpQf6sUjvEQ359/gy7w6iolaa4rFYxDOhzRIP5YF9vhJPS51SXwyPS
uZEmTnlj3bmBJKuCcqBCM5ZCpAmjoprU7L/LAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUaOfyJwv1j3+dfwyfNN0PHCyTNVcwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9hT2Z5Snd2MWozLWRmd3lm
Tk4wUEhDeVROVmMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAHmIcWiKhs2pJkwz1oFj4FC833Jc3e8q6V5S
TC3Xsjsku1D+Ctq64ZbVXz7GhOOO+/TIxS/YEBFl/85l65gzjKkZiBWhenM/rXqi
rC2r0HiSYafVjET4sinUhSBjKQvsQOGIPiz5XBUV+fm4JyraVjma+pu+BbounSJo
qHeb39/DDrxgVviiqhXjPe3F0a3SM0Pr3yiyJ3dxYIsYDp2RlK2kWimB8YhRjCHU
zBi7pd/p+T5i8imE7KXIOW5XGQox/5BuXd2NeVtIyrsDvJaBmqnI00ahnIQBXeuU
MV9PMj0Q0OwoOHtuDCUeuL58EoQ+NL1ozvYDHAN/njyh//7FKgo=
-----END CERTIFICATE-----
Generated at Sat May 17 22:38:24 2025 by rpki-client