Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/l9WJqhcysREfbB-OiVtHG1T4s6M.roa
File: l9WJqhcysREfbB-OiVtHG1T4s6M.roa (raw, json)
Hash identifier: yakq6tNjN14B7oRrwOLnUK8sKObpi1wixNmTTZvZYms=
Subject key identifier: 97:D5:89:AA:17:32:B1:11:1F:6C:1F:8E:89:5B:47:1B:54:F8:B3:A3
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 02D8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/l9WJqhcysREfbB-OiVtHG1T4s6M.roa
Signing time: Sat 10 May 2025 21:07:50 +0000
ROA not before: Sat 10 May 2025 21:07:50 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 728 (0x2d8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 10 21:07:50 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=97D589AA1732B1111F6C1F8E895B471B54F8B3A3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:80:39:a9:97:1e:1b:34:7c:69:52:0c:20:a2:
f9:c1:8a:37:60:42:5f:11:e9:7e:04:5a:fa:6d:bb:
9e:ca:bf:36:fe:33:b3:29:c4:9d:26:ca:a4:23:39:
6f:81:fc:31:d1:0a:ed:73:2b:10:74:d2:36:1d:12:
7a:39:57:27:87:1d:fa:cd:e1:e3:2b:71:a9:97:ab:
cc:f9:77:9d:c2:ae:07:d7:79:aa:e7:0e:8c:99:1c:
b0:d2:51:bc:9a:43:93:49:92:c7:e1:33:cf:4f:68:
86:a5:2b:5c:60:47:fc:a8:f9:6d:6c:5b:fc:00:ab:
76:6b:9e:73:4d:0b:08:22:30:77:c8:2e:8f:ed:8f:
c0:4e:7c:f1:bf:80:7e:bf:ca:62:b4:ab:91:82:f9:
09:4a:62:b9:6a:98:32:42:97:92:f1:86:a5:96:eb:
d6:16:fa:6d:00:3b:4a:b1:50:82:cf:3e:7a:51:0c:
83:e8:97:2e:26:4c:f9:bc:13:54:e9:da:00:39:69:
ce:5e:9c:e3:e3:d2:ef:b8:cc:96:57:3f:59:a2:dc:
b7:21:2f:4f:98:c5:31:9f:ea:67:cb:f5:1a:28:54:
1b:bf:20:16:30:d6:8d:9c:7b:13:38:50:e7:9f:a2:
df:08:7e:18:87:21:62:46:a4:7f:72:a2:fb:a6:25:
43:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:D5:89:AA:17:32:B1:11:1F:6C:1F:8E:89:5B:47:1B:54:F8:B3:A3
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/l9WJqhcysREfbB-OiVtHG1T4s6M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
33:c8:c2:81:94:32:b6:e2:10:56:e7:f8:ac:2a:97:2d:82:bc:
8a:e8:49:9f:78:08:41:c5:fc:05:b7:07:59:de:0f:09:e1:94:
02:52:fd:65:25:76:14:a7:90:52:7b:eb:df:9b:02:1f:54:89:
cc:12:79:5b:d3:50:74:6e:18:f9:37:5a:ef:06:1e:43:00:ad:
66:ac:d0:d5:2e:60:83:38:28:b5:4b:89:72:fa:99:bc:36:c0:
86:79:61:3c:de:32:62:a7:cb:0e:69:bd:bc:a7:49:f8:8f:f1:
de:7c:b7:b2:70:28:51:f3:aa:22:39:87:01:c7:18:02:47:36:
c8:3e:e8:45:57:40:97:57:95:34:61:55:e0:94:94:cd:6a:e7:
51:32:50:f5:b5:30:17:cf:2c:94:c0:aa:e5:5d:e2:3c:f5:1a:
9a:48:d3:4e:d5:1e:00:e5:0c:21:7d:eb:e8:07:b5:06:8f:be:
dd:c0:b0:20:01:6d:f1:a5:57:c2:43:06:cb:ab:f3:e1:a5:75:
f1:71:96:34:6b:06:d6:9b:e4:a8:78:b1:36:55:6c:f3:b7:a6:
bf:fd:c0:af:eb:20:65:0d:6e:7b:ac:4b:13:59:e4:54:97:d7:
f5:d1:b5:86:67:40:fd:ba:e2:f2:a8:08:32:31:b1:b9:69:87:
e7:b5:be:fd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAtgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTAy
MTA3NTBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDk3RDU4OUFBMTczMkIx
MTExRjZDMUY4RTg5NUI0NzFCNTRGOEIzQTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCYgDmplx4bNHxpUgwgovnBijdgQl8R6X4EWvptu57Kvzb+M7Mp
xJ0myqQjOW+B/DHRCu1zKxB00jYdEno5VyeHHfrN4eMrcamXq8z5d53CrgfXearn
DoyZHLDSUbyaQ5NJksfhM89PaIalK1xgR/yo+W1sW/wAq3ZrnnNNCwgiMHfILo/t
j8BOfPG/gH6/ymK0q5GC+QlKYrlqmDJCl5LxhqWW69YW+m0AO0qxUILPPnpRDIPo
ly4mTPm8E1Tp2gA5ac5enOPj0u+4zJZXP1mi3LchL0+YxTGf6mfL9RooVBu/IBYw
1o2cexM4UOefot8IfhiHIWJGpH9yovumJUNxAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUl9WJqhcysREfbB+OiVtHG1T4s6MwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9sOVdKcWhjeXNSRWZiQi1P
aVZ0SEcxVDRzNk0ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBADPIwoGUMrbiEFbn+Kwqly2CvIroSZ94CEHF
/AW3B1neDwnhlAJS/WUldhSnkFJ769+bAh9UicwSeVvTUHRuGPk3Wu8GHkMArWas
0NUuYIM4KLVLiXL6mbw2wIZ5YTzeMmKnyw5pvbynSfiP8d58t7JwKFHzqiI5hwHH
GAJHNsg+6EVXQJdXlTRhVeCUlM1q51EyUPW1MBfPLJTAquVd4jz1GppI007VHgDl
DCF96+gHtQaPvt3AsCABbfGlV8JDBsur8+GldfFxljRrBtab5Kh4sTZVbPO3pr/9
wK/rIGUNbnusSxNZ5FSX1/XRtYZnQP264vKoCDIxsblph+e1vv0=
-----END CERTIFICATE-----
Generated at Sat May 17 21:29:12 2025 by rpki-client