Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/wQRHow6bTU1mF4lKf97iuzzR028.roa
File: wQRHow6bTU1mF4lKf97iuzzR028.roa (raw, json)
Hash identifier: x7r9G5hX6l8nJmVt5OPSeg9o3GiR5WOX9T/y71Iw/GY=
Subject key identifier: C1:04:47:A3:0E:9B:4D:4D:66:17:89:4A:7F:DE:E2:BB:3C:D1:D3:6F
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0264
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/wQRHow6bTU1mF4lKf97iuzzR028.roa
Signing time: Sat 10 May 2025 06:37:49 +0000
ROA not before: Sat 10 May 2025 06:37:49 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 612 (0x264)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 10 06:37:49 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=C10447A30E9B4D4D6617894A7FDEE2BB3CD1D36F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:a2:7e:47:d1:a9:7a:b2:44:f6:1b:20:9d:f5:
96:d7:4a:cb:45:68:f3:02:c3:7d:fc:ce:32:d4:e8:
63:70:04:dc:f4:cc:bc:82:1b:c8:3b:2b:8f:50:7d:
2e:2c:4c:8e:4d:69:4d:e9:94:f7:29:87:b0:13:aa:
60:b9:0f:c4:3c:89:a3:ac:83:05:b8:1f:45:01:9b:
26:c9:c2:fb:75:b5:10:03:51:71:59:d0:92:e9:8b:
82:24:23:48:cb:22:65:20:6d:80:aa:5a:89:d9:9e:
bb:62:f9:07:63:77:ac:44:4f:25:1e:08:ae:ed:6a:
b8:fa:bf:8c:e3:5b:95:48:aa:46:89:85:db:f4:06:
0a:3e:41:86:8a:c0:07:bc:ee:80:19:eb:2c:84:5e:
00:43:bc:79:f5:4b:d3:03:d7:30:92:de:65:c1:14:
dc:2b:50:b8:53:5d:1a:34:e9:19:6a:ed:93:a4:80:
d4:1e:38:37:bd:64:fb:e8:94:81:9a:5b:05:f2:8f:
ea:19:07:ca:b0:c6:89:c0:1c:9e:24:3c:80:b9:15:
84:7f:b5:cb:54:3f:ac:bc:e9:3c:cb:a2:77:43:38:
59:7d:c9:e6:e6:26:13:1e:c2:28:dc:85:06:53:5c:
d5:ad:f9:e0:4c:dd:a9:96:62:4a:96:3c:4c:08:bd:
ec:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:04:47:A3:0E:9B:4D:4D:66:17:89:4A:7F:DE:E2:BB:3C:D1:D3:6F
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/wQRHow6bTU1mF4lKf97iuzzR028.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
88:96:52:8c:9b:a1:c7:d8:63:2a:52:2e:b5:ef:68:0c:e5:36:
04:b8:59:4e:c3:5e:b2:4a:52:ad:81:f7:44:12:f5:a7:ad:07:
73:26:7c:8e:a1:a5:64:00:1e:e0:5b:d7:52:b9:ba:e3:58:79:
4c:22:c1:b9:ae:60:ef:07:a6:ca:d9:e2:d1:fd:fd:77:88:07:
d1:c6:d0:7f:b3:07:81:de:28:b9:1a:0b:49:96:20:5a:8e:49:
d1:c6:29:62:00:e8:83:70:f1:d2:95:e3:4b:d0:5f:ee:21:67:
b7:0c:90:b8:46:40:5a:66:78:e4:18:e1:54:ba:8d:61:03:de:
06:20:64:bb:e9:f7:c5:27:f9:ab:88:30:bb:32:48:22:9b:b4:
0d:fc:64:99:06:ea:0f:37:2b:eb:0c:c5:ea:d1:68:16:14:71:
1c:bd:05:d2:90:9f:d8:2b:ef:43:72:24:cd:41:dc:ef:2a:a2:
eb:55:c0:34:e7:d2:aa:2e:ff:1a:67:f5:41:ee:f4:de:1a:e3:
e3:de:62:ca:41:4a:7f:ab:86:e6:b2:7b:37:28:5a:b7:55:32:
e5:8c:f0:7a:80:64:8b:41:6a:dc:c6:f9:23:f3:ef:4c:b7:17:
24:d9:04:1a:44:2a:dd:05:73:68:d3:7e:49:ea:66:f6:fd:6f:
50:2b:b8:a8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAmQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTAw
NjM3NDlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEMxMDQ0N0EzMEU5QjRE
NEQ2NjE3ODk0QTdGREVFMkJCM0NEMUQzNkYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/on5H0al6skT2GyCd9ZbXSstFaPMCw338zjLU6GNwBNz0zLyC
G8g7K49QfS4sTI5NaU3plPcph7ATqmC5D8Q8iaOsgwW4H0UBmybJwvt1tRADUXFZ
0JLpi4IkI0jLImUgbYCqWonZnrti+Qdjd6xETyUeCK7tarj6v4zjW5VIqkaJhdv0
Bgo+QYaKwAe87oAZ6yyEXgBDvHn1S9MD1zCS3mXBFNwrULhTXRo06Rlq7ZOkgNQe
ODe9ZPvolIGaWwXyj+oZB8qwxonAHJ4kPIC5FYR/tctUP6y86TzLondDOFl9yebm
JhMewijchQZTXNWt+eBM3amWYkqWPEwIvey1AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUwQRHow6bTU1mF4lKf97iuzzR028wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni93UVJIb3c2YlRVMW1GNGxL
Zjk3aXV6elIwMjgucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIiWUoybocfYYypSLrXvaAzlNgS4WU7DXrJK
Uq2B90QS9aetB3MmfI6hpWQAHuBb11K5uuNYeUwiwbmuYO8HpsrZ4tH9/XeIB9HG
0H+zB4HeKLkaC0mWIFqOSdHGKWIA6INw8dKV40vQX+4hZ7cMkLhGQFpmeOQY4VS6
jWED3gYgZLvp98Un+auIMLsySCKbtA38ZJkG6g83K+sMxerRaBYUcRy9BdKQn9gr
70NyJM1B3O8qoutVwDTn0qou/xpn9UHu9N4a4+PeYspBSn+rhuayezcoWrdVMuWM
8HqAZItBatzG+SPz70y3FyTZBBpEKt0Fc2jTfknqZvb9b1AruKg=
-----END CERTIFICATE-----
Generated at Sat May 17 22:41:22 2025 by rpki-client