Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/hr4qv2vDWK_fFMkL10k0I2p13js.roa
File: hr4qv2vDWK_fFMkL10k0I2p13js.roa (raw, json)
Hash identifier: vHRlN/Nl/IO0ZxY3v+6VkC6KzRqMLmYUYlngQ9Fch5w=
Subject key identifier: 86:BE:2A:BF:6B:C3:58:AF:DF:14:C9:0B:D7:49:34:23:6A:75:DE:3B
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: E4
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/hr4qv2vDWK_fFMkL10k0I2p13js.roa
Signing time: Thu 08 May 2025 06:37:39 +0000
ROA not before: Thu 08 May 2025 06:37:39 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 228 (0xe4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 8 06:37:39 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=86BE2ABF6BC358AFDF14C90BD74934236A75DE3B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:75:b7:de:e4:39:e0:36:d4:c5:f0:8d:e0:70:
1f:09:fc:4c:ab:84:59:88:c2:c3:cc:5d:7e:45:8a:
c3:e7:6c:bb:e2:10:54:6d:f6:5a:6d:1d:31:e8:c9:
ed:8e:2c:ac:bd:6e:9e:f8:87:02:3b:c6:e0:06:21:
57:e3:74:43:04:0f:62:f8:f4:1b:ab:2c:15:dc:58:
85:89:1c:a8:ce:4f:73:07:aa:02:8e:21:fb:1f:0d:
86:a1:dc:75:8e:78:52:ab:38:bd:5e:11:cc:cf:e7:
99:96:84:f7:fe:c1:f3:36:47:05:a0:5a:c6:35:46:
d6:12:4f:ea:61:38:34:20:de:8f:ce:c1:ca:4b:07:
fb:78:de:1d:dd:da:56:ea:ad:de:bd:d3:aa:14:36:
b5:90:3a:d8:90:cb:6e:82:6f:6c:f9:c9:dd:a2:2b:
56:44:0c:9a:84:ab:4b:cb:d7:ca:c7:e8:bd:00:65:
70:13:e0:f9:71:58:19:94:b3:e3:3d:d7:78:4c:5e:
34:97:ca:59:da:ad:63:f0:22:fc:42:c0:f5:45:4b:
39:94:2e:96:f5:2b:f2:47:c1:b0:9d:60:87:22:78:
eb:1a:48:03:e9:f8:ee:ec:75:d9:c7:45:1e:d2:fe:
e4:17:82:33:bd:95:d3:21:ef:3f:3c:e4:d4:99:c4:
5d:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:BE:2A:BF:6B:C3:58:AF:DF:14:C9:0B:D7:49:34:23:6A:75:DE:3B
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/hr4qv2vDWK_fFMkL10k0I2p13js.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
4e:99:47:36:3e:85:6f:8f:53:79:88:9f:87:9d:a5:3e:72:db:
b2:c9:4c:73:ac:58:57:26:7b:d3:f0:a6:95:8f:45:13:98:a0:
6b:0f:86:cd:db:f8:17:3d:05:13:5e:7d:f2:a4:f4:f9:c4:d5:
f4:a4:f8:dd:bc:41:be:c6:f9:57:48:f9:8c:03:85:1f:e2:9c:
f6:b3:f1:ce:02:ca:ab:e5:27:62:fc:12:2a:43:00:c1:d2:19:
c0:bb:ec:10:37:4b:c9:78:16:c0:f3:9e:8f:20:29:e1:be:3f:
68:48:3c:f8:d5:e6:ef:2c:6e:85:dc:6d:c6:7c:ed:9d:27:b0:
84:27:b6:8f:e7:4a:eb:37:29:1e:a3:cf:22:11:84:3e:45:b1:
64:48:de:c6:c0:b3:b8:e8:1a:89:91:e3:f3:c7:2e:11:4f:9b:
38:d5:b0:d1:0e:3e:ba:2c:88:6f:4e:e6:3a:d1:47:3f:59:ae:
0d:b6:95:33:51:9c:f4:49:bb:66:1e:6d:60:64:49:ac:bb:45:
07:2c:0c:0f:90:69:71:3a:e9:75:b2:da:1d:72:03:11:68:6f:
a1:fb:bb:89:22:6e:bd:3c:24:e7:da:4d:47:eb:d7:02:62:01:
1a:4f:c5:af:9d:34:52:ad:41:07:20:27:d7:40:d5:ff:38:b8:
df:62:98:1c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAOQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MDgw
NjM3MzlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDg2QkUyQUJGNkJDMzU4
QUZERjE0QzkwQkQ3NDkzNDIzNkE3NURFM0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtdbfe5DngNtTF8I3gcB8J/EyrhFmIwsPMXX5FisPnbLviEFRt
9lptHTHoye2OLKy9bp74hwI7xuAGIVfjdEMED2L49BurLBXcWIWJHKjOT3MHqgKO
IfsfDYah3HWOeFKrOL1eEczP55mWhPf+wfM2RwWgWsY1RtYST+phODQg3o/OwcpL
B/t43h3d2lbqrd6906oUNrWQOtiQy26Cb2z5yd2iK1ZEDJqEq0vL18rH6L0AZXAT
4PlxWBmUs+M913hMXjSXylnarWPwIvxCwPVFSzmULpb1K/JHwbCdYIcieOsaSAPp
+O7sddnHRR7S/uQXgjO9ldMh7z885NSZxF3NAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUhr4qv2vDWK/fFMkL10k0I2p13jswHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9ocjRxdjJ2RFdLX2ZGTWtM
MTBrMEkycDEzanMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAE6ZRzY+hW+PU3mIn4edpT5y27LJTHOsWFcm
e9PwppWPRROYoGsPhs3b+Bc9BRNeffKk9PnE1fSk+N28Qb7G+VdI+YwDhR/inPaz
8c4CyqvlJ2L8EipDAMHSGcC77BA3S8l4FsDzno8gKeG+P2hIPPjV5u8sboXcbcZ8
7Z0nsIQnto/nSus3KR6jzyIRhD5FsWRI3sbAs7joGomR4/PHLhFPmzjVsNEOPros
iG9O5jrRRz9Zrg22lTNRnPRJu2YebWBkSay7RQcsDA+QaXE66XWy2h1yAxFob6H7
u4kibr08JOfaTUfr1wJiARpPxa+dNFKtQQcgJ9dA1f84uN9imBw=
-----END CERTIFICATE-----
Generated at Sat May 17 19:38:48 2025 by rpki-client