Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/cU-csQr87s5mnZnKWgEBhyqIa-s.roa
File: cU-csQr87s5mnZnKWgEBhyqIa-s.roa (raw, json)
Hash identifier: yYtntFaQ3rrn2IM0Vt+xaBYZi+9gx1QGiw2fLy9aNrw=
Subject key identifier: 71:4F:9C:B1:0A:FC:EE:CE:66:9D:99:CA:5A:01:01:87:2A:88:6B:EB
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 07A8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/cU-csQr87s5mnZnKWgEBhyqIa-s.roa
Signing time: Sat 17 May 2025 07:08:15 +0000
ROA not before: Sat 17 May 2025 07:08:15 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1960 (0x7a8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 17 07:08:15 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=714F9CB10AFCEECE669D99CA5A0101872A886BEB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:2b:8a:6c:e7:be:44:57:ce:95:b1:10:64:dc:
aa:07:0b:08:33:b9:c2:f1:a9:a4:5b:e7:d6:df:ba:
1f:3c:a6:44:c4:8a:83:df:ba:d5:69:be:a4:b2:ba:
2d:8a:ab:f1:4d:7a:f4:de:bb:ff:0d:b8:dd:58:30:
19:44:ac:1a:c8:ab:b9:18:7e:e8:e2:0c:05:4a:66:
55:f2:b5:92:76:98:ed:65:62:bd:03:c0:6f:94:27:
c7:26:0d:63:09:23:65:d3:2c:96:93:62:34:5d:5b:
4b:85:4c:a6:62:57:00:f2:5d:d9:4b:f9:ae:1b:73:
48:b9:6e:b0:81:8f:e9:7a:c1:f5:c0:4b:7f:e8:71:
73:2a:b4:b6:cd:bd:ac:01:de:3e:48:e4:0b:2a:e6:
0d:9d:d1:b6:3d:f3:a0:e7:46:96:b0:3f:eb:4d:60:
ce:93:94:62:94:32:8d:62:34:ad:90:1d:6d:db:5a:
d5:bd:b4:a7:a6:22:6e:a7:60:ca:d4:1a:1a:30:86:
55:45:a5:38:40:a4:37:7a:61:ba:6a:80:48:fb:e8:
36:56:a3:ca:9e:d7:e9:1e:0d:d1:f6:d2:18:74:75:
9c:6c:e4:2c:55:db:cd:9d:9c:b4:14:35:74:ed:57:
b7:57:4f:6f:e5:8d:36:01:a0:60:a0:fb:08:12:60:
2a:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:4F:9C:B1:0A:FC:EE:CE:66:9D:99:CA:5A:01:01:87:2A:88:6B:EB
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/cU-csQr87s5mnZnKWgEBhyqIa-s.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
67:3a:28:91:ee:25:d1:a9:03:b0:5d:19:29:f3:2a:95:29:99:
e0:79:58:a4:4f:32:e9:46:77:32:30:1b:d1:a0:28:e6:18:b4:
44:3d:c3:6d:e9:a1:4b:8e:26:2f:cd:ac:74:3f:65:9b:46:67:
3c:37:76:9f:6a:a0:7e:e3:2a:36:c3:4e:36:a6:81:32:62:14:
e0:82:07:c2:67:08:0d:47:5b:56:f9:e4:fa:de:eb:d1:bc:22:
7c:ab:61:74:2c:7a:21:8b:9b:2a:df:d3:5f:53:b6:a3:14:1a:
e9:d2:96:eb:cc:2d:73:ab:79:88:d5:48:28:00:3a:cf:13:21:
e3:8b:ff:bd:d3:d3:ec:aa:81:e9:58:c5:97:f0:0a:66:65:7d:
ff:24:59:42:da:b6:24:25:59:89:00:bf:2f:08:c7:48:bf:1a:
7a:8b:9d:a6:07:28:78:a2:14:df:2d:73:90:de:80:6d:73:64:
86:72:df:aa:d6:c4:e3:c9:d0:82:94:30:1b:e9:9a:4d:76:b9:
5b:9f:b1:7f:39:7d:8a:f0:d1:d7:7c:67:42:58:b6:c7:b5:63:
b5:f6:e0:60:03:9a:e1:e9:19:72:47:33:c1:be:a7:19:31:fa:
fb:e6:aa:50:ec:49:cc:e5:d5:61:f1:78:aa:9e:7d:34:f4:d3:
a4:82:ac:02
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICB6gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTcw
NzA4MTVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDcxNEY5Q0IxMEFGQ0VF
Q0U2NjlEOTlDQTVBMDEwMTg3MkE4ODZCRUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQClK4ps575EV86VsRBk3KoHCwgzucLxqaRb59bfuh88pkTEioPf
utVpvqSyui2Kq/FNevTeu/8NuN1YMBlErBrIq7kYfujiDAVKZlXytZJ2mO1lYr0D
wG+UJ8cmDWMJI2XTLJaTYjRdW0uFTKZiVwDyXdlL+a4bc0i5brCBj+l6wfXAS3/o
cXMqtLbNvawB3j5I5Asq5g2d0bY986DnRpawP+tNYM6TlGKUMo1iNK2QHW3bWtW9
tKemIm6nYMrUGhowhlVFpThApDd6YbpqgEj76DZWo8qe1+keDdH20hh0dZxs5CxV
282dnLQUNXTtV7dXT2/ljTYBoGCg+wgSYCqJAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUcU+csQr87s5mnZnKWgEBhyqIa+swHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9jVS1jc1FyODdzNW1uWm5L
V2dFQmh5cUlhLXMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAGc6KJHuJdGpA7BdGSnzKpUpmeB5WKRPMulG
dzIwG9GgKOYYtEQ9w23poUuOJi/NrHQ/ZZtGZzw3dp9qoH7jKjbDTjamgTJiFOCC
B8JnCA1HW1b55Pre69G8InyrYXQseiGLmyrf019TtqMUGunSluvMLXOreYjVSCgA
Os8TIeOL/73T0+yqgelYxZfwCmZlff8kWULatiQlWYkAvy8Ix0i/GnqLnaYHKHii
FN8tc5DegG1zZIZy36rWxOPJ0IKUMBvpmk12uVufsX85fYrw0dd8Z0JYtse1Y7X2
4GADmuHpGXJHM8G+pxkx+vvmqlDsSczl1WHxeKqefTT006SCrAI=
-----END CERTIFICATE-----
Generated at Sat May 17 22:40:18 2025 by rpki-client