Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/KkVimQ3xZq951Zp6kNs1ln9Rd_I.roa
File: KkVimQ3xZq951Zp6kNs1ln9Rd_I.roa (raw, json)
Hash identifier: /hAIiXNEyqn+zlGfj6grJwf5Ghqjwc64cKaZsUI1Mds=
Subject key identifier: 2A:45:62:99:0D:F1:66:AF:79:D5:9A:7A:90:DB:35:96:7F:51:77:F2
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0D98
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KkVimQ3xZq951Zp6kNs1ln9Rd_I.roa
Signing time: Sun 25 May 2025 05:08:33 +0000
ROA not before: Sun 25 May 2025 05:08:33 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3480 (0xd98)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 25 05:08:33 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=2A4562990DF166AF79D59A7A90DB35967F5177F2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:7e:94:20:9a:30:c0:83:63:c7:c6:ba:d5:5a:
5d:fc:17:83:e7:31:51:7e:46:79:47:ab:8a:4f:d6:
da:e1:09:91:85:47:7c:83:04:3d:44:39:d0:d8:be:
17:42:e0:4b:3f:a0:c4:e6:96:f5:d2:47:98:88:39:
32:10:c6:5a:06:75:58:3b:8c:08:c1:98:ac:47:e0:
8d:83:10:23:f3:6b:11:ef:f5:8c:3e:a4:46:e9:ad:
a3:bb:fd:12:30:35:d7:5d:84:99:c1:50:3f:ad:b8:
4f:a6:3e:63:41:b7:4c:0f:39:66:cf:e2:8b:8e:94:
e6:1a:bd:31:5e:31:b6:8b:7f:b3:5b:ce:5e:35:eb:
2c:5b:fa:8a:12:61:85:01:00:28:99:f5:83:86:b4:
39:1c:1e:7a:b0:10:b0:50:2d:c8:07:7e:86:dd:8a:
03:d2:5a:32:92:76:84:52:f4:cc:8a:fe:e7:0c:7c:
38:2f:8e:60:31:e9:31:ef:f2:c3:20:9f:e2:7d:4f:
b6:56:7e:f4:63:ff:4c:59:33:36:52:46:f7:f6:9f:
b7:07:39:cc:3e:d5:99:b8:9c:d2:96:80:8e:f8:c7:
0e:ac:74:30:20:19:1b:ea:be:84:09:36:c5:88:f3:
a3:d4:b9:4c:09:6d:f7:e0:8d:43:cb:d6:d1:4f:8b:
5f:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:45:62:99:0D:F1:66:AF:79:D5:9A:7A:90:DB:35:96:7F:51:77:F2
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KkVimQ3xZq951Zp6kNs1ln9Rd_I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
53:06:ee:a8:d1:9c:98:3f:08:7f:80:05:f6:1e:33:2e:d4:4b:
45:fb:82:e0:f9:ce:39:0b:6b:ff:d6:9b:97:dc:12:58:55:07:
e6:c5:a3:3e:78:44:0f:bc:8b:1a:6f:bd:4a:f7:ca:97:9c:55:
ef:75:07:92:6b:90:b5:87:2d:6d:fe:55:f5:f2:c3:47:73:c3:
5b:54:8f:9a:8d:22:12:ad:88:94:2d:30:d3:c1:c6:cf:de:68:
26:c7:3f:05:5a:c5:81:f3:f4:33:f4:74:9e:60:50:e0:d2:0d:
77:a9:03:9c:a4:65:07:ff:2d:24:91:c0:01:e5:44:b0:7a:7b:
da:b9:eb:71:88:f3:32:1d:32:76:02:b0:1d:51:83:56:12:31:
b9:0c:6f:02:94:d3:09:73:4d:4a:d8:ba:be:82:ae:43:83:ce:
22:49:ae:33:f2:57:a3:30:74:83:58:76:08:0a:e6:0e:a6:b5:
2e:17:cb:cc:b0:8d:d1:9d:f8:29:95:82:cf:5f:09:80:bc:e8:
cd:50:09:d0:8e:f8:e3:eb:99:fe:3d:4d:13:b6:36:af:50:1c:
a2:d6:66:02:14:62:eb:e3:ec:8c:56:be:4b:80:71:31:e2:5a:
c9:d7:b3:f7:f5:ba:93:9e:ce:ca:a2:17:0b:76:2f:be:85:63:
8d:4e:b6:63
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDZgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjUw
NTA4MzNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDJBNDU2Mjk5MERGMTY2
QUY3OUQ1OUE3QTkwREIzNTk2N0Y1MTc3RjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKfpQgmjDAg2PHxrrVWl38F4PnMVF+RnlHq4pP1trhCZGFR3yD
BD1EOdDYvhdC4Es/oMTmlvXSR5iIOTIQxloGdVg7jAjBmKxH4I2DECPzaxHv9Yw+
pEbpraO7/RIwNdddhJnBUD+tuE+mPmNBt0wPOWbP4ouOlOYavTFeMbaLf7Nbzl41
6yxb+ooSYYUBACiZ9YOGtDkcHnqwELBQLcgHfobdigPSWjKSdoRS9MyK/ucMfDgv
jmAx6THv8sMgn+J9T7ZWfvRj/0xZMzZSRvf2n7cHOcw+1Zm4nNKWgI74xw6sdDAg
GRvqvoQJNsWI86PUuUwJbffgjUPL1tFPi18RAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUKkVimQ3xZq951Zp6kNs1ln9Rd/IwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9La1ZpbVEzeFpxOTUxWnA2
a05zMWxuOVJkX0kucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAFMG7qjRnJg/CH+ABfYeMy7US0X7guD5zjkL
a//Wm5fcElhVB+bFoz54RA+8ixpvvUr3ypecVe91B5JrkLWHLW3+VfXyw0dzw1tU
j5qNIhKtiJQtMNPBxs/eaCbHPwVaxYHz9DP0dJ5gUODSDXepA5ykZQf/LSSRwAHl
RLB6e9q563GI8zIdMnYCsB1Rg1YSMbkMbwKU0wlzTUrYur6CrkODziJJrjPyV6Mw
dINYdggK5g6mtS4Xy8ywjdGd+CmVgs9fCYC86M1QCdCO+OPrmf49TRO2Nq9QHKLW
ZgIUYuvj7IxWvkuAcTHiWsnXs/f1upOezsqiFwt2L76FY41OtmM=
-----END CERTIFICATE-----
Generated at Thu Jun 5 20:34:14 2025 by rpki-client