Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/doaHDJKolAqmI3-AiL5N-neOt3k.roa
File: doaHDJKolAqmI3-AiL5N-neOt3k.roa (raw, json)
Hash identifier: 8OwcLwwHSJZN3s/7cJ4w5wWOF/zo3goBOGAYBk/7kJI=
Subject key identifier: 76:86:87:0C:92:A8:94:0A:A6:23:7F:80:88:BE:4D:FA:77:8E:B7:79
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0850
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/doaHDJKolAqmI3-AiL5N-neOt3k.roa
Signing time: Sun 18 May 2025 04:08:07 +0000
ROA not before: Sun 18 May 2025 04:08:07 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2128 (0x850)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 18 04:08:07 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=7686870C92A8940AA6237F8088BE4DFA778EB779
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:f6:dd:4f:8a:e9:40:61:5d:28:36:34:fc:04:
c1:47:89:a1:5e:43:76:42:a7:2c:83:31:1a:42:85:
86:37:55:64:23:9f:26:c7:7e:ae:c6:79:e5:08:4b:
1f:33:96:78:ae:34:89:86:bd:a0:4c:c1:6f:e5:4f:
b0:a2:22:4b:bf:cf:0b:ce:60:d6:4f:dc:54:89:aa:
bd:f9:f3:bb:12:1e:89:1e:6a:bf:5f:26:26:b4:c5:
04:b4:92:b8:ce:7a:3d:ec:6a:39:6e:15:7e:e7:ce:
7c:59:f8:36:f6:5c:e8:00:9d:d1:01:de:fb:7c:44:
51:c5:99:a8:64:61:47:e1:26:47:a4:78:27:0a:7c:
73:57:ee:29:64:b6:cc:8c:bd:55:d2:8c:dc:81:11:
48:35:64:8c:ce:85:37:34:30:ca:44:36:65:26:fe:
2c:5b:ae:c4:41:03:ab:d4:fd:74:26:ef:50:9f:74:
5b:44:45:84:13:16:8a:91:33:e7:47:c5:86:f3:44:
1b:0a:74:cc:13:17:ff:3e:7b:96:38:25:ac:89:1a:
9d:20:81:0f:af:d9:63:40:d0:ac:c1:d9:a4:67:71:
9c:a6:8b:d4:93:ac:3b:a0:57:bb:e3:e8:9d:b3:dc:
cd:0c:ef:c4:f5:04:bd:a1:43:90:62:ff:ab:18:31:
0c:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:86:87:0C:92:A8:94:0A:A6:23:7F:80:88:BE:4D:FA:77:8E:B7:79
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/doaHDJKolAqmI3-AiL5N-neOt3k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
86:77:25:a6:41:b9:d2:32:43:57:14:2b:15:c1:85:62:69:bf:
8e:c3:64:af:44:4e:54:6c:e1:50:3d:44:30:b7:45:2e:5c:a9:
a7:2f:76:bb:6d:d2:86:3d:6a:75:dc:70:43:05:fa:c0:2b:a3:
4f:e4:22:28:c2:a4:cc:6b:8b:11:02:f2:4f:6d:43:85:78:f2:
59:07:ca:ce:45:56:36:4f:06:89:37:68:44:28:d2:c0:17:12:
6a:2f:16:70:3c:71:5c:bf:6a:b7:6c:71:45:f8:7c:34:92:93:
05:2a:d6:fa:33:6f:da:e5:49:72:6a:88:18:f4:33:d2:60:0e:
eb:17:c2:94:25:38:09:30:0a:ae:9d:fa:1b:74:de:2a:75:7c:
81:3f:e3:8b:07:d8:46:85:10:b8:48:8c:4f:6c:84:54:1d:f8:
1f:e1:76:7e:02:e1:6d:4e:c5:55:2c:06:6f:e3:df:cb:84:51:
61:9d:0b:e9:95:02:7d:a6:96:33:22:86:4b:53:60:01:9f:4e:
2b:c8:3e:04:76:96:99:12:c5:7e:a7:92:84:05:a0:89:95:70:
8d:41:4f:ee:20:6a:90:dd:cd:01:88:95:ec:f2:9d:d3:cc:9b:
b3:c7:e7:7d:60:d0:ee:58:57:31:52:61:0c:94:d3:ca:16:69:
c0:81:e6:a0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICCFAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTgw
NDA4MDdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDc2ODY4NzBDOTJBODk0
MEFBNjIzN0Y4MDg4QkU0REZBNzc4RUI3NzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDq9t1PiulAYV0oNjT8BMFHiaFeQ3ZCpyyDMRpChYY3VWQjnybH
fq7GeeUISx8zlniuNImGvaBMwW/lT7CiIku/zwvOYNZP3FSJqr3587sSHokear9f
Jia0xQS0krjOej3sajluFX7nznxZ+Db2XOgAndEB3vt8RFHFmahkYUfhJkekeCcK
fHNX7ilktsyMvVXSjNyBEUg1ZIzOhTc0MMpENmUm/ixbrsRBA6vU/XQm71CfdFtE
RYQTFoqRM+dHxYbzRBsKdMwTF/8+e5Y4JayJGp0ggQ+v2WNA0KzB2aRncZymi9ST
rDugV7vj6J2z3M0M78T1BL2hQ5Bi/6sYMQz/AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUdoaHDJKolAqmI3+AiL5N+neOt3kwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9kb2FIREpLb2xBcW1JMy1B
aUw1Ti1uZU90M2sucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIZ3JaZBudIyQ1cUKxXBhWJpv47DZK9ETlRs
4VA9RDC3RS5cqacvdrtt0oY9anXccEMF+sAro0/kIijCpMxrixEC8k9tQ4V48lkH
ys5FVjZPBok3aEQo0sAXEmovFnA8cVy/ardscUX4fDSSkwUq1vozb9rlSXJqiBj0
M9JgDusXwpQlOAkwCq6d+ht03ip1fIE/44sH2EaFELhIjE9shFQd+B/hdn4C4W1O
xVUsBm/j38uEUWGdC+mVAn2mljMihktTYAGfTivIPgR2lpkSxX6nkoQFoImVcI1B
T+4gapDdzQGIlezyndPMm7PH531g0O5YVzFSYQyU08oWacCB5qA=
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:53:11 2025 by rpki-client