Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/DSp1SPr7ZKy7GtTyE_b6XcrxnZQ.roa
File: DSp1SPr7ZKy7GtTyE_b6XcrxnZQ.roa (raw, json)
Hash identifier: 94hfuAvbSQjpYkFfwU9ZbOqRsKIuzUU1EyZHKFAw+Uw=
Subject key identifier: 0D:2A:75:48:FA:FB:64:AC:BB:1A:D4:F2:13:F6:FA:5D:CA:F1:9D:94
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0D30
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/DSp1SPr7ZKy7GtTyE_b6XcrxnZQ.roa
Signing time: Sat 24 May 2025 16:08:32 +0000
ROA not before: Sat 24 May 2025 16:08:32 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3376 (0xd30)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 24 16:08:32 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=0D2A7548FAFB64ACBB1AD4F213F6FA5DCAF19D94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:39:24:ad:46:86:51:79:a1:da:c3:07:59:29:
df:c7:81:d0:97:ae:db:ef:2e:24:58:d0:d2:18:8e:
8c:2b:e6:d5:8d:00:45:ee:f1:2c:63:10:6c:cc:86:
23:65:09:b5:89:a2:39:4b:71:0a:07:01:4f:ac:15:
5c:38:41:76:02:39:4f:87:eb:54:36:6a:68:cb:d4:
87:12:e7:f8:10:e5:b1:58:f5:b8:8d:9c:d2:d4:ed:
fb:c3:3c:c2:cf:92:a4:97:2f:41:ef:f5:55:b8:d1:
a3:fb:3f:59:e1:fd:f8:a2:8e:3f:e0:c4:6e:b9:5e:
9c:dd:2d:fa:e3:ed:97:38:88:62:73:9b:90:d2:4b:
16:88:18:6e:d6:53:c3:db:c6:0e:f2:08:7f:83:08:
65:09:93:b1:b9:99:bd:44:5e:56:21:32:49:42:9d:
f7:bd:0b:c7:98:70:29:39:b6:ed:34:09:18:6e:ff:
d9:69:c6:8e:f5:c7:11:e0:dc:69:f2:2d:2e:41:77:
b3:8e:27:2c:68:80:30:73:88:9c:25:23:6d:5c:0b:
b0:c4:e5:e6:a5:a8:ef:36:9d:e8:da:56:ab:14:4d:
19:10:f8:05:f2:7a:65:6b:b7:b3:72:ad:88:74:d6:
4e:7f:f6:1a:b0:38:f5:1e:14:33:8d:b6:e5:7a:4d:
d4:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:2A:75:48:FA:FB:64:AC:BB:1A:D4:F2:13:F6:FA:5D:CA:F1:9D:94
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/DSp1SPr7ZKy7GtTyE_b6XcrxnZQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9a:69:f9:39:9a:16:7a:cb:cb:4e:1f:64:bb:a6:c7:4c:d1:39:
67:5c:4c:ea:eb:b7:cb:48:8f:27:a9:33:93:ec:2b:6d:59:96:
de:74:d8:6f:05:d0:e1:0e:9b:43:ba:37:87:00:7a:54:d4:77:
4c:24:70:dc:04:6a:a5:7a:65:b2:4c:f2:ae:f9:5a:86:83:0c:
43:6f:27:1c:36:f1:4b:93:64:a0:55:1e:3f:29:04:32:af:12:
c3:25:5e:24:3b:af:e6:e6:a5:57:d9:41:b2:dd:e5:14:39:b1:
a0:58:fc:47:66:69:0c:9d:43:35:3e:45:7c:02:7d:f5:2f:b5:
65:f8:4a:94:80:a2:75:31:4e:61:4f:b9:38:a2:7f:9f:97:0f:
e6:d9:a5:28:65:a4:03:26:6c:c1:98:d9:44:93:c3:e1:86:21:
c2:70:12:98:8a:44:b9:24:37:46:6c:42:19:49:58:bb:2f:0e:
c5:32:27:f6:62:d1:df:14:7b:42:c3:eb:39:5d:4a:c8:da:06:
c7:6b:36:97:da:43:b9:58:70:d7:df:47:6c:da:95:68:9a:02:
06:20:93:c8:ca:4a:37:b7:38:c8:4a:8b:45:3d:3d:f2:72:1b:
23:1e:6c:56:fc:57:67:72:86:0d:d5:aa:ef:5d:41:49:55:e8:
69:64:47:34
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDTAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjQx
NjA4MzJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDBEMkE3NTQ4RkFGQjY0
QUNCQjFBRDRGMjEzRjZGQTVEQ0FGMTlEOTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDvOSStRoZReaHawwdZKd/HgdCXrtvvLiRY0NIYjowr5tWNAEXu
8SxjEGzMhiNlCbWJojlLcQoHAU+sFVw4QXYCOU+H61Q2amjL1IcS5/gQ5bFY9biN
nNLU7fvDPMLPkqSXL0Hv9VW40aP7P1nh/fiijj/gxG65XpzdLfrj7Zc4iGJzm5DS
SxaIGG7WU8Pbxg7yCH+DCGUJk7G5mb1EXlYhMklCnfe9C8eYcCk5tu00CRhu/9lp
xo71xxHg3GnyLS5Bd7OOJyxogDBziJwlI21cC7DE5ealqO82nejaVqsUTRkQ+AXy
emVrt7NyrYh01k5/9hqwOPUeFDONtuV6TdS9AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUDSp1SPr7ZKy7GtTyE/b6XcrxnZQwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9EU3AxU1ByN1pLeTdHdFR5
RV9iNlhjcnhuWlEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAJpp+TmaFnrLy04fZLumx0zROWdcTOrrt8tI
jyepM5PsK21Zlt502G8F0OEOm0O6N4cAelTUd0wkcNwEaqV6ZbJM8q75WoaDDENv
Jxw28UuTZKBVHj8pBDKvEsMlXiQ7r+bmpVfZQbLd5RQ5saBY/EdmaQydQzU+RXwC
ffUvtWX4SpSAonUxTmFPuTiif5+XD+bZpShlpAMmbMGY2USTw+GGIcJwEpiKRLkk
N0ZsQhlJWLsvDsUyJ/Zi0d8Ue0LD6zldSsjaBsdrNpfaQ7lYcNffR2zalWiaAgYg
k8jKSje3OMhKi0U9PfJyGyMebFb8V2dyhg3Vqu9dQUlV6GlkRzQ=
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:35:46 2025 by rpki-client