Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/ejNCPiBzgIX6MQ-C19v2fw4rJ5Q.roa
File: ejNCPiBzgIX6MQ-C19v2fw4rJ5Q.roa (raw, json)
Hash identifier: pRQetXdyMv9aqQSLQKDVrEQYWkCcQNC9HvQ675mm/xs=
Subject key identifier: 7A:33:42:3E:20:73:80:85:FA:31:0F:82:D7:DB:F6:7F:0E:2B:27:94
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0430
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ejNCPiBzgIX6MQ-C19v2fw4rJ5Q.roa
Signing time: Mon 12 May 2025 16:07:58 +0000
ROA not before: Mon 12 May 2025 16:07:58 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1072 (0x430)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 12 16:07:58 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=7A33423E20738085FA310F82D7DBF67F0E2B2794
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:76:da:03:bb:27:c0:63:34:fc:e8:53:39:b3:
bd:4f:16:56:e1:b0:7a:a6:45:f3:0f:64:a0:ce:32:
83:41:d6:1d:7c:95:32:ad:b8:e9:80:0e:a6:23:23:
e5:cf:6d:d9:e7:f3:ad:9c:2b:1f:14:94:c2:d9:d2:
8c:40:8d:57:09:51:ac:8c:a8:4c:47:2a:5c:5e:ea:
ad:4a:df:17:73:55:69:c0:4d:0a:0d:29:a3:b1:82:
33:a9:2d:9a:73:6c:59:31:14:2b:de:51:e1:cf:d0:
08:f1:65:23:f9:ca:8b:99:fe:b1:a6:1c:59:25:19:
c8:18:e6:e7:d9:a6:b4:49:dd:55:2f:8c:ab:27:24:
e3:49:a4:35:a5:b1:19:5f:d1:b3:4e:e4:c2:e5:24:
4c:1f:61:6f:13:74:28:7b:16:6b:44:06:f1:1b:28:
9a:da:b4:62:7a:ff:42:83:e7:b6:b6:db:b2:73:46:
ed:e1:ab:8b:df:76:bc:ca:bc:e4:e9:1c:9a:77:ce:
cc:d2:f2:70:dc:02:62:9e:57:17:a4:03:53:01:58:
81:15:26:3c:59:1a:7d:ca:93:b5:7e:cd:26:84:d7:
c3:fa:01:6a:bb:5b:1c:e2:c0:84:cf:bb:ed:06:83:
2a:63:7b:6e:3c:82:46:2b:05:15:4f:ec:5e:3d:e4:
30:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:33:42:3E:20:73:80:85:FA:31:0F:82:D7:DB:F6:7F:0E:2B:27:94
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ejNCPiBzgIX6MQ-C19v2fw4rJ5Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
17:82:55:11:28:32:24:01:6d:21:aa:dc:71:84:e9:03:d7:75:
cf:2f:e9:ca:0c:54:6b:43:ca:3f:60:f3:ad:c7:b2:c5:6c:20:
f7:72:28:6c:5b:e0:36:ef:f9:f1:2d:bb:e5:3f:ec:c0:38:3a:
f5:26:de:7c:d7:e6:f2:95:df:05:88:f1:a9:8b:62:d5:41:d0:
bf:c0:8c:fd:3e:ea:86:e0:ec:7b:96:b8:58:1c:90:f1:72:7e:
95:7d:a5:de:ac:f0:50:51:e0:9b:da:d1:b8:ba:34:df:a2:b3:
8b:1f:cb:70:9a:e0:9a:23:cb:a4:db:80:ee:37:3e:f1:09:b9:
b8:6d:56:c4:52:f2:8d:3e:61:70:d7:24:a6:35:86:0b:a0:3c:
9a:f6:c3:0e:a7:d6:15:95:61:55:5e:b0:7b:11:43:09:eb:70:
9a:88:40:a6:d2:73:d0:26:4f:b1:b5:7a:fb:f8:39:29:dd:8e:
8b:69:d4:8a:3a:dc:55:d1:0a:39:3e:f3:33:ec:8e:4f:7c:4e:
e6:fa:2f:2f:18:52:96:05:5b:e2:0b:67:a8:e1:65:b9:38:6e:
49:25:1c:b3:4a:1d:ef:06:fb:ae:55:b8:52:a4:12:1c:99:88:
b1:ff:43:4f:b4:2e:de:09:45:1a:e8:1d:7c:16:8c:59:a0:b8:
9b:df:29:e5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBDAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTIx
NjA3NThaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDdBMzM0MjNFMjA3Mzgw
ODVGQTMxMEY4MkQ3REJGNjdGMEUyQjI3OTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDFdtoDuyfAYzT86FM5s71PFlbhsHqmRfMPZKDOMoNB1h18lTKt
uOmADqYjI+XPbdnn862cKx8UlMLZ0oxAjVcJUayMqExHKlxe6q1K3xdzVWnATQoN
KaOxgjOpLZpzbFkxFCveUeHP0AjxZSP5youZ/rGmHFklGcgY5ufZprRJ3VUvjKsn
JONJpDWlsRlf0bNO5MLlJEwfYW8TdCh7FmtEBvEbKJratGJ6/0KD57a227JzRu3h
q4vfdrzKvOTpHJp3zszS8nDcAmKeVxekA1MBWIEVJjxZGn3Kk7V+zSaE18P6AWq7
WxziwITPu+0Ggypje248gkYrBRVP7F495DAXAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUejNCPiBzgIX6MQ+C19v2fw4rJ5QwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9lak5DUGlCemdJWDZNUS1D
MTl2MmZ3NHJKNVEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBABeCVREoMiQBbSGq3HGE6QPXdc8v6coMVGtD
yj9g863HssVsIPdyKGxb4Dbv+fEtu+U/7MA4OvUm3nzX5vKV3wWI8amLYtVB0L/A
jP0+6obg7HuWuFgckPFyfpV9pd6s8FBR4Jva0bi6NN+is4sfy3Ca4Jojy6TbgO43
PvEJubhtVsRS8o0+YXDXJKY1hgugPJr2ww6n1hWVYVVesHsRQwnrcJqIQKbSc9Am
T7G1evv4OSndjotp1Io63FXRCjk+8zPsjk98Tub6Ly8YUpYFW+ILZ6jhZbk4bkkl
HLNKHe8G+65VuFKkEhyZiLH/Q0+0Lt4JRRroHXwWjFmguJvfKeU=
-----END CERTIFICATE-----
Generated at Sat May 17 22:45:42 2025 by rpki-client