Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/P91GTq5OqEEsDwmYILvk8waQnBg.roa
File: P91GTq5OqEEsDwmYILvk8waQnBg.roa (raw, json)
Hash identifier: OBVc/qfLZBJDiS4xPgzsGNgUZkNFquyDpqyk9tM4rYQ=
Subject key identifier: 3F:DD:46:4E:AE:4E:A8:41:2C:0F:09:98:20:BB:E4:F3:06:90:9C:18
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0DC4
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/P91GTq5OqEEsDwmYILvk8waQnBg.roa
Signing time: Sun 25 May 2025 10:38:33 +0000
ROA not before: Sun 25 May 2025 10:38:33 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3524 (0xdc4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 25 10:38:33 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=3FDD464EAE4EA8412C0F099820BBE4F306909C18
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:16:62:93:97:78:0e:b6:10:1c:0c:2e:9c:d6:
b7:f9:79:2a:f9:0d:bf:ee:fa:c6:da:15:2b:e8:fb:
77:2a:bc:97:9e:23:2f:6a:b4:f5:f2:b4:aa:bc:76:
9b:c6:eb:ea:91:58:87:ef:b2:2f:eb:64:29:4f:cc:
2f:f8:4c:74:b9:00:7d:27:a2:c7:a7:08:3b:5d:8e:
09:bb:d5:e2:7c:d1:6c:a0:c7:b7:72:0d:cd:45:fa:
1c:9a:c3:c0:a8:ee:3a:f5:a0:88:1e:80:f2:11:1f:
a5:42:9f:0b:f4:a5:d8:ef:cb:1c:a1:9f:ef:2b:cf:
a8:20:c8:77:93:e9:07:29:28:1e:90:08:97:b7:80:
40:a8:57:dc:09:4a:8b:b4:ec:15:cb:32:28:f3:66:
73:af:73:42:c8:27:14:89:3b:df:94:5d:04:83:2b:
e8:0d:0f:82:5d:6c:4c:12:f6:dc:30:84:03:a4:5a:
b6:05:df:68:98:44:c5:4e:e4:2e:ff:b1:84:2a:9f:
4d:9d:da:4b:c9:96:31:43:84:2a:93:02:fd:c9:47:
44:2e:8f:64:27:31:29:c8:9f:55:08:11:97:6b:57:
6e:6d:a8:17:3c:a0:4e:47:e2:43:96:c4:4e:11:07:
b1:69:84:5b:34:f8:30:62:37:9d:b8:ca:34:a3:b0:
a6:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:DD:46:4E:AE:4E:A8:41:2C:0F:09:98:20:BB:E4:F3:06:90:9C:18
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/P91GTq5OqEEsDwmYILvk8waQnBg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
45:17:3b:6b:84:e7:6c:f1:83:94:fb:64:c7:20:45:06:55:1f:
38:6f:d9:84:e8:74:77:6a:a8:75:ac:bf:a3:bd:49:1b:84:2a:
38:67:09:d2:ed:f5:1a:02:7b:8c:ad:1a:a0:2b:54:bc:03:03:
e8:b4:7f:d4:e1:bc:49:5c:b4:c0:74:69:17:25:53:39:57:da:
36:73:26:15:2e:de:c7:a3:d0:8b:57:89:28:c7:e9:4e:31:fa:
a1:dc:5b:06:e3:fb:44:65:7c:a8:fb:2b:20:98:62:25:cb:e5:
b6:0e:e1:9b:22:45:2e:d9:4b:da:bd:f0:e8:75:92:b9:a1:db:
66:38:1c:94:b1:99:17:af:68:7a:56:89:ed:ca:43:cf:06:e2:
8e:d5:08:96:fe:bc:3b:97:89:7a:33:a3:52:42:ae:cd:fe:55:
3d:60:1c:84:39:f3:24:7c:42:7e:da:f6:5c:ab:cb:c7:e5:01:
ef:e2:0f:11:96:1f:af:95:5f:dc:16:23:51:45:50:2b:90:e6:
3c:1b:65:c4:7a:b7:98:54:d3:cf:ca:f6:0f:82:a3:6b:c5:5c:
9b:48:ac:43:22:5c:8d:e1:ff:7d:84:ff:af:d2:aa:e9:3c:83:
29:6f:65:c7:13:d6:c3:bf:9a:42:0b:94:7b:9b:4d:f4:20:5c:
ba:55:77:3a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDcQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjUx
MDM4MzNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDNGREQ0NjRFQUU0RUE4
NDEyQzBGMDk5ODIwQkJFNEYzMDY5MDlDMTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCaFmKTl3gOthAcDC6c1rf5eSr5Db/u+sbaFSvo+3cqvJeeIy9q
tPXytKq8dpvG6+qRWIfvsi/rZClPzC/4THS5AH0nosenCDtdjgm71eJ80Wygx7dy
Dc1F+hyaw8Co7jr1oIgegPIRH6VCnwv0pdjvyxyhn+8rz6ggyHeT6QcpKB6QCJe3
gECoV9wJSou07BXLMijzZnOvc0LIJxSJO9+UXQSDK+gND4JdbEwS9twwhAOkWrYF
32iYRMVO5C7/sYQqn02d2kvJljFDhCqTAv3JR0Quj2QnMSnIn1UIEZdrV25tqBc8
oE5H4kOWxE4RB7FphFs0+DBiN524yjSjsKahAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUP91GTq5OqEEsDwmYILvk8waQnBgwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9QOTFHVHE1T3FFRXNEd21Z
SUx2azh3YVFuQmcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAEUXO2uE52zxg5T7ZMcgRQZVHzhv2YTodHdq
qHWsv6O9SRuEKjhnCdLt9RoCe4ytGqArVLwDA+i0f9ThvElctMB0aRclUzlX2jZz
JhUu3sej0ItXiSjH6U4x+qHcWwbj+0RlfKj7KyCYYiXL5bYO4ZsiRS7ZS9q98Oh1
krmh22Y4HJSxmRevaHpWie3KQ88G4o7VCJb+vDuXiXozo1JCrs3+VT1gHIQ58yR8
Qn7a9lyry8flAe/iDxGWH6+VX9wWI1FFUCuQ5jwbZcR6t5hU08/K9g+Co2vFXJtI
rEMiXI3h/32E/6/Squk8gylvZccT1sO/mkILlHubTfQgXLpVdzo=
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:56:51 2025 by rpki-client