Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/qVHZicu5a8-cMTi7cWl4pCwcLTY.roa
File: qVHZicu5a8-cMTi7cWl4pCwcLTY.roa (raw, json)
Hash identifier: 5iWELGzP57leps1BcIDDqCDS1ZgdVxyreu6H9AZqeRc=
Subject key identifier: A9:51:D9:89:CB:B9:6B:CF:9C:31:38:BB:71:69:78:A4:2C:1C:2D:36
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0BE8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/qVHZicu5a8-cMTi7cWl4pCwcLTY.roa
Signing time: Thu 22 May 2025 23:09:06 +0000
ROA not before: Thu 22 May 2025 23:09:06 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3048 (0xbe8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 22 23:09:06 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=A951D989CBB96BCF9C3138BB716978A42C1C2D36
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:e2:8b:31:cc:a5:ac:ef:9a:31:34:82:78:b6:
30:4e:97:94:3a:80:b8:12:9f:94:42:60:a7:9d:2b:
44:b6:e6:60:89:8d:b9:1f:85:10:6a:5a:5b:b7:3b:
b2:a7:33:43:80:23:ec:75:c5:dd:de:cd:80:aa:db:
2a:e3:49:51:7a:2b:13:1e:ad:95:6a:96:cc:70:72:
d1:86:75:14:03:c5:60:36:e9:1d:26:f5:5d:7e:dd:
55:ad:fe:e4:f3:94:12:c0:71:9d:e1:1c:5f:f4:21:
7a:2b:ae:0e:e8:2f:da:62:0f:1b:48:d7:0f:16:b7:
f9:38:6a:d9:75:0b:49:c7:ea:1b:43:65:e4:fe:53:
60:ab:78:ba:c7:ea:47:35:c2:7b:80:29:60:1a:99:
10:0c:9f:5e:6b:58:86:a9:2e:5f:6b:d2:ab:be:20:
79:eb:60:32:9f:7e:a2:5a:67:57:8a:1c:a0:35:71:
0e:74:9a:c6:9f:85:20:95:5b:88:36:e6:58:b8:f9:
9c:f3:e2:87:23:80:e3:32:eb:76:8d:fa:b8:c8:0a:
dc:35:c9:59:f0:56:4a:19:46:53:e7:3c:1c:c7:69:
99:e5:20:df:50:26:05:ad:bf:be:3e:35:02:56:ca:
98:ef:ac:5d:e4:ed:04:34:63:56:7f:10:c2:f8:5d:
43:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:51:D9:89:CB:B9:6B:CF:9C:31:38:BB:71:69:78:A4:2C:1C:2D:36
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/qVHZicu5a8-cMTi7cWl4pCwcLTY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2d:69:48:f7:08:b4:cb:26:cd:45:10:fb:e2:b4:b0:0a:b3:e3:
d8:38:12:0d:20:f1:73:9c:12:02:21:0d:4d:b4:57:82:73:ed:
7c:07:e6:12:18:bb:2b:be:46:16:9e:08:7b:b1:2f:33:da:52:
9c:4b:ff:a1:97:ad:ab:0f:3f:2f:c7:2f:75:15:c1:34:7a:e6:
5a:00:d7:f4:53:13:43:76:88:17:01:5b:0d:cd:45:73:b8:7d:
5b:50:8b:a5:54:47:bd:13:3d:c4:20:8d:34:f4:cc:40:3e:63:
21:e1:7e:9c:8b:34:de:cd:c8:5e:2e:f2:00:33:b2:94:17:c1:
ef:84:48:57:55:b9:f9:d8:c4:e5:e0:59:cd:64:ef:2b:83:28:
33:fa:72:68:57:4b:25:2b:21:54:ed:4a:b1:af:23:42:a4:e4:
17:0d:91:40:c4:8b:6c:0b:43:34:4e:f8:b2:02:ae:72:50:19:
23:15:72:40:22:44:3d:7b:b1:15:b1:25:1d:17:42:88:93:06:
7b:d6:46:f7:e6:8b:d9:e9:27:39:ea:62:84:50:27:44:89:7d:
e2:a2:79:59:9d:17:49:3d:a5:37:1d:af:1a:6f:90:da:7c:ec:
6b:49:da:eb:b4:74:d7:f8:15:4d:85:94:f2:45:4c:04:f0:c4:
00:95:25:14
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICC+gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjIy
MzA5MDZaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEE5NTFEOTg5Q0JCOTZC
Q0Y5QzMxMzhCQjcxNjk3OEE0MkMxQzJEMzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC24osxzKWs75oxNIJ4tjBOl5Q6gLgSn5RCYKedK0S25mCJjbkf
hRBqWlu3O7KnM0OAI+x1xd3ezYCq2yrjSVF6KxMerZVqlsxwctGGdRQDxWA26R0m
9V1+3VWt/uTzlBLAcZ3hHF/0IXorrg7oL9piDxtI1w8Wt/k4atl1C0nH6htDZeT+
U2CreLrH6kc1wnuAKWAamRAMn15rWIapLl9r0qu+IHnrYDKffqJaZ1eKHKA1cQ50
msafhSCVW4g25li4+Zzz4ocjgOMy63aN+rjICtw1yVnwVkoZRlPnPBzHaZnlIN9Q
JgWtv74+NQJWypjvrF3k7QQ0Y1Z/EML4XUMnAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUqVHZicu5a8+cMTi7cWl4pCwcLTYwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9xVkhaaWN1NWE4LWNNVGk3
Y1dsNHBDd2NMVFkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBAC1pSPcItMsmzUUQ++K0sAqz49g4Eg0g8XOc
EgIhDU20V4Jz7XwH5hIYuyu+RhaeCHuxLzPaUpxL/6GXrasPPy/HL3UVwTR65loA
1/RTE0N2iBcBWw3NRXO4fVtQi6VUR70TPcQgjTT0zEA+YyHhfpyLNN7NyF4u8gAz
spQXwe+ESFdVufnYxOXgWc1k7yuDKDP6cmhXSyUrIVTtSrGvI0Kk5BcNkUDEi2wL
QzRO+LICrnJQGSMVckAiRD17sRWxJR0XQoiTBnvWRvfmi9npJznqYoRQJ0SJfeKi
eVmdF0k9pTcdrxpvkNp87GtJ2uu0dNf4FU2FlPJFTATwxACVJRQ=
-----END CERTIFICATE-----
Generated at Thu Jun 5 19:18:50 2025 by rpki-client