Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/whnSgSDZbbST2Iyga7o6uYq11rs.roa
File: whnSgSDZbbST2Iyga7o6uYq11rs.roa (raw, json)
Hash identifier: TG4QXugSXzWzcS5ARpRO8Br45SVv/LEfTwO0wpu7pf8=
Subject key identifier: C2:19:D2:81:20:D9:6D:B4:93:D8:8C:A0:6B:BA:3A:B9:8A:B5:D6:BB
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 080C
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/whnSgSDZbbST2Iyga7o6uYq11rs.roa
Signing time: Sat 17 May 2025 19:38:10 +0000
ROA not before: Sat 17 May 2025 19:38:10 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2060 (0x80c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 17 19:38:10 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=C219D28120D96DB493D88CA06BBA3AB98AB5D6BB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:12:ad:81:20:42:63:58:24:d0:a6:ba:1d:6e:
a9:18:1c:3a:4f:59:a3:d7:6c:d7:6b:11:47:8a:e2:
e6:76:26:5e:22:9f:32:ee:5a:9f:91:3d:dc:67:f1:
a2:5f:46:fb:4c:22:25:cd:22:ff:42:35:1d:4b:c9:
a8:61:2e:6c:d3:2d:73:16:3e:3f:b5:94:ec:ac:bd:
b9:32:e6:75:b0:09:34:30:1f:c4:97:2b:a4:27:b8:
0b:97:ca:1a:16:be:e7:82:a4:e1:6c:6f:e1:0e:85:
cd:72:10:9a:67:cd:20:d5:78:cd:d4:37:ce:71:40:
1c:cb:79:b6:24:f2:55:02:9c:cc:eb:7d:b7:82:0d:
7a:36:c1:6d:58:7f:bd:79:e8:57:b1:a1:c2:eb:92:
28:40:fb:2c:28:99:ae:0d:b0:cd:4c:89:f5:59:6a:
72:a1:5b:06:df:9b:de:4a:f5:1e:a9:37:b1:0c:19:
1f:41:e9:9c:32:db:43:47:35:f2:9c:b6:2f:96:f3:
f3:89:60:5f:07:aa:0b:d7:0c:40:7c:2c:1c:f1:35:
70:c3:bd:05:98:ce:ab:bb:df:38:0b:75:43:49:35:
2f:27:51:d6:01:9e:61:c5:80:52:41:25:c0:1e:08:
55:15:0c:36:58:a2:fb:ed:61:9c:a1:d8:8b:c8:4f:
7f:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:19:D2:81:20:D9:6D:B4:93:D8:8C:A0:6B:BA:3A:B9:8A:B5:D6:BB
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/whnSgSDZbbST2Iyga7o6uYq11rs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2c:b3:98:a4:43:00:4b:88:05:24:99:85:4f:32:b1:21:a8:f0:
2d:79:9c:34:b3:13:0e:4f:4c:8d:25:77:84:ed:00:01:0f:28:
6c:dd:eb:95:15:0c:dd:e8:1a:9c:32:75:c4:b0:c7:6e:7a:59:
ad:49:ea:cc:ab:87:1b:62:a5:ba:e7:95:e8:df:36:ee:07:ab:
43:36:76:7b:4a:01:f4:9b:ab:0b:0d:97:a0:65:4b:63:4c:73:
ba:86:af:3d:6b:58:f0:22:54:b8:e0:74:56:e8:94:7d:95:79:
70:45:f6:f2:b1:21:c8:62:ee:da:89:5c:2c:07:67:d8:a4:89:
53:34:0c:55:27:69:17:61:79:4c:ca:65:95:79:5a:c2:d7:3f:
f5:ca:36:5a:1d:b5:63:3b:17:e7:1c:8a:db:a6:7c:fd:9b:3a:
4d:9b:c9:93:2a:4b:66:1f:9c:82:47:c4:8f:cd:fd:62:85:a3:
98:2f:29:50:33:80:4c:35:2b:03:b5:0b:77:da:1d:25:dd:16:
14:19:31:0b:7c:27:ce:c7:67:58:43:79:8b:8b:4b:df:d8:a9:
f9:7a:03:35:13:4f:0b:ee:1b:99:b6:7a:04:87:16:c9:c7:b6:
24:f1:11:9b:9b:e3:22:47:3a:86:e5:6c:9a:62:47:38:85:c9:
c6:fd:49:fc
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICCAwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTcx
OTM4MTBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEMyMTlEMjgxMjBEOTZE
QjQ5M0Q4OENBMDZCQkEzQUI5OEFCNUQ2QkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDgEq2BIEJjWCTQprodbqkYHDpPWaPXbNdrEUeK4uZ2Jl4inzLu
Wp+RPdxn8aJfRvtMIiXNIv9CNR1LyahhLmzTLXMWPj+1lOysvbky5nWwCTQwH8SX
K6QnuAuXyhoWvueCpOFsb+EOhc1yEJpnzSDVeM3UN85xQBzLebYk8lUCnMzrfbeC
DXo2wW1Yf7156FexocLrkihA+ywoma4NsM1MifVZanKhWwbfm95K9R6pN7EMGR9B
6Zwy20NHNfKcti+W8/OJYF8HqgvXDEB8LBzxNXDDvQWYzqu73zgLdUNJNS8nUdYB
nmHFgFJBJcAeCFUVDDZYovvtYZyh2IvIT39DAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUwhnSgSDZbbST2Iyga7o6uYq11rswHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni93aG5TZ1NEWmJiU1QySXln
YTdvNnVZcTExcnMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBACyzmKRDAEuIBSSZhU8ysSGo8C15nDSzEw5P
TI0ld4TtAAEPKGzd65UVDN3oGpwydcSwx256Wa1J6syrhxtipbrnlejfNu4Hq0M2
dntKAfSbqwsNl6BlS2NMc7qGrz1rWPAiVLjgdFbolH2VeXBF9vKxIchi7tqJXCwH
Z9ikiVM0DFUnaRdheUzKZZV5WsLXP/XKNlodtWM7F+ccitumfP2bOk2byZMqS2Yf
nIJHxI/N/WKFo5gvKVAzgEw1KwO1C3faHSXdFhQZMQt8J87HZ1hDeYuLS9/Yqfl6
AzUTTwvuG5m2egSHFsnHtiTxEZub4yJHOoblbJpiRziFycb9Sfw=
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:52:43 2025 by rpki-client