Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/gRGdna5ywF5hkIMIyn-zjcoyYFQ.roa
File: gRGdna5ywF5hkIMIyn-zjcoyYFQ.roa (raw, json)
Hash identifier: 6W9ENZOQdadgf4M7ItNOx+LTQ41cJqY1PK0itP3NVdE=
Subject key identifier: 81:11:9D:9D:AE:72:C0:5E:61:90:83:08:CA:7F:B3:8D:CA:32:60:54
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0C0C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/gRGdna5ywF5hkIMIyn-zjcoyYFQ.roa
Signing time: Fri 23 May 2025 03:38:25 +0000
ROA not before: Fri 23 May 2025 03:38:25 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3084 (0xc0c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 23 03:38:25 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=81119D9DAE72C05E61908308CA7FB38DCA326054
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:ff:3f:84:03:54:3d:16:66:c1:6c:84:12:b6:
94:3b:d6:1e:ab:44:b1:56:2e:c9:e2:a0:36:b7:42:
27:24:23:98:45:de:b9:b4:ce:46:0d:16:b9:29:8b:
9a:c0:dc:f3:eb:5a:9a:23:b2:e7:4f:64:90:97:fb:
8a:c2:9b:99:d8:af:7f:33:4d:50:4d:6c:46:8e:ca:
0a:85:a8:3e:04:ea:6c:3e:a0:64:9e:fa:94:88:90:
3c:d1:c4:2c:86:31:3a:43:56:67:cc:ee:4e:a8:2b:
a6:80:77:50:2e:ec:60:ae:58:08:74:32:e9:a4:75:
74:48:88:2b:5b:ed:9e:c1:95:42:47:81:ec:84:76:
45:ee:a0:5d:24:c3:28:c0:10:34:d3:44:b2:6f:18:
d7:c5:af:82:0e:6d:fe:61:24:41:7c:6d:40:5e:3e:
c9:3e:58:76:3e:fe:ad:cb:8c:e6:d2:77:99:a9:54:
1a:5e:f6:d7:c0:7a:2a:81:fb:3d:e1:1e:eb:45:14:
63:ad:02:9e:e4:e5:d4:18:36:3c:36:d7:db:75:41:
ac:de:42:20:99:2f:37:3f:3b:ae:f7:ec:64:a9:e2:
b2:02:09:40:71:e2:cd:55:50:ed:66:eb:41:37:77:
d7:f7:30:dd:4f:73:fe:4a:fa:7b:66:04:f9:82:c4:
9a:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:11:9D:9D:AE:72:C0:5E:61:90:83:08:CA:7F:B3:8D:CA:32:60:54
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/gRGdna5ywF5hkIMIyn-zjcoyYFQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
61:cf:3b:98:a2:f9:e9:3d:2f:33:91:b2:68:fe:f0:78:d1:e4:
aa:9c:52:2e:30:c9:09:33:9a:1c:1f:a7:6f:16:7f:61:f9:f6:
7f:f3:1d:d9:af:c8:19:82:91:20:04:b4:39:2b:9b:4d:11:06:
e3:41:b3:31:48:72:9b:e3:ca:a7:52:42:55:89:b8:f0:ad:4d:
be:a8:97:45:da:90:18:02:0e:81:59:f2:48:e6:1a:71:08:d3:
83:6e:71:50:5b:54:1a:02:64:70:f0:f9:ba:54:e9:0f:48:7c:
ff:a5:c2:09:66:1a:42:ba:04:a9:14:0d:58:20:73:3f:02:f6:
ff:62:2d:ba:0c:98:34:3f:3c:66:97:bb:34:53:29:7d:01:fe:
ca:2c:a5:8c:fd:1a:b3:a8:35:d1:be:c5:eb:7b:20:46:47:7b:
2d:a0:72:2d:4b:32:8b:2c:00:c4:11:30:0a:61:03:32:18:a4:
ad:d4:38:f5:81:c8:90:31:81:46:28:83:01:29:31:e0:ab:0f:
76:05:85:d1:ea:da:ca:bd:b8:2f:7b:74:8c:69:c3:ba:39:e2:
ed:ae:90:93:b3:d7:47:4a:3d:66:6b:fb:a8:fe:1b:f3:e4:79:
34:2c:29:15:a3:18:02:29:d6:d3:58:9d:43:5a:a5:b0:24:40:
0a:05:78:c7
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDAwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjMw
MzM4MjVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDgxMTE5RDlEQUU3MkMw
NUU2MTkwODMwOENBN0ZCMzhEQ0EzMjYwNTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1/z+EA1Q9FmbBbIQStpQ71h6rRLFWLsnioDa3QickI5hF3rm0
zkYNFrkpi5rA3PPrWpojsudPZJCX+4rCm5nYr38zTVBNbEaOygqFqD4E6mw+oGSe
+pSIkDzRxCyGMTpDVmfM7k6oK6aAd1Au7GCuWAh0MumkdXRIiCtb7Z7BlUJHgeyE
dkXuoF0kwyjAEDTTRLJvGNfFr4IObf5hJEF8bUBePsk+WHY+/q3LjObSd5mpVBpe
9tfAeiqB+z3hHutFFGOtAp7k5dQYNjw219t1QazeQiCZLzc/O6737GSp4rICCUBx
4s1VUO1m60E3d9f3MN1Pc/5K+ntmBPmCxJoBAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUgRGdna5ywF5hkIMIyn+zjcoyYFQwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9nUkdkbmE1eXdGNWhrSU1J
eW4tempjb3lZRlEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAGHPO5ii+ek9LzORsmj+8HjR5KqcUi4wyQkz
mhwfp28Wf2H59n/zHdmvyBmCkSAEtDkrm00RBuNBszFIcpvjyqdSQlWJuPCtTb6o
l0XakBgCDoFZ8kjmGnEI04NucVBbVBoCZHDw+bpU6Q9IfP+lwglmGkK6BKkUDVgg
cz8C9v9iLboMmDQ/PGaXuzRTKX0B/sospYz9GrOoNdG+xet7IEZHey2gci1LMoss
AMQRMAphAzIYpK3UOPWByJAxgUYogwEpMeCrD3YFhdHq2sq9uC97dIxpw7o54u2u
kJOz10dKPWZr+6j+G/PkeTQsKRWjGAIp1tNYnUNapbAkQAoFeMc=
-----END CERTIFICATE-----
Generated at Thu Jun 5 20:36:31 2025 by rpki-client