Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/CNqd-Q8z0_yXZQx88S5S1LFJFnI.roa
File: CNqd-Q8z0_yXZQx88S5S1LFJFnI.roa (raw, json)
Hash identifier: EyNU41FfO/QBtt+lZq5kZ4cdvUVuKn7MQSN3yk6MfwY=
Subject key identifier: 08:DA:9D:F9:0F:33:D3:FC:97:65:0C:7C:F1:2E:52:D4:B1:49:16:72
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 14E2
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/CNqd-Q8z0_yXZQx88S5S1LFJFnI.roa
Signing time: Tue 03 Jun 2025 22:09:18 +0000
ROA not before: Tue 03 Jun 2025 22:09:18 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5346 (0x14e2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 3 22:09:18 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=08DA9DF90F33D3FC97650C7CF12E52D4B1491672
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:8b:25:4b:3e:84:1d:a1:c4:e4:eb:1b:ee:8c:
4b:b6:1b:8b:ce:48:a9:30:51:df:69:89:e3:48:fb:
87:73:dd:b9:1a:bb:68:c9:92:82:50:10:87:39:31:
f3:3b:2c:ae:dc:de:0d:11:f1:84:b8:e7:46:83:4c:
e5:69:4b:a8:c2:d0:8a:28:42:a8:b0:60:2b:52:99:
13:3b:90:33:29:93:a0:b1:97:d5:7e:2b:8c:37:41:
22:ec:a1:29:a1:87:0c:6b:f1:68:9f:84:d3:1e:ef:
c0:90:25:bf:d1:40:d3:11:aa:76:35:8d:28:07:ec:
59:5e:fe:28:73:cd:2e:24:8f:1f:af:f4:0d:3c:fb:
46:cb:07:c4:8c:b2:92:ad:21:d9:23:d8:3f:0a:62:
27:c0:b1:61:6c:12:0b:e3:56:89:a0:52:df:99:39:
92:20:3a:ce:eb:61:9d:d5:a7:4e:5d:fc:15:3d:d1:
e0:77:28:71:2a:68:6c:02:a0:5f:43:09:d1:24:f4:
04:77:1c:07:f2:b3:9a:e7:98:7d:c0:00:30:51:21:
d8:af:1a:09:05:45:a9:b9:5a:fe:79:c9:91:a3:d4:
25:05:93:44:f2:dd:41:e4:82:54:d1:58:81:ac:6d:
43:83:2f:ff:a8:b9:cc:92:60:f6:df:e6:27:34:7c:
b7:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:DA:9D:F9:0F:33:D3:FC:97:65:0C:7C:F1:2E:52:D4:B1:49:16:72
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/CNqd-Q8z0_yXZQx88S5S1LFJFnI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
88:0f:8c:db:61:0c:9b:82:b5:da:5a:a1:55:4a:5c:08:14:86:
07:a5:9f:c2:6e:72:89:c4:75:ec:7c:39:b9:3f:b8:74:c7:bb:
61:ec:f8:cf:06:a3:a4:25:c1:b0:ff:d8:32:d0:1e:c9:f3:4f:
6a:43:09:88:ca:71:bc:e5:71:ce:1c:69:f8:47:1d:4a:ac:3f:
36:a2:ca:de:7f:bc:7b:84:19:cf:35:7a:63:fd:28:46:6a:51:
4a:39:43:b2:a5:ad:f3:3b:0e:2c:2e:41:67:0e:69:c3:81:d0:
3f:ee:4d:f4:ca:d4:a5:43:07:88:a6:a3:70:55:49:93:ba:62:
cc:f8:ae:c2:01:bd:11:8f:5b:f1:77:81:9f:8d:59:97:ec:95:
7f:3d:f7:c2:86:04:09:d4:09:56:f9:94:30:74:f7:42:eb:41:
03:51:2f:04:00:46:8f:8d:1c:d4:6f:92:e8:c6:c5:4f:04:3d:
40:df:1a:71:e1:73:28:aa:3f:3c:93:ed:a9:68:12:8c:eb:b1:
ab:9e:ef:6a:e2:db:d0:ac:80:51:4a:8e:ce:7b:fe:4b:3c:3a:
ac:8c:b3:f4:de:3c:f4:26:a1:19:5b:b6:fd:fd:f3:ad:ed:2f:
f0:1f:87:8b:19:6d:62:ed:c7:a1:1e:da:73:32:d0:ca:37:e1:
f5:51:2c:e0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFOIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDMy
MjA5MThaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDA4REE5REY5MEYzM0Qz
RkM5NzY1MEM3Q0YxMkU1MkQ0QjE0OTE2NzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLiyVLPoQdocTk6xvujEu2G4vOSKkwUd9pieNI+4dz3bkau2jJ
koJQEIc5MfM7LK7c3g0R8YS450aDTOVpS6jC0IooQqiwYCtSmRM7kDMpk6Cxl9V+
K4w3QSLsoSmhhwxr8WifhNMe78CQJb/RQNMRqnY1jSgH7Fle/ihzzS4kjx+v9A08
+0bLB8SMspKtIdkj2D8KYifAsWFsEgvjVomgUt+ZOZIgOs7rYZ3Vp05d/BU90eB3
KHEqaGwCoF9DCdEk9AR3HAfys5rnmH3AADBRIdivGgkFRam5Wv55yZGj1CUFk0Ty
3UHkglTRWIGsbUODL/+oucySYPbf5ic0fLfJAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUCNqd+Q8z0/yXZQx88S5S1LFJFnIwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9DTnFkLVE4ejBfeVhaUXg4
OFM1UzFMRkpGbkkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAIgPjNthDJuCtdpaoVVKXAgUhgeln8JuconE
dex8Obk/uHTHu2Hs+M8Go6QlwbD/2DLQHsnzT2pDCYjKcbzlcc4cafhHHUqsPzai
yt5/vHuEGc81emP9KEZqUUo5Q7KlrfM7DiwuQWcOacOB0D/uTfTK1KVDB4imo3BV
SZO6Ysz4rsIBvRGPW/F3gZ+NWZfslX8998KGBAnUCVb5lDB090LrQQNRLwQARo+N
HNRvkujGxU8EPUDfGnHhcyiqPzyT7aloEozrsaue72ri29CsgFFKjs57/ks8OqyM
s/TePPQmoRlbtv39863tL/Afh4sZbWLtx6Ee2nMy0Mo34fVRLOA=
-----END CERTIFICATE-----
Generated at Mon Jul 21 08:24:58 2025 by rpki-client