Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/aY-iNbosqkXVTEUoNdMS-FlS_jE.roa
File: aY-iNbosqkXVTEUoNdMS-FlS_jE.roa (raw, json)
Hash identifier: 4JPeMNel6y350GBykT49jwnpxTsqNC+xYoFigTq2NIY=
Subject key identifier: 69:8F:A2:35:BA:2C:AA:45:D5:4C:45:28:35:D3:12:F8:59:52:FE:31
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 04A8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/aY-iNbosqkXVTEUoNdMS-FlS_jE.roa
Signing time: Tue 13 May 2025 07:08:01 +0000
ROA not before: Tue 13 May 2025 07:08:01 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1192 (0x4a8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 13 07:08:01 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=698FA235BA2CAA45D54C452835D312F85952FE31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:d2:d4:54:c6:bf:62:ea:3a:86:91:f2:59:66:
70:cc:c3:16:94:fc:fa:18:9f:cb:34:15:fd:c6:79:
6a:95:ad:fb:bc:25:13:0f:ce:8d:ef:63:43:9f:f7:
f9:1e:91:af:ec:47:02:64:bf:30:d9:62:45:ea:43:
3d:29:53:19:47:2e:6b:8b:84:f1:ee:13:4e:af:a3:
46:5d:28:fa:15:d5:9e:62:c2:bd:5b:19:75:00:32:
13:95:dd:68:eb:b3:75:db:9f:72:fb:1d:e7:b1:da:
88:6a:cb:a8:90:c9:c6:24:6b:07:7a:27:d0:bb:0c:
f6:f2:13:43:6b:f3:04:f7:0c:fe:dc:18:10:4b:62:
0a:7d:ce:9e:e9:dc:ae:60:18:c4:1d:61:a5:de:69:
6f:f5:a9:0b:24:89:71:bf:6b:a5:ba:93:65:aa:fb:
71:6c:8b:ad:5d:92:24:73:57:55:99:f0:1a:38:d0:
34:f8:ae:a2:e8:ff:3c:39:e9:30:61:8c:7b:31:d1:
55:66:b6:de:05:7c:43:92:5b:30:65:a3:30:a5:b3:
73:da:a3:4c:8c:c2:58:4e:9d:0e:37:7a:ef:57:f3:
c6:0f:c0:f4:fc:7c:2f:44:e7:38:2a:79:e8:9c:62:
1f:fd:8d:fd:44:c0:0e:27:19:8b:09:66:3a:db:fe:
75:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:8F:A2:35:BA:2C:AA:45:D5:4C:45:28:35:D3:12:F8:59:52:FE:31
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/aY-iNbosqkXVTEUoNdMS-FlS_jE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
37:0b:0b:17:76:57:b6:6e:7b:a3:fb:af:e8:f1:64:3a:2a:64:
ec:b9:00:6f:e8:3c:d4:d4:70:96:3d:02:40:2b:e4:a2:f5:a4:
17:26:8a:a7:13:ea:d6:a4:c0:67:61:48:17:c9:f4:e4:84:c3:
43:6e:59:ec:de:bd:e9:b2:93:9a:e3:a6:ea:38:95:a7:75:5c:
da:1c:07:90:af:eb:fd:fc:a6:e7:64:5b:9b:64:09:81:03:80:
c7:7f:e9:60:34:cc:57:95:40:92:08:83:bb:55:48:7f:87:ac:
71:39:da:65:02:95:8e:47:44:89:c5:0d:af:29:cc:a1:90:64:
11:62:81:9c:9c:2a:e4:19:f7:ae:81:20:23:53:cd:84:0a:73:
9e:05:48:7e:f1:b0:92:2e:2d:85:96:c4:1e:c4:18:a4:8b:a7:
8d:f2:e9:ce:23:6c:e9:ae:1a:72:63:60:08:03:2c:ad:aa:2f:
f4:19:fd:cd:5e:ed:84:d0:0c:40:74:9e:a4:a8:92:2a:dc:23:
36:43:10:ee:16:50:3d:78:23:93:aa:2c:b8:f8:7e:15:ef:8b:
3d:b9:c7:43:c3:6c:a6:e8:ca:33:49:14:ee:ca:6e:37:86:b6:
b7:e3:7f:2c:14:5c:17:d3:c7:3d:be:41:13:e0:01:aa:38:a7:
be:f1:fb:16
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBKgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTMw
NzA4MDFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDY5OEZBMjM1QkEyQ0FB
NDVENTRDNDUyODM1RDMxMkY4NTk1MkZFMzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC10tRUxr9i6jqGkfJZZnDMwxaU/PoYn8s0Ff3GeWqVrfu8JRMP
zo3vY0Of9/keka/sRwJkvzDZYkXqQz0pUxlHLmuLhPHuE06vo0ZdKPoV1Z5iwr1b
GXUAMhOV3Wjrs3Xbn3L7Heex2ohqy6iQycYkawd6J9C7DPbyE0Nr8wT3DP7cGBBL
Ygp9zp7p3K5gGMQdYaXeaW/1qQskiXG/a6W6k2Wq+3Fsi61dkiRzV1WZ8Bo40DT4
rqLo/zw56TBhjHsx0VVmtt4FfEOSWzBlozCls3Pao0yMwlhOnQ43eu9X88YPwPT8
fC9E5zgqeeicYh/9jf1EwA4nGYsJZjrb/nUxAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUaY+iNbosqkXVTEUoNdMS+FlS/jEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9hWS1pTmJvc3FrWFZURVVv
TmRNUy1GbFNfakUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBADcLCxd2V7Zue6P7r+jxZDoqZOy5AG/oPNTU
cJY9AkAr5KL1pBcmiqcT6takwGdhSBfJ9OSEw0NuWezevemyk5rjpuo4lad1XNoc
B5Cv6/38pudkW5tkCYEDgMd/6WA0zFeVQJIIg7tVSH+HrHE52mUClY5HRInFDa8p
zKGQZBFigZycKuQZ966BICNTzYQKc54FSH7xsJIuLYWWxB7EGKSLp43y6c4jbOmu
GnJjYAgDLK2qL/QZ/c1e7YTQDEB0nqSokircIzZDEO4WUD14I5OqLLj4fhXviz25
x0PDbKboyjNJFO7KbjeGtrfjfywUXBfTxz2+QRPgAao4p77x+xY=
-----END CERTIFICATE-----
Generated at Sat May 17 21:21:46 2025 by rpki-client