Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/jKs2aMqSXvs5H253y4DQ8TFo0pA.roa
File: jKs2aMqSXvs5H253y4DQ8TFo0pA.roa (raw, json)
Hash identifier: m4vJF+8dq9xIpq02w7tx7ZslM/kYRnFJ2f/LFD1D/fA=
Subject key identifier: 8C:AB:36:68:CA:92:5E:FB:39:1F:6E:77:CB:80:D0:F1:31:68:D2:90
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0198
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/jKs2aMqSXvs5H253y4DQ8TFo0pA.roa
Signing time: Fri 09 May 2025 05:07:44 +0000
ROA not before: Fri 09 May 2025 05:07:44 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 408 (0x198)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 9 05:07:44 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=8CAB3668CA925EFB391F6E77CB80D0F13168D290
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:58:aa:d3:3b:08:40:bd:b1:21:b7:b9:62:8c:
3b:c5:f7:55:9a:94:00:2d:60:cf:67:01:d2:ba:d4:
3f:22:87:d9:c5:ce:00:af:7a:c6:0a:b6:97:90:e5:
89:19:c7:9f:c4:ee:f8:7c:fe:a8:c5:7c:e8:9e:04:
d2:9c:51:72:bf:13:6c:ee:4d:f0:82:5e:a7:83:14:
51:4d:d9:75:34:29:79:df:8c:e0:dc:b8:d1:0f:ec:
28:fb:a8:c0:1f:7f:42:19:44:93:8e:25:d9:92:62:
69:d3:ef:fe:0f:d3:46:5d:5b:c0:01:c3:b5:08:dc:
62:a2:47:2e:4d:bb:3b:c1:48:fb:fc:6c:02:2c:01:
b9:5c:9d:44:c2:fe:42:d7:ee:4b:c6:a3:3d:62:1b:
9c:85:7f:86:06:40:88:43:41:38:2e:70:a6:ab:6b:
13:5c:89:b9:34:55:b8:bc:e8:6f:49:e3:b1:7c:07:
db:34:87:3e:7b:a6:3f:44:01:56:a9:2c:30:c9:7b:
e3:d5:bc:ba:dd:9d:8a:c3:3b:a7:f8:9a:46:df:c4:
a8:e0:4e:82:91:f1:11:47:66:ff:3e:94:9e:3f:0b:
a7:0c:e4:a1:1b:b4:49:81:eb:58:46:3c:51:92:3d:
34:3a:56:9d:8d:84:1b:60:10:1d:28:37:37:9e:ab:
72:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:AB:36:68:CA:92:5E:FB:39:1F:6E:77:CB:80:D0:F1:31:68:D2:90
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/jKs2aMqSXvs5H253y4DQ8TFo0pA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
86:aa:a9:de:6a:88:8d:3e:e6:79:ae:cb:d3:ee:d5:11:12:de:
42:e7:4b:22:aa:36:a1:e2:60:3c:b3:c3:e9:93:c6:fa:df:17:
66:8e:71:53:a2:7e:a9:91:78:a7:74:c0:79:6e:75:97:02:cd:
42:cc:4d:84:47:f0:c0:34:28:e6:38:b0:19:e2:3f:e1:89:55:
ec:a5:e6:e9:66:c1:4f:5a:07:9a:30:73:10:23:69:15:ae:d9:
6a:d9:1a:39:fa:2c:ff:fb:40:ac:c1:f4:d4:3d:7b:1f:f4:fa:
ae:dd:7a:8e:5c:8f:85:b9:e6:5f:d1:b5:54:24:6d:c6:07:56:
bb:74:83:6f:90:4e:5e:7e:93:31:af:3b:cd:cf:08:dc:19:80:
71:5e:e5:db:96:54:bd:70:e3:9e:62:b1:be:92:04:3d:22:b8:
2a:58:ca:4d:a6:c1:17:8a:0b:a4:dc:1d:4f:42:3a:b4:d2:db:
81:c9:34:ed:60:1d:19:43:ee:63:e1:b1:4a:d3:a7:49:5c:c2:
9e:d9:6a:de:28:b9:a1:13:25:af:08:cc:b2:1b:ce:5b:c9:2e:
e9:3d:ad:ce:1e:c5:e1:a6:51:9e:48:df:61:00:e6:0f:bb:8d:
d9:35:cc:5f:67:3e:51:f3:7c:1b:d4:c9:c0:bb:58:f8:58:a6:
98:50:f4:51
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAZgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MDkw
NTA3NDRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDhDQUIzNjY4Q0E5MjVF
RkIzOTFGNkU3N0NCODBEMEYxMzE2OEQyOTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIWKrTOwhAvbEht7lijDvF91WalAAtYM9nAdK61D8ih9nFzgCv
esYKtpeQ5YkZx5/E7vh8/qjFfOieBNKcUXK/E2zuTfCCXqeDFFFN2XU0KXnfjODc
uNEP7Cj7qMAff0IZRJOOJdmSYmnT7/4P00ZdW8ABw7UI3GKiRy5NuzvBSPv8bAIs
AblcnUTC/kLX7kvGoz1iG5yFf4YGQIhDQTgucKaraxNcibk0Vbi86G9J47F8B9s0
hz57pj9EAVapLDDJe+PVvLrdnYrDO6f4mkbfxKjgToKR8RFHZv8+lJ4/C6cM5KEb
tEmB61hGPFGSPTQ6Vp2NhBtgEB0oNzeeq3LdAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUjKs2aMqSXvs5H253y4DQ8TFo0pAwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9qS3MyYU1xU1h2czVIMjUz
eTREUThURm8wcEEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIaqqd5qiI0+5nmuy9Pu1RES3kLnSyKqNqHi
YDyzw+mTxvrfF2aOcVOifqmReKd0wHludZcCzULMTYRH8MA0KOY4sBniP+GJVeyl
5ulmwU9aB5owcxAjaRWu2WrZGjn6LP/7QKzB9NQ9ex/0+q7deo5cj4W55l/RtVQk
bcYHVrt0g2+QTl5+kzGvO83PCNwZgHFe5duWVL1w455isb6SBD0iuCpYyk2mwReK
C6TcHU9COrTS24HJNO1gHRlD7mPhsUrTp0lcwp7Zat4ouaETJa8IzLIbzlvJLuk9
rc4exeGmUZ5I32EA5g+7jdk1zF9nPlHzfBvUycC7WPhYpphQ9FE=
-----END CERTIFICATE-----
Generated at Sun May 18 03:34:43 2025 by rpki-client