Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/iFoATrLzL0aGdWaSlrIqgyKjmN0.roa
File: iFoATrLzL0aGdWaSlrIqgyKjmN0.roa (raw, json)
Hash identifier: fBFkUUivXUnxwDCqeGd23RsmBgLdTWDeS6nJoPwWFd8=
Subject key identifier: 88:5A:00:4E:B2:F3:2F:46:86:75:66:92:96:B2:2A:83:22:A3:98:DD
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0ED4
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/iFoATrLzL0aGdWaSlrIqgyKjmN0.roa
Signing time: Mon 26 May 2025 20:38:44 +0000
ROA not before: Mon 26 May 2025 20:38:44 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3796 (0xed4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 26 20:38:44 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=885A004EB2F32F468675669296B22A8322A398DD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:aa:6d:38:31:0c:b3:ea:26:41:ba:40:13:02:
35:cd:bc:20:6a:41:04:7d:d7:be:9a:54:f9:7c:21:
af:94:df:c9:8a:59:41:68:58:60:ba:25:a1:ea:15:
e2:d4:5a:db:d9:32:5b:a5:68:40:6a:41:53:70:35:
62:28:2d:e6:6e:14:40:f3:79:5f:7d:e5:3f:21:10:
0c:65:39:bf:b5:d5:6a:36:0f:30:69:c0:8f:01:5c:
ce:b9:57:47:d3:2f:ff:01:32:f7:16:ab:90:b6:2a:
0b:a8:6c:15:d7:ed:95:02:05:80:9b:3e:50:5b:d6:
62:34:2b:aa:50:bb:d4:69:48:38:db:40:4b:64:2b:
a6:49:4e:49:b0:ce:a1:f6:03:99:51:2e:b6:82:25:
6b:33:db:27:fb:93:b3:0e:63:c3:51:3d:96:b2:77:
52:5e:bc:69:32:85:cf:5e:6b:87:f4:b1:8b:e2:9a:
4e:74:9d:65:36:95:ba:17:31:0b:43:1f:12:69:f5:
1a:20:b0:0b:80:43:28:16:bb:43:d7:c6:bf:ea:01:
0d:e0:72:19:36:6b:72:e2:9e:b7:12:e1:c1:c3:c8:
bf:4a:2c:2a:33:31:bc:f4:a2:f4:2f:35:9b:a6:0e:
5c:11:5a:ab:c8:5c:68:0b:66:63:ab:8f:74:ec:55:
49:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:5A:00:4E:B2:F3:2F:46:86:75:66:92:96:B2:2A:83:22:A3:98:DD
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/iFoATrLzL0aGdWaSlrIqgyKjmN0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7c:3c:23:17:b5:c4:c1:20:8a:d6:73:37:28:b7:c1:c8:f6:8f:
36:8c:a5:be:5f:44:3a:38:29:af:6a:ce:19:8b:3a:2a:d2:f4:
75:40:55:bc:4f:0b:a2:c5:e2:f2:fd:d5:eb:dc:67:c2:9e:8f:
47:45:fd:3f:bc:0e:52:aa:d2:2d:bc:16:65:28:44:82:ae:e7:
7a:63:a6:d0:0b:7b:0a:1b:d2:ef:7e:17:8c:04:55:d7:c4:f3:
83:56:39:df:4c:47:cd:a7:c6:61:f8:1b:31:4a:7a:fb:dd:e6:
80:d4:de:32:dc:cf:aa:a5:af:d4:b3:12:be:8a:94:fd:1b:3f:
f6:e4:34:66:9b:0c:a3:46:10:1e:ea:41:7e:f3:be:e4:51:be:
eb:18:64:63:c5:df:bb:49:2b:25:bd:f8:a8:25:85:92:d3:65:
b1:f5:95:24:ed:b3:93:ef:1e:11:7f:e0:c3:dd:52:81:7c:0c:
68:d4:cc:cd:f7:44:2a:4d:39:7b:a3:91:64:37:03:00:1d:8f:
ba:a4:56:f8:72:1e:5f:f6:68:04:b1:59:20:43:e8:56:be:a7:
5d:ff:14:6c:7a:47:f7:cf:8b:ec:03:31:d0:36:e2:f9:ae:19:
79:21:e5:44:1c:25:99:2f:60:b3:85:7f:cc:1f:36:71:41:c7:
a8:a9:bb:cc
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDtQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjYy
MDM4NDRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDg4NUEwMDRFQjJGMzJG
NDY4Njc1NjY5Mjk2QjIyQTgzMjJBMzk4REQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCjqm04MQyz6iZBukATAjXNvCBqQQR9176aVPl8Ia+U38mKWUFo
WGC6JaHqFeLUWtvZMlulaEBqQVNwNWIoLeZuFEDzeV995T8hEAxlOb+11Wo2DzBp
wI8BXM65V0fTL/8BMvcWq5C2KguobBXX7ZUCBYCbPlBb1mI0K6pQu9RpSDjbQEtk
K6ZJTkmwzqH2A5lRLraCJWsz2yf7k7MOY8NRPZayd1JevGkyhc9ea4f0sYvimk50
nWU2lboXMQtDHxJp9RogsAuAQygWu0PXxr/qAQ3gchk2a3LinrcS4cHDyL9KLCoz
Mbz0ovQvNZumDlwRWqvIXGgLZmOrj3TsVUmZAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUiFoATrLzL0aGdWaSlrIqgyKjmN0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9pRm9BVHJMekwwYUdkV2FT
bHJJcWd5S2ptTjAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAHw8Ixe1xMEgitZzNyi3wcj2jzaMpb5fRDo4
Ka9qzhmLOirS9HVAVbxPC6LF4vL91evcZ8Kej0dF/T+8DlKq0i28FmUoRIKu53pj
ptALewob0u9+F4wEVdfE84NWOd9MR82nxmH4GzFKevvd5oDU3jLcz6qlr9SzEr6K
lP0bP/bkNGabDKNGEB7qQX7zvuRRvusYZGPF37tJKyW9+KglhZLTZbH1lSTts5Pv
HhF/4MPdUoF8DGjUzM33RCpNOXujkWQ3AwAdj7qkVvhyHl/2aASxWSBD6Fa+p13/
FGx6R/fPi+wDMdA24vmuGXkh5UQcJZkvYLOFf8wfNnFBx6ipu8w=
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:04:24 2025 by rpki-client