Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/dvjyIMNe1KmkHj4GQd5HEOOr808.roa
File: dvjyIMNe1KmkHj4GQd5HEOOr808.roa (raw, json)
Hash identifier: HC6+bAVgBv/ARg6LQvd8pCnvg7XOSLr4+d6YHfgHEpA=
Subject key identifier: 76:F8:F2:20:C3:5E:D4:A9:A4:1E:3E:06:41:DE:47:10:E3:AB:F3:4F
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0314
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/dvjyIMNe1KmkHj4GQd5HEOOr808.roa
Signing time: Sun 11 May 2025 04:38:21 +0000
ROA not before: Sun 11 May 2025 04:38:21 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 788 (0x314)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 11 04:38:21 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=76F8F220C35ED4A9A41E3E0641DE4710E3ABF34F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:2d:01:83:54:99:e4:fc:e2:0d:f3:20:28:a1:
eb:1d:d0:f1:64:bc:ff:16:eb:61:c0:d9:48:ad:81:
ed:ec:24:f7:ec:fb:8d:4a:9c:3f:94:c2:b7:4d:31:
27:97:f4:ce:8a:c2:f1:c4:fc:67:0d:77:a8:09:09:
c9:47:a7:56:d2:ed:16:86:29:96:71:64:34:cd:4d:
05:41:ef:3d:a1:e6:31:06:d4:76:e0:05:4d:1f:79:
4a:9b:a4:39:d0:1f:3d:a0:c5:22:30:17:35:4d:6a:
5b:c0:ff:46:f5:21:64:f0:0d:c6:a2:6e:24:d7:73:
ac:11:25:9c:1a:ab:29:1a:51:e5:39:ab:12:77:ac:
2a:93:27:c8:98:39:a1:39:1d:eb:1d:71:88:aa:9f:
f9:f3:51:1c:07:24:c4:82:df:be:b5:72:e0:94:6f:
aa:d5:e0:3c:51:73:46:29:b4:5f:14:d5:bf:f0:02:
dc:01:7b:a5:a2:23:50:d1:6b:89:26:8c:25:cb:02:
f5:c0:8f:62:30:e9:d1:09:fb:a1:85:a9:b2:db:90:
cb:f2:c4:6d:0e:48:35:a4:6e:fe:fb:48:60:cd:cb:
54:c4:d6:72:5d:43:b3:74:f9:2c:ef:3c:c5:27:02:
9b:cb:10:cd:fc:4a:42:7b:77:51:53:3d:07:d9:e1:
cf:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:F8:F2:20:C3:5E:D4:A9:A4:1E:3E:06:41:DE:47:10:E3:AB:F3:4F
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/dvjyIMNe1KmkHj4GQd5HEOOr808.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7e:52:73:c9:4f:ac:40:96:87:59:bf:08:81:2f:be:e4:05:f0:
81:8c:55:0a:78:66:cf:60:ce:42:00:91:a7:c0:97:3c:94:92:
07:26:ca:ac:e4:4c:71:08:49:09:45:20:c5:dd:d8:66:61:c1:
f4:2f:1b:ca:2b:c4:a3:e3:e1:38:3e:3d:55:ed:34:0b:8e:9f:
ba:e5:db:56:9f:46:48:3c:ab:f5:a7:cd:d0:f5:47:2a:40:b4:
41:ff:a1:8a:29:d6:17:9d:db:e3:b4:68:a3:e0:68:6d:db:ce:
fb:e8:9c:25:36:20:cf:d9:c4:b0:96:22:59:18:e6:57:cf:38:
b4:89:a3:47:86:a6:00:c1:94:bd:9e:f2:ed:b6:3c:3f:76:41:
99:5a:42:7d:0b:3c:e4:4e:6c:ab:39:60:9f:26:48:60:d2:43:
b8:a8:09:5d:1e:a6:b1:0b:d0:35:7f:07:8a:49:36:af:0f:7b:
db:c6:6a:b6:36:ee:bc:71:bb:65:a2:09:9f:0b:9c:e4:81:9b:
26:97:f0:b2:21:8a:7d:b7:f4:7c:b7:0e:8a:1e:de:13:64:24:
86:ca:da:c5:71:c7:c0:12:a3:8f:d7:4c:31:ed:a2:76:b4:b8:
a3:1c:9d:1e:a5:27:8d:4e:fc:0d:a5:4e:c0:c1:11:f4:60:3a:
98:28:19:b9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAxQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTEw
NDM4MjFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDc2RjhGMjIwQzM1RUQ0
QTlBNDFFM0UwNjQxREU0NzEwRTNBQkYzNEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCpLQGDVJnk/OIN8yAooesd0PFkvP8W62HA2Uitge3sJPfs+41K
nD+UwrdNMSeX9M6KwvHE/GcNd6gJCclHp1bS7RaGKZZxZDTNTQVB7z2h5jEG1Hbg
BU0feUqbpDnQHz2gxSIwFzVNalvA/0b1IWTwDcaibiTXc6wRJZwaqykaUeU5qxJ3
rCqTJ8iYOaE5HesdcYiqn/nzURwHJMSC3761cuCUb6rV4DxRc0YptF8U1b/wAtwB
e6WiI1DRa4kmjCXLAvXAj2Iw6dEJ+6GFqbLbkMvyxG0OSDWkbv77SGDNy1TE1nJd
Q7N0+SzvPMUnApvLEM38SkJ7d1FTPQfZ4c81AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUdvjyIMNe1KmkHj4GQd5HEOOr808wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9kdmp5SU1OZTFLbWtIajRH
UWQ1SEVPT3I4MDgucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAH5Sc8lPrECWh1m/CIEvvuQF8IGMVQp4Zs9g
zkIAkafAlzyUkgcmyqzkTHEISQlFIMXd2GZhwfQvG8orxKPj4Tg+PVXtNAuOn7rl
21afRkg8q/WnzdD1RypAtEH/oYop1hed2+O0aKPgaG3bzvvonCU2IM/ZxLCWIlkY
5lfPOLSJo0eGpgDBlL2e8u22PD92QZlaQn0LPORObKs5YJ8mSGDSQ7ioCV0eprEL
0DV/B4pJNq8Pe9vGarY27rxxu2WiCZ8LnOSBmyaX8LIhin239Hy3Dooe3hNkJIbK
2sVxx8ASo4/XTDHtona0uKMcnR6lJ41O/A2lTsDBEfRgOpgoGbk=
-----END CERTIFICATE-----
Generated at Sat May 17 23:36:30 2025 by rpki-client