Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/G3IrQVV1U91iq_sd1lWq2E7H0Fs.roa
File: G3IrQVV1U91iq_sd1lWq2E7H0Fs.roa (raw, json)
Hash identifier: fzCmmRma1jgXA0ZmUUJqC4EBgovdEqkxFenHcbVH36w=
Subject key identifier: 1B:72:2B:41:55:75:53:DD:62:AB:FB:1D:D6:55:AA:D8:4E:C7:D0:5B
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: F4
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/G3IrQVV1U91iq_sd1lWq2E7H0Fs.roa
Signing time: Thu 08 May 2025 08:37:42 +0000
ROA not before: Thu 08 May 2025 08:37:42 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 244 (0xf4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 8 08:37:42 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=1B722B41557553DD62ABFB1DD655AAD84EC7D05B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:36:9b:37:89:31:c5:e7:04:e8:da:90:33:3b:
82:ff:81:d4:12:6c:ff:ad:ee:76:a2:a1:44:73:a9:
33:41:90:f7:82:6f:32:c4:ed:af:f5:8b:8b:f2:d9:
d3:7e:27:5e:71:cb:66:99:ae:0e:38:af:28:60:ea:
35:cc:83:96:79:94:6e:6d:b4:dd:af:ca:37:a3:df:
f7:d8:e6:97:83:08:e5:3c:d2:65:62:0b:e0:42:01:
61:cb:5c:6e:db:ea:2a:bc:85:95:c7:ae:eb:84:f7:
55:89:39:4e:4d:c6:f3:90:3b:c6:19:98:86:36:44:
c4:13:25:8c:b2:71:12:56:d1:c0:bf:bf:ee:d9:2c:
20:0b:c7:f1:dd:f5:ea:ff:14:d2:ee:87:f3:99:ca:
d0:fe:1e:aa:34:8f:34:49:34:39:f6:ae:e7:3a:a6:
48:d7:bb:2c:e0:87:df:c5:e0:6d:b9:26:97:65:04:
3f:68:e6:54:74:67:98:45:18:6f:59:35:d2:a8:42:
fe:f8:5d:ec:e7:f2:d2:d3:0c:f2:a1:f0:55:ba:08:
e9:08:69:23:d0:cd:07:a4:1a:57:05:dc:c0:43:ef:
ce:9a:1a:d0:86:9e:e9:37:e0:5d:f5:f7:e5:9c:2d:
5f:dd:e8:35:23:3c:6f:18:8b:8a:fb:9d:44:5a:e6:
2e:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:72:2B:41:55:75:53:DD:62:AB:FB:1D:D6:55:AA:D8:4E:C7:D0:5B
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/G3IrQVV1U91iq_sd1lWq2E7H0Fs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
28:22:3d:76:2a:da:50:e5:a1:c3:9c:60:43:2e:ac:fc:93:81:
2b:60:7d:79:72:89:48:a9:8c:c6:21:bc:b3:60:8f:1c:6a:05:
64:d0:c6:7c:2c:2c:7e:c5:79:f0:6c:d8:30:16:19:71:cc:77:
fe:9f:d2:0c:3e:c7:39:23:df:4a:cb:05:65:ba:f3:66:44:2b:
51:be:f8:47:8d:e1:47:92:1f:2e:2a:14:77:7c:5e:69:4d:1e:
fd:3f:8c:28:0b:30:8b:65:86:1e:72:79:fa:04:19:92:50:70:
b0:0d:2e:36:07:10:af:bf:73:d5:b0:26:8e:7c:ad:1c:43:c6:
bf:b5:ad:20:9d:5f:3b:52:30:5b:c8:e6:ef:ce:91:7f:74:fd:
b8:9f:2d:c4:bb:8e:39:bf:cd:98:91:71:cb:b4:1b:a9:e2:72:
95:d8:30:3a:3a:7c:d9:73:38:ad:92:c4:7c:95:d7:14:2d:81:
f1:3b:95:05:c9:45:cb:8b:b1:d6:1e:3c:40:d7:04:dd:ff:13:
41:05:58:8d:d2:9f:57:df:d7:c7:0b:11:7c:7c:52:2c:80:39:
7c:53:89:53:81:52:42:2f:ab:bf:67:a9:05:0c:00:dd:52:73:
a5:87:58:81:c0:e2:8c:bc:ea:3e:36:a5:1c:65:6c:63:6c:dc:
63:9d:57:9d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAPQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MDgw
ODM3NDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDFCNzIyQjQxNTU3NTUz
REQ2MkFCRkIxREQ2NTVBQUQ4NEVDN0QwNUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/Nps3iTHF5wTo2pAzO4L/gdQSbP+t7naioURzqTNBkPeCbzLE
7a/1i4vy2dN+J15xy2aZrg44ryhg6jXMg5Z5lG5ttN2vyjej3/fY5peDCOU80mVi
C+BCAWHLXG7b6iq8hZXHruuE91WJOU5NxvOQO8YZmIY2RMQTJYyycRJW0cC/v+7Z
LCALx/Hd9er/FNLuh/OZytD+Hqo0jzRJNDn2ruc6pkjXuyzgh9/F4G25JpdlBD9o
5lR0Z5hFGG9ZNdKoQv74Xezn8tLTDPKh8FW6COkIaSPQzQekGlcF3MBD786aGtCG
nuk34F319+WcLV/d6DUjPG8Yi4r7nURa5i6DAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUG3IrQVV1U91iq/sd1lWq2E7H0FswHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9HM0lyUVZWMVU5MWlxX3Nk
MWxXcTJFN0gwRnMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACgiPXYq2lDlocOcYEMurPyTgStgfXlyiUip
jMYhvLNgjxxqBWTQxnwsLH7FefBs2DAWGXHMd/6f0gw+xzkj30rLBWW682ZEK1G+
+EeN4UeSHy4qFHd8XmlNHv0/jCgLMItlhh5yefoEGZJQcLANLjYHEK+/c9WwJo58
rRxDxr+1rSCdXztSMFvI5u/OkX90/bifLcS7jjm/zZiRccu0G6nicpXYMDo6fNlz
OK2SxHyV1xQtgfE7lQXJRcuLsdYePEDXBN3/E0EFWI3Sn1ff18cLEXx8UiyAOXxT
iVOBUkIvq79nqQUMAN1Sc6WHWIHA4oy86j42pRxlbGNs3GOdV50=
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:52:34 2025 by rpki-client