Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/xeg8F5AT2oRe-CSr7o2RraQf6ys.roa
File: xeg8F5AT2oRe-CSr7o2RraQf6ys.roa (raw, json)
Hash identifier: 9f9Y41oLYx7dITxKBmtVFEyOZPxbRxfNP8rG9/0j2I4=
Subject key identifier: C5:E8:3C:17:90:13:DA:84:5E:F8:24:AB:EE:8D:91:AD:A4:1F:EB:2B
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0398
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/xeg8F5AT2oRe-CSr7o2RraQf6ys.roa
Signing time: Sun 11 May 2025 21:07:53 +0000
ROA not before: Sun 11 May 2025 21:07:53 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 920 (0x398)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 11 21:07:53 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=C5E83C179013DA845EF824ABEE8D91ADA41FEB2B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:bf:56:86:0c:61:cb:22:9a:ba:1b:ab:cd:96:
ff:0d:2d:ee:e8:2a:19:67:7a:c8:96:d8:b4:22:56:
ae:50:6a:0d:63:27:84:39:91:24:e7:eb:b5:36:fe:
bb:a6:89:0d:94:d3:8a:1d:2b:cd:93:1c:02:58:8a:
e6:c8:db:50:79:b3:5d:f4:53:af:1c:82:a7:4e:50:
3d:7a:0c:17:83:49:07:8e:80:88:be:09:57:91:dc:
c2:5f:e7:b3:a0:9e:e5:54:bc:3e:b3:26:ab:4b:42:
fd:b2:ce:f5:16:26:f0:7b:a9:7f:89:06:a9:d9:d2:
44:54:fb:3d:49:65:30:95:b8:7a:87:e6:8c:45:e6:
17:4c:7e:b0:5d:e1:72:0c:c4:6a:81:96:3d:d8:1a:
ed:95:57:66:d9:c3:d4:97:d8:cb:7a:0c:d9:57:03:
6a:a1:32:73:ea:2d:16:c0:4c:48:f3:b6:72:a6:fd:
43:37:d3:1f:d5:c9:04:12:e3:c0:5b:c8:cc:3f:df:
27:3b:56:60:ba:b0:f2:a6:5b:6f:75:ba:1a:f6:5d:
32:58:53:c5:41:bf:5c:39:20:00:54:a6:23:57:ec:
53:6f:6a:05:02:87:fb:8c:d7:3c:f6:49:39:7b:4a:
61:31:d2:24:a9:94:43:3e:af:c2:c4:43:b4:4e:91:
19:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:E8:3C:17:90:13:DA:84:5E:F8:24:AB:EE:8D:91:AD:A4:1F:EB:2B
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/xeg8F5AT2oRe-CSr7o2RraQf6ys.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
01:85:97:56:4e:ec:24:5a:d2:b1:7d:ef:e7:12:4e:da:12:5b:
11:48:93:2d:cd:c1:ec:04:55:a6:f6:3d:e6:0e:03:14:3a:f7:
03:dd:81:ad:0d:a9:dc:73:43:c2:32:5b:d4:b7:da:b4:29:49:
a9:20:0c:83:66:f0:7f:a4:1f:5e:2d:84:e5:9e:0e:0e:4e:fb:
db:98:a0:ff:24:f0:5b:a8:18:72:76:94:1e:fb:ca:fc:1a:d6:
b4:8f:f8:a8:db:96:8e:90:e5:27:e6:b8:73:42:28:e2:27:1c:
3c:9c:7c:2a:ec:bc:46:a7:a7:84:27:77:c4:47:b1:76:a5:e0:
c9:a6:9e:69:69:ca:51:1a:05:4c:6d:3e:8e:ea:30:20:e2:d3:
ed:85:76:4c:89:6c:9c:0e:c6:48:e6:da:16:e7:b1:b9:29:31:
2e:59:dd:27:41:46:0f:40:4f:ca:93:54:c7:cc:68:d1:68:0c:
97:38:40:48:ec:fd:99:f7:de:3e:22:fe:77:de:f9:42:2f:4c:
de:33:f7:08:07:d1:5b:30:a0:00:a8:13:37:a4:60:5d:47:ce:
fb:2e:f7:9f:c9:0a:69:af:4b:ab:bb:a8:75:f0:2a:a6:ed:51:
d5:f2:d5:79:99:fc:41:42:e7:d9:9f:2c:1e:b4:9e:f7:32:73:
17:29:b6:79
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICA5gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTEy
MTA3NTNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEM1RTgzQzE3OTAxM0RB
ODQ1RUY4MjRBQkVFOEQ5MUFEQTQxRkVCMkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVv1aGDGHLIpq6G6vNlv8NLe7oKhlnesiW2LQiVq5Qag1jJ4Q5
kSTn67U2/rumiQ2U04odK82THAJYiubI21B5s130U68cgqdOUD16DBeDSQeOgIi+
CVeR3MJf57OgnuVUvD6zJqtLQv2yzvUWJvB7qX+JBqnZ0kRU+z1JZTCVuHqH5oxF
5hdMfrBd4XIMxGqBlj3YGu2VV2bZw9SX2Mt6DNlXA2qhMnPqLRbATEjztnKm/UM3
0x/VyQQS48BbyMw/3yc7VmC6sPKmW291uhr2XTJYU8VBv1w5IABUpiNX7FNvagUC
h/uM1zz2STl7SmEx0iSplEM+r8LEQ7ROkRk/AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUxeg8F5AT2oRe+CSr7o2RraQf6yswHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni94ZWc4RjVBVDJvUmUtQ1Ny
N28yUnJhUWY2eXMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAAGFl1ZO7CRa0rF97+cSTtoSWxFIky3NwewE
Vab2PeYOAxQ69wPdga0NqdxzQ8IyW9S32rQpSakgDINm8H+kH14thOWeDg5O+9uY
oP8k8FuoGHJ2lB77yvwa1rSP+Kjblo6Q5SfmuHNCKOInHDycfCrsvEanp4Qnd8RH
sXal4MmmnmlpylEaBUxtPo7qMCDi0+2FdkyJbJwOxkjm2hbnsbkpMS5Z3SdBRg9A
T8qTVMfMaNFoDJc4QEjs/Zn33j4i/nfe+UIvTN4z9wgH0VswoACoEzekYF1Hzvsu
95/JCmmvS6u7qHXwKqbtUdXy1XmZ/EFC59mfLB60nvcycxcptnk=
-----END CERTIFICATE-----
Generated at Sat May 17 19:37:47 2025 by rpki-client