Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/f9MHz3wfdIEGOsQVBr-Xz6y67UY.roa
File: f9MHz3wfdIEGOsQVBr-Xz6y67UY.roa (raw, json)
Hash identifier: 6VOeN1+dDtqy2LAiA36+zY3rfNoS0Jq3+V3dXoJhdDY=
Subject key identifier: 7F:D3:07:CF:7C:1F:74:81:06:3A:C4:15:06:BF:97:CF:AC:BA:ED:46
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 05FC
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/f9MHz3wfdIEGOsQVBr-Xz6y67UY.roa
Signing time: Thu 15 May 2025 01:38:55 +0000
ROA not before: Thu 15 May 2025 01:38:55 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1532 (0x5fc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 15 01:38:55 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=7FD307CF7C1F7481063AC41506BF97CFACBAED46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:5e:07:54:9b:60:e3:5c:5c:ab:a3:20:2c:6c:
64:ad:84:8d:64:9f:35:62:86:ba:ba:6c:f1:9e:0c:
ac:9d:65:94:bc:0b:d9:bf:e8:17:68:27:ca:3e:1e:
c8:d4:23:a5:bc:e8:d5:f2:1b:03:a8:c3:f7:12:d6:
58:c3:56:1f:b0:53:82:71:d1:c0:c6:1b:05:e9:37:
86:0c:e5:d7:d5:b7:c1:88:46:0b:cf:9f:9a:0c:cc:
73:3b:fc:f9:dc:72:6e:04:79:82:f2:50:2b:df:89:
a8:98:43:5c:ba:d3:b4:a4:6a:4c:dd:af:19:aa:28:
f1:5c:f8:bc:60:70:d8:f2:97:51:c9:bd:14:46:e6:
2e:74:c6:d8:5a:67:36:4d:d3:d4:65:f0:50:c8:20:
7e:15:90:d8:36:ca:21:39:ae:10:30:ce:54:31:6a:
a7:b3:08:db:a8:26:7e:62:35:16:3e:d6:9a:b9:ad:
2b:5c:c4:3d:eb:df:3d:90:1c:b5:35:bb:a8:b6:df:
02:fc:be:81:df:65:d7:82:bb:87:09:b3:f6:74:4a:
ad:f2:38:4d:01:40:c5:ac:b8:a6:9f:bc:1a:9f:05:
c5:0c:40:2d:ed:da:18:5a:ed:e4:5c:30:6b:26:4e:
be:ff:68:06:4c:c9:d3:9d:6b:a3:d4:4c:52:2e:b5:
56:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:D3:07:CF:7C:1F:74:81:06:3A:C4:15:06:BF:97:CF:AC:BA:ED:46
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/f9MHz3wfdIEGOsQVBr-Xz6y67UY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8c:6e:a5:5d:44:a8:b9:19:fb:cc:af:7c:60:a5:08:89:f4:9d:
df:b1:91:81:26:40:f9:11:68:8f:42:24:17:cf:ff:92:6b:6d:
4c:0c:75:79:be:50:1b:c2:c8:08:d2:be:4c:c3:b6:86:8c:5b:
2b:2c:7b:cb:50:9e:0d:38:e4:20:08:70:c7:0b:10:12:b8:45:
27:77:a4:54:50:eb:05:81:e0:67:86:56:84:49:02:64:47:aa:
b6:5a:60:1a:f5:86:24:11:19:3e:ff:d7:bb:78:2a:db:4e:8b:
16:54:ef:2f:32:81:cc:21:68:cd:e1:13:80:d4:e9:c3:e3:53:
e6:df:47:5a:60:b0:b0:4e:fd:08:d0:4a:ca:9f:7d:4d:a9:40:
45:17:a6:bf:0c:a6:10:50:93:d6:27:e3:0c:3a:6f:0d:ba:b3:
d5:5f:f8:a0:a4:25:0d:45:7d:4b:b5:dc:f4:c2:01:66:2b:77:
e5:0d:42:8c:37:a0:6f:94:28:e3:7d:3b:6b:15:b8:02:3a:26:
da:fc:9b:f8:de:7c:86:19:57:62:2e:71:c3:ba:d8:a4:aa:2d:
b9:b9:c0:45:bd:4d:66:37:a0:2f:15:00:ae:f1:23:59:e7:fb:
d9:90:c8:bd:a2:7a:68:3a:98:24:37:a4:61:79:0b:06:70:7c:
22:01:02:54
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBfwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTUw
MTM4NTVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDdGRDMwN0NGN0MxRjc0
ODEwNjNBQzQxNTA2QkY5N0NGQUNCQUVENDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdXgdUm2DjXFyroyAsbGSthI1knzVihrq6bPGeDKydZZS8C9m/
6BdoJ8o+HsjUI6W86NXyGwOow/cS1ljDVh+wU4Jx0cDGGwXpN4YM5dfVt8GIRgvP
n5oMzHM7/Pnccm4EeYLyUCvfiaiYQ1y607SkakzdrxmqKPFc+LxgcNjyl1HJvRRG
5i50xthaZzZN09Rl8FDIIH4VkNg2yiE5rhAwzlQxaqezCNuoJn5iNRY+1pq5rStc
xD3r3z2QHLU1u6i23wL8voHfZdeCu4cJs/Z0Sq3yOE0BQMWsuKafvBqfBcUMQC3t
2hha7eRcMGsmTr7/aAZMydOda6PUTFIutVYBAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUf9MHz3wfdIEGOsQVBr+Xz6y67UYwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9mOU1IejN3ZmRJRUdPc1FW
QnItWHo2eTY3VVkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIxupV1EqLkZ+8yvfGClCIn0nd+xkYEmQPkR
aI9CJBfP/5JrbUwMdXm+UBvCyAjSvkzDtoaMWysse8tQng045CAIcMcLEBK4RSd3
pFRQ6wWB4GeGVoRJAmRHqrZaYBr1hiQRGT7/17t4KttOixZU7y8ygcwhaM3hE4DU
6cPjU+bfR1pgsLBO/QjQSsqffU2pQEUXpr8MphBQk9Yn4ww6bw26s9Vf+KCkJQ1F
fUu13PTCAWYrd+UNQow3oG+UKON9O2sVuAI6Jtr8m/jefIYZV2IuccO62KSqLbm5
wEW9TWY3oC8VAK7xI1nn+9mQyL2iemg6mCQ3pGF5CwZwfCIBAlQ=
-----END CERTIFICATE-----
Generated at Sun May 18 17:18:02 2025 by rpki-client