Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/hQeMRTUh8b7S9EBmqiHMxgepgxk.roa
File: hQeMRTUh8b7S9EBmqiHMxgepgxk.roa (raw, json)
Hash identifier: 3BaKeJpsxvDrCTvSSKfV0yg07FlWgthsb0HiYoOVU4Y=
Subject key identifier: 85:07:8C:45:35:21:F1:BE:D2:F4:40:66:AA:21:CC:C6:07:A9:83:19
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0390
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/hQeMRTUh8b7S9EBmqiHMxgepgxk.roa
Signing time: Sun 11 May 2025 20:08:26 +0000
ROA not before: Sun 11 May 2025 20:08:26 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 912 (0x390)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 11 20:08:26 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=85078C453521F1BED2F44066AA21CCC607A98319
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:94:4d:63:66:c9:6d:e4:71:1a:b6:db:e0:45:
7b:0b:ac:74:c1:55:e4:9f:a0:b1:61:00:7a:4e:70:
2b:2f:7f:67:9f:a1:79:e8:63:72:53:c8:e8:1c:cc:
42:8f:91:0b:3d:f6:a2:9a:6c:31:79:fc:27:49:28:
ed:0d:a6:83:ce:d4:e8:01:2c:76:ef:92:5f:45:9a:
9e:0b:23:2a:df:ea:88:a1:78:3e:42:04:eb:ac:f9:
df:43:43:c8:20:ed:02:08:cb:dd:c9:a1:ea:2c:a5:
50:cb:b2:a9:fe:53:3a:a9:f0:2b:d1:25:0b:01:ba:
c8:b7:f0:6d:97:11:9b:7f:5d:34:5d:45:3c:d7:ad:
51:e9:a5:1c:d2:38:ff:77:8f:36:05:28:d2:bf:92:
2f:fe:42:16:42:a8:3d:3e:f3:b1:d5:4f:19:0c:cd:
25:d1:31:62:84:7a:fd:da:c4:77:54:ab:86:b3:ef:
98:4d:40:c0:71:da:9c:1b:58:41:fb:a6:cc:dd:e8:
6b:7b:ca:08:ec:b4:39:9e:9a:f7:4e:99:23:92:65:
ba:98:32:fc:f2:da:93:4b:61:8d:ec:22:09:96:d7:
06:cf:0e:6c:fb:0e:7d:f1:a8:f9:d8:ee:f8:c0:d1:
7b:4a:10:bb:bf:0b:fa:0d:ed:d4:3b:fe:17:ce:45:
86:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:07:8C:45:35:21:F1:BE:D2:F4:40:66:AA:21:CC:C6:07:A9:83:19
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/hQeMRTUh8b7S9EBmqiHMxgepgxk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
6b:c6:87:09:35:4c:3a:16:a8:0c:63:c9:66:03:ec:d7:99:45:
5c:1c:3a:bc:aa:1d:0b:05:40:bd:c0:eb:f0:5b:9d:f5:4d:ec:
06:41:ca:54:b6:f1:f9:c0:72:f9:c5:10:ec:b0:7e:a1:a4:01:
9d:1a:66:46:3a:2f:e5:68:32:52:59:6b:b7:82:f0:6c:25:54:
1e:56:9d:6e:8c:4a:dc:32:80:c4:f1:26:75:b5:8b:7e:a1:a0:
3b:63:b4:1a:38:d4:e5:d2:d8:27:da:e4:f4:c6:0c:77:93:d8:
53:73:4a:24:7a:3b:14:a7:ba:06:ec:b7:ef:4b:b1:ba:52:0c:
2f:aa:fc:4d:26:36:ca:1d:f0:fd:2a:ce:8b:72:eb:6a:52:20:
b1:af:f7:d9:50:01:98:c5:20:2b:f0:f7:ab:3b:41:f6:2a:25:
11:9c:57:d1:bd:95:c1:8c:af:90:62:29:db:d6:20:7a:ec:e8:
5c:29:ea:14:ed:ff:69:f9:ae:8f:2a:2b:8f:47:9e:d2:55:55:
36:ac:30:42:dc:b1:8a:57:a3:78:18:50:7f:c6:d2:13:d6:71:
69:ea:14:61:30:59:49:d5:b1:03:39:dd:a6:98:df:08:61:0a:
b8:6b:78:19:f3:c7:97:19:88:0b:82:af:ab:69:89:bb:e3:d2:
8d:8d:b0:d1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICA5AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTEy
MDA4MjZaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDg1MDc4QzQ1MzUyMUYx
QkVEMkY0NDA2NkFBMjFDQ0M2MDdBOTgzMTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXlE1jZslt5HEattvgRXsLrHTBVeSfoLFhAHpOcCsvf2efoXno
Y3JTyOgczEKPkQs99qKabDF5/CdJKO0NpoPO1OgBLHbvkl9Fmp4LIyrf6oiheD5C
BOus+d9DQ8gg7QIIy93JoeospVDLsqn+Uzqp8CvRJQsBusi38G2XEZt/XTRdRTzX
rVHppRzSOP93jzYFKNK/ki/+QhZCqD0+87HVTxkMzSXRMWKEev3axHdUq4az75hN
QMBx2pwbWEH7pszd6Gt7ygjstDmemvdOmSOSZbqYMvzy2pNLYY3sIgmW1wbPDmz7
Dn3xqPnY7vjA0XtKELu/C/oN7dQ7/hfORYZjAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUhQeMRTUh8b7S9EBmqiHMxgepgxkwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9oUWVNUlRVaDhiN1M5RUJt
cWlITXhnZXBneGsucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAGvGhwk1TDoWqAxjyWYD7NeZRVwcOryqHQsF
QL3A6/BbnfVN7AZBylS28fnAcvnFEOywfqGkAZ0aZkY6L+VoMlJZa7eC8GwlVB5W
nW6MStwygMTxJnW1i36hoDtjtBo41OXS2Cfa5PTGDHeT2FNzSiR6OxSnugbst+9L
sbpSDC+q/E0mNsod8P0qzoty62pSILGv99lQAZjFICvw96s7QfYqJRGcV9G9lcGM
r5BiKdvWIHrs6Fwp6hTt/2n5ro8qK49HntJVVTasMELcsYpXo3gYUH/G0hPWcWnq
FGEwWUnVsQM53aaY3whhCrhreBnzx5cZiAuCr6tpibvj0o2NsNE=
-----END CERTIFICATE-----
Generated at Sun May 18 02:06:30 2025 by rpki-client