Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/y-GXaHzhtU2Zr3-YpORSnlTs8m4.roa
File: y-GXaHzhtU2Zr3-YpORSnlTs8m4.roa (raw, json)
Hash identifier: i0dYzzG+UQL+US+xarJTtZ1EUqZqVT56HzAcKyLfLSk=
Subject key identifier: CB:E1:97:68:7C:E1:B5:4D:99:AF:7F:98:A4:E4:52:9E:54:EC:F2:6E
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0584
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/y-GXaHzhtU2Zr3-YpORSnlTs8m4.roa
Signing time: Wed 14 May 2025 10:38:01 +0000
ROA not before: Wed 14 May 2025 10:38:01 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1412 (0x584)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 14 10:38:01 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=CBE197687CE1B54D99AF7F98A4E4529E54ECF26E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:f6:87:eb:50:91:cf:dd:e1:90:1f:ec:c8:31:
3f:16:c9:ba:c4:5d:c6:02:33:17:3c:67:a6:df:a7:
44:5e:b6:20:18:0e:59:a7:f8:64:60:7d:82:51:0c:
d5:57:f2:b2:d6:65:3c:0f:82:97:c9:7d:07:14:db:
a5:86:55:9f:9a:b0:b9:e5:28:32:af:c3:7f:68:d6:
33:70:8c:be:3a:c5:fe:75:aa:ac:a8:74:38:ee:67:
63:7f:06:35:2b:a0:98:1a:8a:8c:f2:26:78:50:a5:
ca:f1:76:b4:21:0c:d5:fc:60:c8:40:22:08:0f:83:
95:08:c2:ea:2d:db:08:99:af:f2:e3:c0:94:51:0d:
02:3c:60:74:c4:26:24:16:6f:c6:f3:76:15:59:bf:
eb:2e:c7:46:5d:e7:f0:31:1e:42:b3:00:5c:13:b4:
e3:c6:95:3c:9d:49:60:aa:8f:52:29:d8:26:e8:83:
89:4e:1d:33:d2:16:f8:0e:c3:4a:b9:2b:c5:03:ac:
12:4a:8e:03:6f:a9:e0:71:3a:05:bf:25:20:33:f5:
66:0d:a3:90:25:80:15:a1:b6:4d:71:b7:a4:43:71:
7a:0a:5c:90:94:34:dd:ed:3b:e1:f3:f4:45:c8:a5:
b1:1d:02:e1:a6:e1:29:a6:18:db:1a:4f:b3:68:11:
9e:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:E1:97:68:7C:E1:B5:4D:99:AF:7F:98:A4:E4:52:9E:54:EC:F2:6E
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/y-GXaHzhtU2Zr3-YpORSnlTs8m4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
33:d3:b1:f3:5a:65:77:a0:a1:84:ba:46:cf:15:e0:b9:9a:9f:
08:98:4d:c4:5c:79:95:e3:5f:b3:09:d8:a9:2e:d7:2b:40:53:
cd:af:d8:5b:5a:df:69:4c:e3:3e:23:32:2d:6c:03:c0:97:57:
b0:8a:46:78:72:30:a8:1a:23:da:f7:3d:b5:a8:86:8d:ee:31:
65:3f:46:08:ac:59:94:7d:32:43:13:7f:71:1b:01:47:96:b9:
92:8d:67:fe:44:13:4d:e9:a5:36:68:a9:f0:8e:e9:0f:8c:a9:
61:a1:89:82:ad:85:3d:d0:ec:97:b8:b0:1e:d6:d9:b7:40:98:
eb:8b:e6:71:95:9b:ed:95:ec:ef:0a:cc:6f:e4:dd:e2:3b:49:
2a:10:8a:0c:17:42:51:3c:72:28:d3:ba:f9:06:4e:62:97:c2:
16:e7:89:b8:1b:ec:df:ad:a8:48:ad:1a:a3:bd:8c:01:63:ed:
b8:8f:d9:09:f6:3b:d1:6d:2b:2e:0a:0b:d7:6d:f6:bb:d5:23:
c0:ca:35:ef:77:e1:8d:07:a2:ef:65:f4:2e:6c:79:86:96:75:
95:90:a8:73:7c:3f:c0:7d:73:6e:a7:48:60:5a:e0:55:c0:95:
28:3f:06:77:a3:3c:4c:b8:28:67:98:02:fa:fc:fe:c4:e7:14:
c9:98:93:22
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBYQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTQx
MDM4MDFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKENCRTE5NzY4N0NFMUI1
NEQ5OUFGN0Y5OEE0RTQ1MjlFNTRFQ0YyNkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDM9ofrUJHP3eGQH+zIMT8WybrEXcYCMxc8Z6bfp0RetiAYDlmn
+GRgfYJRDNVX8rLWZTwPgpfJfQcU26WGVZ+asLnlKDKvw39o1jNwjL46xf51qqyo
dDjuZ2N/BjUroJgaiozyJnhQpcrxdrQhDNX8YMhAIggPg5UIwuot2wiZr/LjwJRR
DQI8YHTEJiQWb8bzdhVZv+sux0Zd5/AxHkKzAFwTtOPGlTydSWCqj1Ip2Cbog4lO
HTPSFvgOw0q5K8UDrBJKjgNvqeBxOgW/JSAz9WYNo5AlgBWhtk1xt6RDcXoKXJCU
NN3tO+Hz9EXIpbEdAuGm4SmmGNsaT7NoEZ7vAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUy+GXaHzhtU2Zr3+YpORSnlTs8m4wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni95LUdYYUh6aHRVMlpyMy1Z
cE9SU25sVHM4bTQucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBADPTsfNaZXegoYS6Rs8V4LmanwiYTcRceZXj
X7MJ2Kku1ytAU82v2Fta32lM4z4jMi1sA8CXV7CKRnhyMKgaI9r3PbWoho3uMWU/
RgisWZR9MkMTf3EbAUeWuZKNZ/5EE03ppTZoqfCO6Q+MqWGhiYKthT3Q7Je4sB7W
2bdAmOuL5nGVm+2V7O8KzG/k3eI7SSoQigwXQlE8cijTuvkGTmKXwhbnibgb7N+t
qEitGqO9jAFj7biP2Qn2O9FtKy4KC9dt9rvVI8DKNe934Y0Hou9l9C5seYaWdZWQ
qHN8P8B9c26nSGBa4FXAlSg/BnejPEy4KGeYAvr8/sTnFMmYkyI=
-----END CERTIFICATE-----
Generated at Sat May 17 21:30:21 2025 by rpki-client