Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/cr6KRwMQLrKrVJ3QC8tnXwxo2Vg.roa
File: cr6KRwMQLrKrVJ3QC8tnXwxo2Vg.roa (raw, json)
Hash identifier: J4XvBXDOOat4bh1fEgM2wLBNbxN6K+Ux7oUsiPrmRHo=
Subject key identifier: 72:BE:8A:47:03:10:2E:B2:AB:54:9D:D0:0B:CB:67:5F:0C:68:D9:58
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 05E0
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/cr6KRwMQLrKrVJ3QC8tnXwxo2Vg.roa
Signing time: Wed 14 May 2025 22:08:01 +0000
ROA not before: Wed 14 May 2025 22:08:01 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1504 (0x5e0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 14 22:08:01 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=72BE8A4703102EB2AB549DD00BCB675F0C68D958
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:79:84:bd:c0:a3:09:84:47:84:d1:54:8e:7f:
6f:84:a1:49:92:45:2f:bb:bb:d9:49:f5:0b:40:cc:
cb:7a:ad:e9:72:a4:b5:57:a2:a5:39:2c:7a:22:87:
42:71:b2:7a:48:7c:c9:11:6a:c3:24:15:cf:65:e1:
d5:21:16:76:c1:ea:9a:c5:54:6b:87:4d:2b:91:1e:
51:70:72:e2:d5:46:cd:3d:b8:23:08:18:d8:8d:1f:
a5:b0:fd:65:47:5e:46:c8:aa:c9:85:e4:de:67:df:
02:43:3c:bc:58:c3:81:bd:64:1b:46:84:f1:cc:fb:
95:76:cf:30:2b:8f:4b:e1:0e:d7:be:ca:2c:e6:1e:
99:16:fb:35:f3:b0:bf:77:27:5b:de:be:08:09:b3:
45:0c:9a:d8:09:5f:80:38:5d:bd:21:22:20:94:96:
25:56:47:e8:a6:0e:72:a2:57:c9:6b:44:43:07:eb:
63:61:63:88:3a:f2:58:21:79:14:fd:95:b0:ec:d8:
af:6a:f7:25:04:78:14:9a:19:63:f3:e7:07:bf:24:
d6:3e:7f:59:de:15:b9:27:85:10:53:a4:a2:3b:53:
18:32:4f:6a:b4:81:d7:37:41:46:3d:ea:e0:c7:4f:
cc:da:7e:93:83:16:b5:0a:16:29:6d:ae:e1:3c:f4:
ea:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:BE:8A:47:03:10:2E:B2:AB:54:9D:D0:0B:CB:67:5F:0C:68:D9:58
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/cr6KRwMQLrKrVJ3QC8tnXwxo2Vg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
97:f7:7b:ba:d3:24:53:d7:42:3b:2b:00:65:f1:f0:38:c3:df:
88:02:42:81:33:7e:a1:d3:37:07:08:7f:29:3c:a1:ee:e1:1c:
54:0f:7d:57:df:c0:33:ea:8b:27:e0:bf:e2:86:42:29:75:1a:
7b:52:66:18:a4:8a:04:58:e1:48:9d:bd:2e:5f:9b:6b:18:b5:
17:0d:ce:7d:da:7e:15:48:a6:75:0a:c3:99:a5:1a:c7:eb:7c:
0c:60:62:f1:b3:1c:5b:c7:9e:83:ca:70:dc:b6:2b:94:1c:99:
10:f5:be:64:4e:47:e0:0e:e0:dd:86:4d:7d:fd:b2:c7:c7:20:
9b:2e:65:d9:86:2e:3b:40:57:d4:93:4e:49:b5:ee:81:fc:0b:
8e:b8:a9:cd:9d:0c:d4:4d:50:56:ac:39:f5:30:8c:32:13:e5:
65:1f:4d:31:d9:2d:18:32:93:8f:44:d1:30:d7:79:a9:0d:67:
b6:82:0f:35:4a:8a:d6:4c:6e:b9:cd:b8:fb:75:ab:5a:7e:7f:
d9:2b:d5:3d:08:81:fc:00:ac:5f:b1:d4:27:d8:66:71:60:00:
a5:26:9f:79:66:f5:19:6e:ee:14:1c:ba:9c:84:67:8e:73:92:
7f:98:7e:6d:d6:8d:e5:27:ca:92:b9:19:0f:c9:94:52:0b:18:
2d:70:4f:2a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBeAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTQy
MjA4MDFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDcyQkU4QTQ3MDMxMDJF
QjJBQjU0OUREMDBCQ0I2NzVGMEM2OEQ5NTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDzeYS9wKMJhEeE0VSOf2+EoUmSRS+7u9lJ9QtAzMt6relypLVX
oqU5LHoih0JxsnpIfMkRasMkFc9l4dUhFnbB6prFVGuHTSuRHlFwcuLVRs09uCMI
GNiNH6Ww/WVHXkbIqsmF5N5n3wJDPLxYw4G9ZBtGhPHM+5V2zzArj0vhDte+yizm
HpkW+zXzsL93J1vevggJs0UMmtgJX4A4Xb0hIiCUliVWR+imDnKiV8lrREMH62Nh
Y4g68lgheRT9lbDs2K9q9yUEeBSaGWPz5we/JNY+f1neFbknhRBTpKI7UxgyT2q0
gdc3QUY96uDHT8zafpODFrUKFiltruE89OrTAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUcr6KRwMQLrKrVJ3QC8tnXwxo2VgwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9jcjZLUndNUUxyS3JWSjNR
Qzh0blh3eG8yVmcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAJf3e7rTJFPXQjsrAGXx8DjD34gCQoEzfqHT
NwcIfyk8oe7hHFQPfVffwDPqiyfgv+KGQil1GntSZhikigRY4UidvS5fm2sYtRcN
zn3afhVIpnUKw5mlGsfrfAxgYvGzHFvHnoPKcNy2K5QcmRD1vmROR+AO4N2GTX39
ssfHIJsuZdmGLjtAV9STTkm17oH8C464qc2dDNRNUFasOfUwjDIT5WUfTTHZLRgy
k49E0TDXeakNZ7aCDzVKitZMbrnNuPt1q1p+f9kr1T0IgfwArF+x1CfYZnFgAKUm
n3lm9Rlu7hQcupyEZ45zkn+Yfm3WjeUnypK5GQ/JlFILGC1wTyo=
-----END CERTIFICATE-----
Generated at Sat May 17 22:37:11 2025 by rpki-client