Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/8qv2fCZ-ss8vDf_S4mRY2qRBXG0.roa
File: 8qv2fCZ-ss8vDf_S4mRY2qRBXG0.roa (raw, json)
Hash identifier: LsDn1fZ1KyWypKeWqe0WBEe63a6ah0mahr2G5Dkzu0U=
Subject key identifier: F2:AB:F6:7C:26:7E:B2:CF:2F:0D:FF:D2:E2:64:58:DA:A4:41:5C:6D
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0B72
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/8qv2fCZ-ss8vDf_S4mRY2qRBXG0.roa
Signing time: Thu 22 May 2025 08:08:22 +0000
ROA not before: Thu 22 May 2025 08:08:22 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2930 (0xb72)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 22 08:08:22 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=F2ABF67C267EB2CF2F0DFFD2E26458DAA4415C6D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:c9:66:0c:e0:7b:8c:3f:b0:d6:f1:ed:c0:56:
53:e7:36:38:f4:4a:7f:f3:ae:d0:48:38:48:07:f0:
5e:97:ee:34:07:18:6c:7f:4b:df:ab:8e:ad:75:0d:
91:c1:ea:64:d0:65:f7:de:4d:76:54:7b:fc:70:a9:
41:7c:ed:22:bd:4a:fb:d4:c5:4a:7f:b2:71:f3:45:
f6:e0:46:73:dc:47:79:04:97:2a:84:9e:7b:8a:c7:
75:08:64:1d:65:02:79:31:17:3e:ec:cd:74:88:4e:
c1:31:6b:a4:8d:ed:14:5a:33:b4:c9:de:fd:b2:db:
78:af:f7:82:e6:67:c2:4c:b2:80:19:c9:a1:83:00:
19:ca:1a:50:64:b9:cd:e1:54:0d:2d:12:ab:c6:6d:
15:46:3d:71:ca:69:ba:03:39:99:7a:6d:c0:b0:42:
e5:f8:ec:86:a8:dc:c0:ec:33:53:7c:b6:41:ca:22:
fe:15:8d:6e:60:63:e0:15:44:20:e2:74:5d:c4:29:
d8:28:6a:de:4f:f2:a6:29:b1:90:07:85:98:a3:e9:
25:e5:77:27:e3:f1:f4:f1:b5:18:00:a2:3c:95:15:
4f:d3:81:14:a9:16:f4:6e:15:25:96:59:98:22:2d:
86:4d:0e:67:de:d5:ea:a1:b3:f1:e4:d9:18:63:49:
e0:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:AB:F6:7C:26:7E:B2:CF:2F:0D:FF:D2:E2:64:58:DA:A4:41:5C:6D
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/8qv2fCZ-ss8vDf_S4mRY2qRBXG0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
66:3b:0c:32:32:02:09:03:43:b4:c7:3f:bb:b8:71:50:53:95:
f7:c0:9e:d8:2c:b6:c6:14:79:d8:71:03:38:4f:9d:94:f7:82:
9f:e3:c5:bf:5e:8d:0e:31:0b:6e:48:81:f6:f1:ac:d9:32:e5:
7a:66:7e:ab:d2:2b:33:3a:f8:bd:47:35:51:30:ae:13:2e:43:
b0:e4:98:19:50:9c:81:bd:15:ca:59:45:c7:53:74:73:7f:29:
50:3b:75:31:79:62:e8:84:53:11:14:50:e9:22:92:92:2a:ab:
3e:5c:ab:b6:6b:26:a9:dc:65:24:cd:0c:51:50:55:72:f6:8f:
07:7d:11:49:2e:61:f9:b3:ad:22:04:52:b6:a2:83:bb:a4:43:
51:35:61:c6:3b:61:d4:5a:c5:cc:ae:dd:18:f4:68:db:a2:3e:
5f:94:d3:13:18:ff:81:d7:85:3a:1e:9c:ff:41:90:73:fa:be:
17:92:d0:95:6b:b0:cf:84:ee:6f:00:52:98:a0:1d:7a:bb:06:
9f:0f:84:d2:45:d1:6e:e7:16:f6:6a:d2:dd:a6:3e:75:ee:95:
b9:e7:02:59:7e:ad:00:23:7c:70:c4:80:fd:75:ab:01:42:d7:
ec:4f:3e:78:d6:6e:00:07:d2:32:1d:6a:2b:a9:8c:2d:d4:a6:
30:3d:44:b0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICC3IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjIw
ODA4MjJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEYyQUJGNjdDMjY3RUIy
Q0YyRjBERkZEMkUyNjQ1OERBQTQ0MTVDNkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDeyWYM4HuMP7DW8e3AVlPnNjj0Sn/zrtBIOEgH8F6X7jQHGGx/
S9+rjq11DZHB6mTQZffeTXZUe/xwqUF87SK9SvvUxUp/snHzRfbgRnPcR3kElyqE
nnuKx3UIZB1lAnkxFz7szXSITsExa6SN7RRaM7TJ3v2y23iv94LmZ8JMsoAZyaGD
ABnKGlBkuc3hVA0tEqvGbRVGPXHKaboDOZl6bcCwQuX47Iao3MDsM1N8tkHKIv4V
jW5gY+AVRCDidF3EKdgoat5P8qYpsZAHhZij6SXldyfj8fTxtRgAojyVFU/TgRSp
FvRuFSWWWZgiLYZNDmfe1eqhs/Hk2RhjSeBTAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU8qv2fCZ+ss8vDf/S4mRY2qRBXG0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni84cXYyZkNaLXNzOHZEZl9T
NG1SWTJxUkJYRzAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAGY7DDIyAgkDQ7THP7u4cVBTlffAntgstsYU
edhxAzhPnZT3gp/jxb9ejQ4xC25IgfbxrNky5XpmfqvSKzM6+L1HNVEwrhMuQ7Dk
mBlQnIG9FcpZRcdTdHN/KVA7dTF5YuiEUxEUUOkikpIqqz5cq7ZrJqncZSTNDFFQ
VXL2jwd9EUkuYfmzrSIEUraig7ukQ1E1YcY7YdRaxcyu3Rj0aNuiPl+U0xMY/4HX
hToenP9BkHP6vheS0JVrsM+E7m8AUpigHXq7Bp8PhNJF0W7nFvZq0t2mPnXulbnn
All+rQAjfHDEgP11qwFC1+xPPnjWbgAH0jIdaiupjC3UpjA9RLA=
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:59:44 2025 by rpki-client