Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/cqEfUfyfqkUOsuFckX06r8ZkH64.roa
File: cqEfUfyfqkUOsuFckX06r8ZkH64.roa (raw, json)
Hash identifier: iY4eRporf5UwT1NK+Kle6CEhzIbknYYYcHlDQPKkjuo=
Subject key identifier: 72:A1:1F:51:FC:9F:AA:45:0E:B2:E1:5C:91:7D:3A:AF:C6:64:1F:AE
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0E10
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/cqEfUfyfqkUOsuFckX06r8ZkH64.roa
Signing time: Sun 25 May 2025 20:08:35 +0000
ROA not before: Sun 25 May 2025 20:08:35 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3600 (0xe10)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 25 20:08:35 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=72A11F51FC9FAA450EB2E15C917D3AAFC6641FAE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:0f:8d:3a:40:a8:37:24:40:c9:3f:46:74:15:
37:72:9a:76:04:9e:67:36:94:32:87:34:a3:b5:24:
0e:34:d1:3b:db:bc:e5:cd:56:eb:0b:eb:3d:40:66:
a6:9d:44:69:3f:a8:3e:fc:97:fb:cc:5e:4c:ae:78:
50:00:1f:2c:6c:94:42:bd:a4:25:7b:53:62:7d:dc:
99:81:95:17:fd:6a:34:ba:f3:3b:a9:9d:63:1a:c3:
3d:96:44:80:c1:86:8c:6f:54:c3:8b:d9:39:20:cd:
79:c3:11:e5:44:af:81:98:87:d8:16:b3:f2:41:47:
ba:75:eb:52:09:14:be:b8:bd:3a:86:c7:a3:a9:00:
02:c8:85:9d:16:f4:b5:67:e6:3d:2b:c6:a9:6d:fb:
a5:9c:e2:82:2f:e7:1c:57:9b:7c:42:5e:32:45:18:
d5:18:13:f5:04:24:bf:e8:46:eb:39:08:15:91:be:
ff:9f:81:5a:54:41:d4:e8:b8:93:5f:d2:29:9b:ba:
6d:8e:ca:36:5d:5c:1d:01:4a:74:3c:e2:69:5f:29:
b7:72:bf:42:07:9b:0b:c0:94:67:cd:b6:8c:97:53:
2b:d9:8f:a0:4f:7f:78:1e:d8:76:0c:1c:43:8a:c6:
58:9c:21:cf:07:64:d3:e1:cb:d6:48:15:98:d2:24:
5d:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:A1:1F:51:FC:9F:AA:45:0E:B2:E1:5C:91:7D:3A:AF:C6:64:1F:AE
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/cqEfUfyfqkUOsuFckX06r8ZkH64.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
22:13:65:dc:5f:df:10:e5:35:ea:53:01:bc:09:ae:6e:89:8b:
e8:e6:d5:0a:54:a3:16:34:7d:da:f4:a8:f7:ba:a4:64:ba:89:
a1:e1:e2:06:45:20:5f:f4:89:55:d0:d7:65:7b:c0:ba:37:d2:
ff:30:1b:01:2c:0c:ef:cc:2e:86:ae:b2:f8:3b:fc:db:d5:0c:
01:25:9c:1d:31:f9:c6:3d:29:83:ff:0a:fc:29:f0:41:dc:6f:
18:36:de:06:47:82:ad:51:27:5b:0d:a4:23:75:b8:8a:ce:d2:
e5:a6:22:ae:09:b7:05:4b:d5:79:71:36:b7:4b:2c:21:b2:8f:
32:97:df:18:c6:bd:ad:f2:50:b0:f2:8e:d2:df:65:04:b9:35:
4f:39:31:78:0b:86:f3:5b:23:00:77:a2:67:89:25:93:27:4f:
78:6c:2d:40:a5:55:9c:bb:b6:bf:05:c9:b0:e3:9c:ea:60:35:
7c:42:a8:74:a3:12:5d:8e:b3:ed:13:a7:eb:ab:e5:d1:53:78:
7b:a6:b9:fe:43:ad:5f:09:f2:4d:e6:9c:28:17:3d:45:30:94:
cd:01:41:33:4a:23:a3:6c:8a:56:76:15:81:ae:88:f7:42:53:
7d:ce:1d:11:b1:df:71:88:a7:43:26:93:c4:49:ef:49:82:fc:
4c:60:66:6d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDhAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjUy
MDA4MzVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDcyQTExRjUxRkM5RkFB
NDUwRUIyRTE1QzkxN0QzQUFGQzY2NDFGQUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCuD406QKg3JEDJP0Z0FTdymnYEnmc2lDKHNKO1JA400TvbvOXN
VusL6z1AZqadRGk/qD78l/vMXkyueFAAHyxslEK9pCV7U2J93JmBlRf9ajS68zup
nWMawz2WRIDBhoxvVMOL2TkgzXnDEeVEr4GYh9gWs/JBR7p161IJFL64vTqGx6Op
AALIhZ0W9LVn5j0rxqlt+6Wc4oIv5xxXm3xCXjJFGNUYE/UEJL/oRus5CBWRvv+f
gVpUQdTouJNf0imbum2OyjZdXB0BSnQ84mlfKbdyv0IHmwvAlGfNtoyXUyvZj6BP
f3ge2HYMHEOKxlicIc8HZNPhy9ZIFZjSJF3NAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUcqEfUfyfqkUOsuFckX06r8ZkH64wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9jcUVmVWZ5ZnFrVU9zdUZj
a1gwNnI4WmtINjQucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACITZdxf3xDlNepTAbwJrm6Ji+jm1QpUoxY0
fdr0qPe6pGS6iaHh4gZFIF/0iVXQ12V7wLo30v8wGwEsDO/MLoausvg7/NvVDAEl
nB0x+cY9KYP/Cvwp8EHcbxg23gZHgq1RJ1sNpCN1uIrO0uWmIq4JtwVL1XlxNrdL
LCGyjzKX3xjGva3yULDyjtLfZQS5NU85MXgLhvNbIwB3omeJJZMnT3hsLUClVZy7
tr8FybDjnOpgNXxCqHSjEl2Os+0Tp+ur5dFTeHumuf5DrV8J8k3mnCgXPUUwlM0B
QTNKI6NsilZ2FYGuiPdCU33OHRGx33GIp0Mmk8RJ70mC/ExgZm0=
-----END CERTIFICATE-----
Generated at Wed Jun 4 02:08:38 2025 by rpki-client