Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/CWXsrrbf03Don7jo7aE498kt2iI.roa
File: CWXsrrbf03Don7jo7aE498kt2iI.roa (raw, json)
Hash identifier: CST3DNcs3E+WL5fDErnvd45ofSlJt73BKa1vL0Cl0Po=
Subject key identifier: 09:65:EC:AE:B6:DF:D3:70:E8:9F:B8:E8:ED:A1:38:F7:C9:2D:DA:22
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 22A6
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/CWXsrrbf03Don7jo7aE498kt2iI.roa
Signing time: Sun 22 Jun 2025 18:12:02 +0000
ROA not before: Sun 22 Jun 2025 18:12:02 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8870 (0x22a6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 22 18:12:02 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=0965ECAEB6DFD370E89FB8E8EDA138F7C92DDA22
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:1e:25:4d:a6:68:47:8c:da:6e:4d:d8:01:5f:
de:1a:32:42:e1:b7:bc:b5:15:ef:f6:a6:f3:ed:dd:
43:d4:50:cc:da:f2:25:20:15:12:14:dd:04:dd:04:
7d:c6:cc:f1:e3:41:86:ca:f4:f6:11:f1:71:15:4b:
85:f6:af:e6:96:6a:21:de:b6:53:0f:99:31:16:a5:
3d:fb:28:bd:a9:e4:94:8f:82:da:2b:b9:0a:6b:ff:
65:2b:27:d4:32:42:c9:18:79:c5:4d:f8:c6:96:21:
fe:d7:5c:fc:c9:91:94:3f:68:2e:72:cb:b9:06:23:
4c:83:7c:ac:ba:09:a4:9f:60:51:5d:33:ec:36:ce:
74:2d:3f:fc:53:ad:e1:c9:21:18:38:1a:bc:ee:64:
e4:30:b2:fb:4d:95:73:c2:52:10:c9:04:7b:1c:1c:
8b:2f:16:05:c5:b9:ee:35:d6:8c:a9:e3:31:87:fc:
c6:c9:a4:bf:b8:c7:3d:77:f1:58:ab:d8:2e:ba:e3:
48:b6:f1:18:9b:c3:48:d2:08:10:79:73:03:bd:ac:
15:ee:48:53:b3:7a:bf:e0:1d:b3:29:e2:55:04:83:
7e:2e:50:3b:03:5a:fe:0d:ca:3a:4d:63:0b:fd:36:
d7:76:0d:46:0f:11:5b:56:e9:bd:5b:5e:c2:b4:e1:
c8:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:65:EC:AE:B6:DF:D3:70:E8:9F:B8:E8:ED:A1:38:F7:C9:2D:DA:22
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/CWXsrrbf03Don7jo7aE498kt2iI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
0a:18:cf:40:10:fc:ab:8a:12:5e:e1:ee:88:e3:fa:f6:3d:22:
99:35:6b:ca:be:f1:79:dd:70:cd:8c:de:27:9c:6e:9a:f3:d6:
b4:ce:b5:8a:1c:b0:39:36:93:7e:31:36:39:1e:6c:78:79:32:
26:b5:64:ef:bd:4a:9e:84:23:89:ad:59:6a:1d:0d:22:65:2f:
93:c1:1f:5c:31:76:d4:b9:aa:9e:3e:f2:ce:2b:ff:bc:7d:85:
a0:2d:49:34:c5:83:88:30:77:33:59:84:0f:d5:25:c2:57:0a:
8c:91:c1:ff:88:c2:39:6e:5c:7b:a3:f9:e2:9c:b2:33:25:27:
5d:38:d7:43:ff:80:9a:eb:7b:af:7d:59:c4:74:7d:36:0b:a1:
c9:c7:55:6d:e0:97:ed:66:9e:ae:e1:b7:21:28:8b:0a:da:0a:
96:f4:78:ac:1a:aa:a0:a2:1d:c7:46:be:9e:b6:6d:f7:90:f1:
cb:93:2b:f1:fe:03:93:36:38:ef:19:82:09:e2:fe:0c:54:e3:
c5:43:ad:bc:49:8f:b0:e2:98:b8:27:f7:72:86:63:3c:b0:a2:
4d:e4:de:1b:1c:23:e5:0a:7f:be:e3:c3:f5:61:12:d6:9c:68:
b9:42:29:37:f0:48:0a:ec:82:f3:3d:70:aa:06:5f:67:d1:c4:
fb:e1:12:e9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIqYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjIx
ODEyMDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDA5NjVFQ0FFQjZERkQz
NzBFODlGQjhFOEVEQTEzOEY3QzkyRERBMjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9HiVNpmhHjNpuTdgBX94aMkLht7y1Fe/2pvPt3UPUUMza8iUg
FRIU3QTdBH3GzPHjQYbK9PYR8XEVS4X2r+aWaiHetlMPmTEWpT37KL2p5JSPgtor
uQpr/2UrJ9QyQskYecVN+MaWIf7XXPzJkZQ/aC5yy7kGI0yDfKy6CaSfYFFdM+w2
znQtP/xTreHJIRg4GrzuZOQwsvtNlXPCUhDJBHscHIsvFgXFue411oyp4zGH/MbJ
pL+4xz138Vir2C6640i28Ribw0jSCBB5cwO9rBXuSFOzer/gHbMp4lUEg34uUDsD
Wv4NyjpNYwv9Ntd2DUYPEVtW6b1bXsK04chrAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUCWXsrrbf03Don7jo7aE498kt2iIwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9DV1hzcnJiZjAzRG9uN2pv
N2FFNDk4a3QyaUkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAAoYz0AQ/KuKEl7h7ojj+vY9Ipk1a8q+8Xnd
cM2M3iecbprz1rTOtYocsDk2k34xNjkebHh5Mia1ZO+9Sp6EI4mtWWodDSJlL5PB
H1wxdtS5qp4+8s4r/7x9haAtSTTFg4gwdzNZhA/VJcJXCoyRwf+IwjluXHuj+eKc
sjMlJ10410P/gJrre699WcR0fTYLocnHVW3gl+1mnq7htyEoiwraCpb0eKwaqqCi
HcdGvp62bfeQ8cuTK/H+A5M2OO8Zggni/gxU48VDrbxJj7DimLgn93KGYzywok3k
3hscI+UKf77jw/VhEtacaLlCKTfwSArsgvM9cKoGX2fRxPvhEuk=
-----END CERTIFICATE-----
Generated at Sun Jul 20 19:09:17 2025 by rpki-client