Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/qAdsJrzASytzN2lr0HHvYKyXCso.roa
File: qAdsJrzASytzN2lr0HHvYKyXCso.roa (raw, json)
Hash identifier: hvLqjJbtDDngd85J3ldzV2+y5Oz/rT1G12zaxYXvajk=
Subject key identifier: A8:07:6C:26:BC:C0:4B:2B:73:37:69:6B:D0:71:EF:60:AC:97:0A:CA
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0414
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/qAdsJrzASytzN2lr0HHvYKyXCso.roa
Signing time: Mon 12 May 2025 12:37:59 +0000
ROA not before: Mon 12 May 2025 12:37:59 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1044 (0x414)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 12 12:37:59 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=A8076C26BCC04B2B7337696BD071EF60AC970ACA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:c1:34:42:8c:d5:01:82:4d:c2:93:d2:39:9d:
3b:14:7b:5a:8e:11:79:ef:a3:28:de:23:6b:8f:20:
79:86:05:fb:1d:85:75:37:2b:ef:87:5d:d8:3f:a2:
24:a1:23:a4:a9:22:1b:9c:d6:a4:93:cc:e0:58:3d:
9c:20:3f:01:59:91:a8:a5:b0:16:12:a5:f1:a4:5c:
c9:0e:93:16:2d:08:24:bd:ac:b6:a0:6e:08:d5:1f:
22:9a:e0:dd:59:b7:18:7e:f6:98:86:bc:37:d1:e4:
b3:83:a2:a1:73:97:8f:b9:e1:51:82:2c:74:2f:11:
81:93:ec:7c:bc:6a:bc:85:03:ad:8e:05:e8:ee:95:
70:29:a6:08:c7:1f:4d:05:80:1f:25:bb:25:ed:3a:
0b:13:c0:9b:76:38:b7:86:40:79:62:43:cf:77:7b:
ef:38:f8:5b:56:1c:7a:80:a8:a1:b2:e8:cb:a5:41:
b1:e0:00:45:d8:39:ad:76:67:ba:c0:3a:1e:7c:4d:
99:41:4c:a5:e1:ba:24:9c:fe:b9:1c:b8:65:ef:2f:
50:ef:ec:ba:b8:21:b6:4e:54:89:99:12:f9:ea:c6:
d7:a9:9a:f8:03:d9:b9:8f:ad:04:a8:ac:e2:a3:05:
57:24:a5:b4:08:49:20:cf:13:b2:a6:76:9e:0a:df:
90:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:07:6C:26:BC:C0:4B:2B:73:37:69:6B:D0:71:EF:60:AC:97:0A:CA
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/qAdsJrzASytzN2lr0HHvYKyXCso.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
21:0b:1f:57:94:f3:1c:f7:0f:02:45:79:0a:f3:f7:a7:83:84:
b3:6a:74:99:cf:4e:bd:84:a2:6a:3f:d1:ed:9b:69:91:6d:6d:
9b:63:19:cd:be:43:19:9b:9c:f1:f2:4c:ec:de:69:41:f6:fe:
1d:78:8f:2a:c0:49:ab:30:a5:35:b1:43:df:98:a7:06:8b:e2:
eb:33:e1:85:f6:79:e0:73:9b:70:8c:ad:70:61:51:82:17:be:
91:e6:2a:fe:52:fe:fe:4c:4b:06:df:6b:c4:a8:0c:37:f4:82:
ea:b8:06:19:bb:0b:3a:fc:e0:20:9f:f0:86:9a:bf:67:c5:b0:
00:60:59:15:a3:25:10:9a:58:24:ad:c1:17:8d:4e:a8:80:8a:
b3:14:be:f7:3f:bf:f3:08:91:f1:0b:d4:66:a2:40:e0:eb:c1:
0d:63:c1:b6:67:99:b3:17:f7:60:13:2e:62:f6:a7:36:fe:26:
42:b0:36:7d:10:14:80:85:b6:d3:b5:55:f5:f9:f1:8c:37:09:
5e:60:6c:c5:65:7a:43:1c:0d:a7:82:3e:94:ef:66:52:64:ec:
c8:80:a8:27:98:bb:7e:55:61:85:b3:6d:67:a2:87:87:e4:e8:
78:52:f8:c2:d0:78:52:32:ea:bd:a2:b6:ce:d2:38:e7:26:e2:
c2:18:cf:47
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBBQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTIx
MjM3NTlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEE4MDc2QzI2QkNDMDRC
MkI3MzM3Njk2QkQwNzFFRjYwQUM5NzBBQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDzwTRCjNUBgk3Ck9I5nTsUe1qOEXnvoyjeI2uPIHmGBfsdhXU3
K++HXdg/oiShI6SpIhuc1qSTzOBYPZwgPwFZkailsBYSpfGkXMkOkxYtCCS9rLag
bgjVHyKa4N1Ztxh+9piGvDfR5LODoqFzl4+54VGCLHQvEYGT7Hy8aryFA62OBeju
lXAppgjHH00FgB8luyXtOgsTwJt2OLeGQHliQ893e+84+FtWHHqAqKGy6MulQbHg
AEXYOa12Z7rAOh58TZlBTKXhuiSc/rkcuGXvL1Dv7Lq4IbZOVImZEvnqxtepmvgD
2bmPrQSorOKjBVckpbQISSDPE7Kmdp4K35CFAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUqAdsJrzASytzN2lr0HHvYKyXCsowHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9xQWRzSnJ6QVN5dHpOMmxy
MEhIdllLeVhDc28ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACELH1eU8xz3DwJFeQrz96eDhLNqdJnPTr2E
omo/0e2baZFtbZtjGc2+QxmbnPHyTOzeaUH2/h14jyrASaswpTWxQ9+YpwaL4usz
4YX2eeBzm3CMrXBhUYIXvpHmKv5S/v5MSwbfa8SoDDf0guq4Bhm7Czr84CCf8Iaa
v2fFsABgWRWjJRCaWCStwReNTqiAirMUvvc/v/MIkfEL1GaiQODrwQ1jwbZnmbMX
92ATLmL2pzb+JkKwNn0QFICFttO1VfX58Yw3CV5gbMVlekMcDaeCPpTvZlJk7MiA
qCeYu35VYYWzbWeih4fk6HhS+MLQeFIy6r2its7SOOcm4sIYz0c=
-----END CERTIFICATE-----
Generated at Sat May 17 19:46:37 2025 by rpki-client