Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/kRZb0NMi82WyAfq0RGnu8hH8edU.roa
File: kRZb0NMi82WyAfq0RGnu8hH8edU.roa (raw, json)
Hash identifier: gnLPtA5vq2mCSqIyBNoQU90buHcWfIFOU4HUSuYW0io=
Subject key identifier: 91:16:5B:D0:D3:22:F3:65:B2:01:FA:B4:44:69:EE:F2:11:FC:79:D5
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1390
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/kRZb0NMi82WyAfq0RGnu8hH8edU.roa
Signing time: Mon 02 Jun 2025 04:09:22 +0000
ROA not before: Mon 02 Jun 2025 04:09:22 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5008 (0x1390)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 2 04:09:22 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=91165BD0D322F365B201FAB44469EEF211FC79D5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:48:3a:d5:09:09:8b:85:c0:4f:cb:02:88:cc:
c3:8d:9e:7a:d5:26:93:db:0c:3d:70:f0:94:1c:1b:
8e:b5:3b:d6:12:48:c5:ac:26:e9:b9:0f:75:12:bb:
d6:8d:46:9b:9b:6e:ae:74:4d:86:07:2d:09:81:c8:
50:c2:a4:cf:07:05:a0:3b:c0:3c:a1:07:58:8b:23:
95:04:80:9b:9b:49:8e:41:6d:53:b6:67:ba:d3:61:
08:91:1c:1f:f4:6c:6a:b4:9c:03:0f:77:ff:06:b4:
f8:a5:8d:c3:7c:84:ea:f4:a0:ff:94:07:a1:44:8c:
73:71:d3:e3:ac:fc:84:9c:0a:a0:09:6d:8a:d8:af:
5b:ce:40:a8:f5:05:15:aa:58:1f:32:ba:57:43:08:
e2:bf:c8:34:5f:61:a8:3a:0f:ca:52:57:32:f6:ac:
ef:86:21:17:71:b7:43:66:19:7a:7a:24:eb:01:02:
7b:cb:e6:bc:e9:08:28:fa:d1:82:68:96:f0:8e:46:
77:0c:a1:9c:3d:d8:db:25:48:7c:8c:27:f5:30:e3:
cc:a8:d3:4d:89:e5:83:0a:4b:52:60:59:78:aa:63:
b7:36:5d:ab:8d:62:cb:0a:51:fc:9b:60:3d:ed:5f:
46:41:fb:19:73:db:38:83:b2:cc:83:29:45:83:f6:
d9:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:16:5B:D0:D3:22:F3:65:B2:01:FA:B4:44:69:EE:F2:11:FC:79:D5
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/kRZb0NMi82WyAfq0RGnu8hH8edU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8a:f8:1e:99:01:80:df:74:8e:9c:20:5d:79:b5:1b:b0:4a:ac:
90:47:3f:2c:e3:07:60:03:41:c8:88:b1:4a:bf:9e:69:fc:3b:
4b:2e:74:47:2a:bc:d4:78:d1:77:e2:65:dd:73:25:81:9e:aa:
85:7f:18:2d:04:51:80:27:85:69:8f:91:e4:0d:83:e2:3b:1b:
7a:7d:94:e7:d4:b0:fc:e1:46:c2:f9:73:c3:a8:2a:2d:32:9f:
d3:42:f4:ed:46:4e:23:3b:b2:81:29:de:6c:0f:1c:b9:d2:4e:
88:ee:8a:33:ca:03:6f:99:42:bc:a2:ba:67:ad:a4:7e:b9:f4:
8b:03:15:ef:20:3d:5f:4d:11:26:9b:00:3d:de:07:dc:b1:a6:
48:02:53:c4:0b:be:1b:6f:27:16:56:4a:bd:96:8c:28:e7:ee:
25:a8:7c:05:e0:00:96:2b:d7:a6:28:67:ea:85:45:2b:cf:12:
70:51:3b:56:78:81:ec:51:57:d0:96:54:65:26:da:ea:65:11:
56:57:15:60:6b:61:05:09:26:de:ed:5c:5c:44:d3:2f:da:25:
dd:e1:45:d8:24:aa:06:ba:2a:7e:10:ff:12:28:45:1d:5a:4e:
b6:b0:a4:78:12:e2:bc:63:27:92:98:fb:cd:d3:63:ee:2d:3d:
dd:34:94:61
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICE5AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDIw
NDA5MjJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDkxMTY1QkQwRDMyMkYz
NjVCMjAxRkFCNDQ0NjlFRUYyMTFGQzc5RDUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbSDrVCQmLhcBPywKIzMONnnrVJpPbDD1w8JQcG461O9YSSMWs
Jum5D3USu9aNRpubbq50TYYHLQmByFDCpM8HBaA7wDyhB1iLI5UEgJubSY5BbVO2
Z7rTYQiRHB/0bGq0nAMPd/8GtPiljcN8hOr0oP+UB6FEjHNx0+Os/IScCqAJbYrY
r1vOQKj1BRWqWB8yuldDCOK/yDRfYag6D8pSVzL2rO+GIRdxt0NmGXp6JOsBAnvL
5rzpCCj60YJolvCORncMoZw92NslSHyMJ/Uw48yo002J5YMKS1JgWXiqY7c2XauN
YssKUfybYD3tX0ZB+xlz2ziDssyDKUWD9tlhAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUkRZb0NMi82WyAfq0RGnu8hH8edUwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9rUlpiME5NaTgyV3lBZnEw
UkdudThoSDhlZFUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAIr4HpkBgN90jpwgXXm1G7BKrJBHPyzjB2AD
QciIsUq/nmn8O0sudEcqvNR40XfiZd1zJYGeqoV/GC0EUYAnhWmPkeQNg+I7G3p9
lOfUsPzhRsL5c8OoKi0yn9NC9O1GTiM7soEp3mwPHLnSTojuijPKA2+ZQryiumet
pH659IsDFe8gPV9NESabAD3eB9yxpkgCU8QLvhtvJxZWSr2WjCjn7iWofAXgAJYr
16YoZ+qFRSvPEnBRO1Z4gexRV9CWVGUm2uplEVZXFWBrYQUJJt7tXFxE0y/aJd3h
Rdgkqga6Kn4Q/xIoRR1aTrawpHgS4rxjJ5KY+83TY+4tPd00lGE=
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:52:27 2025 by rpki-client