Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/K2NZJa92fDmlDlAJ2xvWgukMd9Q.roa
File: K2NZJa92fDmlDlAJ2xvWgukMd9Q.roa (raw, json)
Hash identifier: DfwRQdYzebOCjVrPii+MGt/FQaFViKz6cAwv6NjgRm4=
Subject key identifier: 2B:63:59:25:AF:76:7C:39:A5:0E:50:09:DB:1B:D6:82:E9:0C:77:D4
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0698
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/K2NZJa92fDmlDlAJ2xvWgukMd9Q.roa
Signing time: Thu 15 May 2025 21:08:02 +0000
ROA not before: Thu 15 May 2025 21:08:02 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1688 (0x698)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 15 21:08:02 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=2B635925AF767C39A50E5009DB1BD682E90C77D4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:7b:de:ed:d2:73:92:0a:88:1e:85:ab:20:de:
5c:49:af:5e:57:af:7c:23:8a:65:95:28:6a:b8:3c:
11:b2:14:a5:f9:06:77:91:8a:49:a7:8c:98:6f:7a:
c7:4d:b5:84:64:30:fe:fd:22:8e:d1:dc:b9:66:c6:
1c:d3:5a:f7:ec:18:a3:22:05:d4:45:e3:e1:e5:26:
92:71:b1:09:98:2c:95:10:5a:34:19:0b:94:c5:14:
4e:3c:c6:6e:ea:c3:7a:9c:94:16:00:37:ed:2a:cc:
17:09:a6:62:ef:67:71:83:b9:78:46:21:93:06:a1:
ba:ae:e8:4c:05:9d:05:ee:4e:9f:02:05:5d:14:27:
8c:e6:5e:5a:ab:ad:50:bc:ca:60:40:77:17:67:94:
f9:b6:d1:79:64:2d:71:17:45:92:68:5b:4c:53:c7:
8d:7f:26:04:b4:52:70:12:0d:02:99:9b:21:fa:fb:
5f:2a:0f:d1:2d:37:9e:99:84:17:7c:27:64:73:26:
94:4c:b1:75:59:b9:ba:35:cf:01:a6:3d:3f:f6:84:
ff:18:ae:79:41:7c:e2:f8:74:f2:16:da:15:97:ee:
8f:10:95:61:4e:7d:7c:df:21:74:61:78:67:92:19:
92:24:ba:b7:7f:d8:cb:4d:64:16:7a:28:45:10:9a:
8d:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:63:59:25:AF:76:7C:39:A5:0E:50:09:DB:1B:D6:82:E9:0C:77:D4
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/K2NZJa92fDmlDlAJ2xvWgukMd9Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
af:40:a8:07:e1:cb:a5:ac:21:63:66:e8:28:22:ea:b7:d9:f7:
86:26:8f:df:58:f3:3a:f1:c3:11:c9:db:3b:7c:e0:51:d9:9f:
b7:21:01:5c:1d:b9:99:a6:84:0c:83:43:70:c7:c6:90:86:b6:
23:c7:48:6f:22:0a:42:3d:c1:53:ba:df:54:cf:11:23:df:3d:
b0:0b:3e:00:ab:9a:8f:f0:23:44:43:57:96:bc:a0:6e:8d:02:
03:8f:d0:dc:2c:c6:21:62:64:6d:a0:b7:08:29:80:81:92:d4:
96:c8:cc:35:eb:8c:49:00:3b:04:78:49:82:9a:fd:91:c3:f7:
32:b7:d2:50:fb:aa:10:1f:bf:56:e9:89:84:47:9e:59:bd:8c:
2f:01:aa:22:e3:8d:b1:d6:60:4b:ca:53:6a:07:78:01:7a:27:
a1:34:0b:3b:a4:e6:7b:28:1d:fb:ef:eb:1b:11:68:19:48:44:
ed:c4:ae:ed:3a:e4:c1:db:a0:f2:4c:53:ac:3f:59:d1:9a:99:
ff:ff:3f:fc:48:ee:49:e2:0b:a0:9a:e1:76:ed:63:26:e5:9d:
08:2b:72:d5:dd:b4:ba:f4:59:88:44:49:47:ff:e3:3e:4d:38:
55:b2:eb:47:e7:3b:f5:cb:e9:27:39:13:88:1c:1a:dc:10:b3:
d9:de:04:20
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBpgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTUy
MTA4MDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDJCNjM1OTI1QUY3NjdD
MzlBNTBFNTAwOURCMUJENjgyRTkwQzc3RDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXe97t0nOSCogehasg3lxJr15Xr3wjimWVKGq4PBGyFKX5BneR
ikmnjJhvesdNtYRkMP79Io7R3LlmxhzTWvfsGKMiBdRF4+HlJpJxsQmYLJUQWjQZ
C5TFFE48xm7qw3qclBYAN+0qzBcJpmLvZ3GDuXhGIZMGobqu6EwFnQXuTp8CBV0U
J4zmXlqrrVC8ymBAdxdnlPm20XlkLXEXRZJoW0xTx41/JgS0UnASDQKZmyH6+18q
D9EtN56ZhBd8J2RzJpRMsXVZubo1zwGmPT/2hP8YrnlBfOL4dPIW2hWX7o8QlWFO
fXzfIXRheGeSGZIkurd/2MtNZBZ6KEUQmo2NAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUK2NZJa92fDmlDlAJ2xvWgukMd9QwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9LMk5aSmE5MmZEbWxEbEFK
Mnh2V2d1a01kOVEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAK9AqAfhy6WsIWNm6Cgi6rfZ94Ymj99Y8zrx
wxHJ2zt84FHZn7chAVwduZmmhAyDQ3DHxpCGtiPHSG8iCkI9wVO631TPESPfPbAL
PgCrmo/wI0RDV5a8oG6NAgOP0NwsxiFiZG2gtwgpgIGS1JbIzDXrjEkAOwR4SYKa
/ZHD9zK30lD7qhAfv1bpiYRHnlm9jC8BqiLjjbHWYEvKU2oHeAF6J6E0Czuk5nso
Hfvv6xsRaBlIRO3Eru065MHboPJMU6w/WdGamf//P/xI7kniC6Ca4XbtYyblnQgr
ctXdtLr0WYhESUf/4z5NOFWy60fnO/XL6Sc5E4gcGtwQs9neBCA=
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:06:20 2025 by rpki-client