Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/RPhwQHVqabSvNbXeczKedisum1E.roa
File: RPhwQHVqabSvNbXeczKedisum1E.roa (raw, json)
Hash identifier: ymMesRPAt9He0xl7dlZdzJuzllx1PVL29RkEfrxKFJo=
Subject key identifier: 44:F8:70:40:75:6A:69:B4:AF:35:B5:DE:73:32:9E:76:2B:2E:9B:51
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0B08
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/RPhwQHVqabSvNbXeczKedisum1E.roa
Signing time: Wed 21 May 2025 19:08:19 +0000
ROA not before: Wed 21 May 2025 19:08:19 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2824 (0xb08)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 21 19:08:19 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=44F87040756A69B4AF35B5DE73329E762B2E9B51
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:c5:1b:0a:34:94:48:c3:27:c9:33:13:29:f1:
d9:30:3c:0c:d3:b5:df:c6:d9:c8:f6:d7:a7:8b:84:
b0:e2:22:d3:9f:4b:1b:5c:7f:ff:2b:66:cc:56:01:
3e:25:76:34:a5:8e:6c:96:c3:17:b3:45:72:4f:a3:
70:94:5d:60:2d:a0:41:eb:fe:ea:77:32:4e:f8:fe:
7b:38:60:8a:a4:7f:17:d7:92:f0:dd:3e:89:b9:f8:
8c:6a:8d:4d:22:82:9e:64:9d:a3:4d:dc:b9:e3:3f:
e7:00:4b:82:34:d7:b3:ca:18:0e:26:42:73:2c:49:
4d:7c:f5:db:c8:8c:5b:10:73:22:76:d0:35:16:a2:
d8:b6:65:2b:27:4d:4f:ec:53:d8:a2:56:e7:f4:d2:
91:d5:fd:02:44:a7:b1:5c:c6:9f:9c:3a:b4:75:44:
db:e9:6b:53:c4:f3:5f:f4:28:26:35:80:77:69:9a:
f1:9e:db:c2:28:8e:27:d9:b9:88:7d:35:6f:9a:2e:
ee:09:60:7b:1a:4b:f4:62:a8:3d:7f:fb:37:9c:39:
5a:a2:dd:9b:f1:bd:da:ac:40:78:97:b9:72:c4:de:
d2:eb:b5:b4:71:94:ff:1c:9b:8e:a2:55:de:35:ce:
d4:95:a8:6e:9c:15:b9:75:24:0c:b1:3a:a3:d6:7f:
b7:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:F8:70:40:75:6A:69:B4:AF:35:B5:DE:73:32:9E:76:2B:2E:9B:51
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/RPhwQHVqabSvNbXeczKedisum1E.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8b:83:b6:27:39:6c:cc:20:a6:e9:4e:5b:fc:4b:e1:ae:ee:bf:
09:c8:b2:13:0e:83:f8:5d:f8:b8:e5:e4:33:40:42:58:68:95:
83:9a:bc:4e:2b:15:38:df:ad:b1:b1:b6:07:7d:5b:90:2a:7f:
58:21:8f:76:fa:fe:4c:bd:a8:38:f6:31:14:a2:ff:c2:d6:0a:
17:7c:c7:5a:71:df:cd:03:65:5b:95:75:41:9d:98:1c:93:ff:
63:f3:d5:a1:5a:7d:94:db:e8:7c:8d:65:b3:f6:83:ee:ff:fa:
a9:0f:37:c8:7d:60:4d:cb:25:54:07:92:40:43:20:ed:21:4e:
92:5b:ff:83:85:36:de:20:52:af:68:40:29:86:1b:ce:80:1c:
e4:95:34:c2:8b:0e:8a:25:62:52:a7:fa:69:53:3c:d2:5b:86:
d1:82:89:4e:55:df:e7:c9:7a:26:9d:34:d0:8c:4a:65:0d:95:
8f:5d:75:2a:2f:b9:c4:dc:c6:e0:94:0c:92:01:11:6f:e5:f6:
38:aa:61:6d:0e:f2:b7:ec:9e:33:f5:9c:24:9c:96:bf:73:30:
97:f9:64:bf:5e:02:39:6a:c1:24:dd:5e:28:d4:1a:13:27:2f:
7a:bc:2c:f7:04:b3:d2:16:1c:cf:9c:67:5b:fc:30:98:fb:94:
77:81:52:a5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICCwgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjEx
OTA4MTlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDQ0Rjg3MDQwNzU2QTY5
QjRBRjM1QjVERTczMzI5RTc2MkIyRTlCNTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4xRsKNJRIwyfJMxMp8dkwPAzTtd/G2cj216eLhLDiItOfSxtc
f/8rZsxWAT4ldjSljmyWwxezRXJPo3CUXWAtoEHr/up3Mk74/ns4YIqkfxfXkvDd
Pom5+IxqjU0igp5knaNN3LnjP+cAS4I017PKGA4mQnMsSU189dvIjFsQcyJ20DUW
oti2ZSsnTU/sU9iiVuf00pHV/QJEp7Fcxp+cOrR1RNvpa1PE81/0KCY1gHdpmvGe
28IojifZuYh9NW+aLu4JYHsaS/RiqD1/+zecOVqi3ZvxvdqsQHiXuXLE3tLrtbRx
lP8cm46iVd41ztSVqG6cFbl1JAyxOqPWf7fnAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQURPhwQHVqabSvNbXeczKedisum1EwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9SUGh3UUhWcWFiU3ZOYlhl
Y3pLZWRpc3VtMUUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIuDtic5bMwgpulOW/xL4a7uvwnIshMOg/hd
+Ljl5DNAQlholYOavE4rFTjfrbGxtgd9W5Aqf1ghj3b6/ky9qDj2MRSi/8LWChd8
x1px380DZVuVdUGdmByT/2Pz1aFafZTb6HyNZbP2g+7/+qkPN8h9YE3LJVQHkkBD
IO0hTpJb/4OFNt4gUq9oQCmGG86AHOSVNMKLDoolYlKn+mlTPNJbhtGCiU5V3+fJ
eiadNNCMSmUNlY9ddSovucTcxuCUDJIBEW/l9jiqYW0O8rfsnjP1nCSclr9zMJf5
ZL9eAjlqwSTdXijUGhMnL3q8LPcEs9IWHM+cZ1v8MJj7lHeBUqU=
-----END CERTIFICATE-----
Generated at Thu Jun 5 20:36:48 2025 by rpki-client