Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/tk-nB-vzDLSMF01h53mXB62E_zY.roa
File: tk-nB-vzDLSMF01h53mXB62E_zY.roa (raw, json)
Hash identifier: pRky3pOl5mgKpVcxD2XQqkdQkBt4VKaAe4X7vWz1OHw=
Subject key identifier: B6:4F:A7:07:EB:F3:0C:B4:8C:17:4D:61:E7:79:97:07:AD:84:FF:36
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 01F8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/tk-nB-vzDLSMF01h53mXB62E_zY.roa
Signing time: Fri 09 May 2025 17:07:47 +0000
ROA not before: Fri 09 May 2025 17:07:47 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 504 (0x1f8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 9 17:07:47 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=B64FA707EBF30CB48C174D61E7799707AD84FF36
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:05:8d:bd:3c:71:48:f0:ad:06:a0:70:d3:69:
0e:38:80:5e:dd:20:0f:9a:85:d2:db:bd:57:9f:a3:
63:26:49:32:7b:c3:1f:f7:55:db:12:05:c0:0f:a7:
4a:fd:ac:64:f3:0e:22:ee:0f:7c:ba:19:cb:bf:e3:
52:81:95:03:27:ee:30:56:63:c4:23:02:56:cc:e4:
23:08:00:92:8a:7a:89:23:7c:10:aa:ae:f5:82:0b:
00:50:fc:87:9e:a7:13:e5:5c:71:98:ad:7a:ea:01:
54:33:75:09:86:2f:c6:dc:ec:a7:8e:c6:4d:61:8c:
2c:77:47:16:82:fc:83:d0:c9:27:9a:8a:96:59:2b:
68:ed:e7:7e:10:1d:0c:8e:04:04:4a:fc:26:ff:41:
22:b1:88:5c:cd:84:80:ed:29:1b:f7:69:10:7a:58:
21:bf:68:6c:3c:26:42:22:a1:4a:47:d1:6b:e2:50:
33:03:4b:93:c1:f2:86:f2:45:6c:07:dd:4c:4d:9e:
e1:6d:6f:63:a5:b1:a9:19:eb:50:28:80:55:23:11:
84:b4:a4:31:12:1f:7f:51:42:a1:da:9d:57:ac:e2:
8f:c5:5d:06:e7:38:86:2a:3d:37:2c:e9:c3:69:30:
9c:9f:f2:18:36:d1:a7:7e:3e:14:a4:ce:15:de:ef:
e9:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:4F:A7:07:EB:F3:0C:B4:8C:17:4D:61:E7:79:97:07:AD:84:FF:36
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/tk-nB-vzDLSMF01h53mXB62E_zY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
98:47:6c:de:57:e8:cc:ea:9d:4f:f7:18:02:f0:e6:ab:c7:ee:
1e:d1:7a:fe:7d:cb:ba:70:46:cb:3d:75:fb:66:1e:de:43:03:
bc:77:60:f3:4b:75:9d:1e:15:e4:87:9f:10:1e:b4:8f:68:e6:
00:60:df:b9:48:78:08:2b:a0:b5:57:92:ee:b1:f0:b4:c5:22:
8f:3a:43:44:c4:2f:38:c2:8a:dc:72:46:f5:a3:c5:c3:bc:c0:
30:90:88:ad:b7:76:ee:d4:fd:fd:c1:00:3c:2a:fe:b9:23:7e:
55:eb:67:6e:a4:47:c1:8a:65:5f:c0:15:31:f9:d5:1b:84:51:
58:a1:51:d9:eb:2c:18:4e:5e:ca:55:28:ad:5d:68:8f:b1:09:
b9:0c:af:a1:ac:b7:16:df:9d:82:ae:79:24:11:ac:18:4b:ab:
84:82:9d:ba:c5:b0:0b:09:e1:58:50:7c:01:16:8d:63:d5:0d:
54:39:e6:86:0c:5a:17:f3:ea:ac:0d:45:cd:1a:ed:a1:f7:5d:
19:d9:16:c5:c1:1e:53:60:cf:2d:80:1d:87:5c:ad:72:2a:9c:
43:10:ae:05:92:ec:6f:e9:44:6c:7b:7f:34:dd:09:23:aa:c6:
69:98:9b:4a:57:b7:3b:dd:16:79:05:9f:7a:4b:e8:1a:1f:ad:
4d:04:88:ca
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAfgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MDkx
NzA3NDdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEI2NEZBNzA3RUJGMzBD
QjQ4QzE3NEQ2MUU3Nzk5NzA3QUQ4NEZGMzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7BY29PHFI8K0GoHDTaQ44gF7dIA+ahdLbvVefo2MmSTJ7wx/3
VdsSBcAPp0r9rGTzDiLuD3y6Gcu/41KBlQMn7jBWY8QjAlbM5CMIAJKKeokjfBCq
rvWCCwBQ/IeepxPlXHGYrXrqAVQzdQmGL8bc7KeOxk1hjCx3RxaC/IPQySeaipZZ
K2jt534QHQyOBARK/Cb/QSKxiFzNhIDtKRv3aRB6WCG/aGw8JkIioUpH0WviUDMD
S5PB8obyRWwH3UxNnuFtb2OlsakZ61AogFUjEYS0pDESH39RQqHanVes4o/FXQbn
OIYqPTcs6cNpMJyf8hg20ad+PhSkzhXe7+lxAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUtk+nB+vzDLSMF01h53mXB62E/zYwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni90ay1uQi12ekRMU01GMDFo
NTNtWEI2MkVfelkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAJhHbN5X6MzqnU/3GALw5qvH7h7Rev59y7pw
Rss9dftmHt5DA7x3YPNLdZ0eFeSHnxAetI9o5gBg37lIeAgroLVXku6x8LTFIo86
Q0TELzjCitxyRvWjxcO8wDCQiK23du7U/f3BADwq/rkjflXrZ26kR8GKZV/AFTH5
1RuEUVihUdnrLBhOXspVKK1daI+xCbkMr6GstxbfnYKueSQRrBhLq4SCnbrFsAsJ
4VhQfAEWjWPVDVQ55oYMWhfz6qwNRc0a7aH3XRnZFsXBHlNgzy2AHYdcrXIqnEMQ
rgWS7G/pRGx7fzTdCSOqxmmYm0pXtzvdFnkFn3pL6BofrU0EiMo=
-----END CERTIFICATE-----
Generated at Sat May 17 22:37:07 2025 by rpki-client