Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/4gWf3-DCctjWWkipobKiV7rEufs.roa
File: 4gWf3-DCctjWWkipobKiV7rEufs.roa (raw, json)
Hash identifier: VM1zS4uU52mt84f5OOrkmQ8OE3N0XB+EFaYFNDjuM2M=
Subject key identifier: E2:05:9F:DF:E0:C2:72:D8:D6:5A:48:A9:A1:B2:A2:57:BA:C4:B9:FB
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 12B6
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/4gWf3-DCctjWWkipobKiV7rEufs.roa
Signing time: Sun 01 Jun 2025 00:39:23 +0000
ROA not before: Sun 01 Jun 2025 00:39:23 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4790 (0x12b6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 1 00:39:23 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=E2059FDFE0C272D8D65A48A9A1B2A257BAC4B9FB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:c0:a9:f9:7b:21:c6:4e:d4:86:e9:65:bc:94:
3b:4e:ef:08:d3:80:0e:d9:4d:fc:3f:20:f1:d6:23:
5c:ff:4a:8d:c8:75:de:5a:6d:d2:e3:8c:51:ed:28:
f0:86:b4:fc:d2:9f:9a:ce:65:2e:6c:80:f4:5b:91:
0e:38:d7:79:80:9d:10:19:cc:ef:f8:14:b4:e2:71:
87:b5:44:6e:43:32:d4:62:68:bd:78:23:35:57:4a:
d7:e3:ff:35:15:cd:70:03:8c:62:b1:b2:67:83:db:
03:c7:9f:3b:b2:61:b2:2e:ac:62:85:09:d0:41:13:
43:ac:b4:5b:2d:c8:4c:87:08:34:26:b7:75:1a:de:
a3:c0:8d:25:87:32:9e:6b:c1:30:2d:3d:61:19:a5:
30:a1:2c:ee:87:68:74:f4:4a:19:28:f1:15:dd:e3:
f5:83:f4:aa:ac:17:e2:40:6e:9a:5e:0a:8b:ca:5f:
65:c2:b5:d4:dd:13:ad:0f:2f:a4:d7:ea:57:f9:45:
52:41:3d:e6:a4:0f:fb:d7:35:42:50:1b:f1:1d:a7:
ac:09:0b:0f:65:95:b6:33:f1:54:ee:8b:af:aa:b1:
66:7a:a9:23:1e:d7:e1:dd:2a:aa:6b:67:f6:75:74:
b9:2b:8a:0b:e4:8b:14:2f:b7:41:ef:b0:67:a8:46:
4e:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:05:9F:DF:E0:C2:72:D8:D6:5A:48:A9:A1:B2:A2:57:BA:C4:B9:FB
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/4gWf3-DCctjWWkipobKiV7rEufs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2a:a9:c1:4b:89:41:02:4f:d4:16:cb:02:b7:a4:1c:dc:0a:82:
74:41:7b:15:25:3c:f1:8f:14:2d:4a:34:f1:d3:1e:ba:75:8f:
6f:e1:84:70:9f:87:c3:f4:13:08:64:20:c1:b4:5f:af:fd:2f:
98:0c:a6:51:ec:c4:1b:20:92:f3:c7:1d:8b:db:d2:7c:76:c7:
a5:a5:2e:db:35:dc:2c:41:15:bc:5b:04:78:a2:18:9f:7a:e7:
d8:2e:d0:1a:49:52:ad:67:65:8d:82:5a:b5:94:1e:28:37:1e:
42:46:10:81:28:f9:93:63:74:dc:2f:b1:75:51:bf:76:fb:4b:
cb:a6:48:f6:da:81:dc:3b:92:cf:40:fe:99:ca:85:17:d4:90:
54:80:6a:e5:02:24:f3:72:7b:a9:1e:22:e2:41:bc:9f:83:b4:
0f:87:73:4c:1c:45:d6:29:69:da:32:7b:84:5e:9a:a4:34:1a:
81:f5:9f:3e:86:ba:54:53:0b:81:9d:50:65:33:85:8d:0d:40:
a3:89:fc:7a:0f:31:4b:be:e9:08:d0:b9:50:98:28:19:e3:40:
ed:24:ef:22:97:49:ac:d0:b7:a0:20:b4:28:66:9a:f7:54:38:
ae:84:fa:23:58:15:90:3e:84:b5:83:75:a7:ff:15:4b:02:6d:
1b:b1:5e:0e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICErYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDEw
MDM5MjNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEUyMDU5RkRGRTBDMjcy
RDhENjVBNDhBOUExQjJBMjU3QkFDNEI5RkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDtwKn5eyHGTtSG6WW8lDtO7wjTgA7ZTfw/IPHWI1z/So3Idd5a
bdLjjFHtKPCGtPzSn5rOZS5sgPRbkQ4413mAnRAZzO/4FLTicYe1RG5DMtRiaL14
IzVXStfj/zUVzXADjGKxsmeD2wPHnzuyYbIurGKFCdBBE0OstFstyEyHCDQmt3Ua
3qPAjSWHMp5rwTAtPWEZpTChLO6HaHT0Shko8RXd4/WD9KqsF+JAbppeCovKX2XC
tdTdE60PL6TX6lf5RVJBPeakD/vXNUJQG/Edp6wJCw9llbYz8VTui6+qsWZ6qSMe
1+HdKqprZ/Z1dLkrigvkixQvt0HvsGeoRk4xAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU4gWf3+DCctjWWkipobKiV7rEufswHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni80Z1dmMy1EQ2N0aldXa2lw
b2JLaVY3ckV1ZnMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBACqpwUuJQQJP1BbLArekHNwKgnRBexUlPPGP
FC1KNPHTHrp1j2/hhHCfh8P0EwhkIMG0X6/9L5gMplHsxBsgkvPHHYvb0nx2x6Wl
Lts13CxBFbxbBHiiGJ9659gu0BpJUq1nZY2CWrWUHig3HkJGEIEo+ZNjdNwvsXVR
v3b7S8umSPbagdw7ks9A/pnKhRfUkFSAauUCJPNye6keIuJBvJ+DtA+Hc0wcRdYp
adoye4RemqQ0GoH1nz6GulRTC4GdUGUzhY0NQKOJ/HoPMUu+6QjQuVCYKBnjQO0k
7yKXSazQt6AgtChmmvdUOK6E+iNYFZA+hLWDdaf/FUsCbRuxXg4=
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:23:07 2025 by rpki-client