Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/GdK7hqS7-LNZmLY5mjLZ7KZEX8o.roa
File: GdK7hqS7-LNZmLY5mjLZ7KZEX8o.roa (raw, json)
Hash identifier: 8NCQgUxvVNQurucOK6fJLgftcuse+oFNx21Yyy1QVLE=
Subject key identifier: 19:D2:BB:86:A4:BB:F8:B3:59:98:B6:39:9A:32:D9:EC:A6:44:5F:CA
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2102
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/GdK7hqS7-LNZmLY5mjLZ7KZEX8o.roa
Signing time: Fri 20 Jun 2025 13:41:40 +0000
ROA not before: Fri 20 Jun 2025 13:41:40 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8450 (0x2102)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 20 13:41:40 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=19D2BB86A4BBF8B35998B6399A32D9ECA6445FCA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:08:26:67:fe:95:70:21:f7:8b:f2:40:cc:1e:
ee:8f:49:40:f0:88:88:ef:a0:d8:1d:1f:b5:64:04:
9f:fa:49:12:aa:de:ab:b5:52:1d:c7:07:5e:31:4d:
f8:01:09:d0:fc:10:b5:72:be:42:37:ff:9c:15:50:
e9:39:1a:2f:71:56:b9:d0:f9:74:b0:61:fd:12:b6:
dc:f7:a1:d6:e8:dd:96:9e:93:4a:84:6f:81:49:08:
64:54:61:19:9a:a0:12:3c:29:80:11:69:d2:1f:67:
cb:6a:f4:e1:9c:e6:ed:44:9a:e6:d0:a8:ce:99:53:
07:c4:2c:37:03:d8:42:50:b8:7a:fb:9f:24:c2:1e:
92:d7:e8:74:5e:49:7a:ab:9f:25:cc:37:97:08:2a:
3a:d9:d8:55:85:6f:36:2a:3c:39:73:be:a2:af:a1:
0b:d6:fc:4f:81:14:47:3d:54:19:59:b7:bd:db:21:
33:0a:b0:2b:36:e5:c6:73:88:3d:60:04:66:b6:06:
b7:63:c7:a1:be:2f:eb:59:3f:e0:a6:39:20:88:21:
74:7a:cd:62:1c:f2:47:af:cd:1d:46:b6:38:22:6d:
84:96:9e:19:34:15:e5:dc:f6:b7:1f:32:69:f7:90:
14:b5:a1:1a:8d:40:18:35:6e:cb:57:42:bd:a6:ba:
a5:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:D2:BB:86:A4:BB:F8:B3:59:98:B6:39:9A:32:D9:EC:A6:44:5F:CA
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/GdK7hqS7-LNZmLY5mjLZ7KZEX8o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
87:fc:56:00:b5:0e:94:96:83:61:ba:31:1f:62:50:a0:11:1e:
12:b7:87:7c:25:e7:4f:67:bf:2a:6f:09:5d:e9:f9:11:32:a3:
00:66:5b:bd:15:b2:d0:a6:26:25:df:25:d0:2d:9d:85:03:6f:
a2:9c:6c:c8:11:f1:82:68:18:a6:03:c5:ef:06:d0:b7:1f:90:
88:2f:63:02:ff:7d:8a:7f:ec:cf:5e:40:7c:5a:72:6c:44:b0:
50:e4:b5:99:34:50:95:b7:ac:03:6b:ab:cb:b5:59:ab:6f:88:
5d:12:29:a5:b3:f7:4b:2f:6b:e5:d6:96:d2:01:56:f5:70:ea:
9e:42:49:46:50:8b:72:c7:92:79:c5:ee:c0:98:a7:5a:9a:b4:
ae:0d:da:3c:fc:36:08:85:ae:f2:19:cd:ea:4e:cb:1f:5b:59:
91:14:97:ba:20:82:0a:85:a4:30:bc:7b:1f:e2:e8:86:2a:78:
16:9a:96:7e:8c:e8:df:c7:71:c6:03:1d:48:04:08:6d:38:34:
87:bb:36:78:d4:7c:a9:b3:96:e2:e5:6a:8f:71:c2:d6:a2:9f:
13:c2:6f:87:d2:32:24:19:c1:fd:4e:ba:50:f8:32:55:c7:3a:
73:28:9f:f0:e3:ac:54:11:4c:55:35:c3:a4:61:ad:28:42:13:
12:6c:f5:62
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIQIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjAx
MzQxNDBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDE5RDJCQjg2QTRCQkY4
QjM1OTk4QjYzOTlBMzJEOUVDQTY0NDVGQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCsCCZn/pVwIfeL8kDMHu6PSUDwiIjvoNgdH7VkBJ/6SRKq3qu1
Uh3HB14xTfgBCdD8ELVyvkI3/5wVUOk5Gi9xVrnQ+XSwYf0Sttz3odbo3Zaek0qE
b4FJCGRUYRmaoBI8KYARadIfZ8tq9OGc5u1EmubQqM6ZUwfELDcD2EJQuHr7nyTC
HpLX6HReSXqrnyXMN5cIKjrZ2FWFbzYqPDlzvqKvoQvW/E+BFEc9VBlZt73bITMK
sCs25cZziD1gBGa2Brdjx6G+L+tZP+CmOSCIIXR6zWIc8kevzR1GtjgibYSWnhk0
FeXc9rcfMmn3kBS1oRqNQBg1bstXQr2muqWLAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUGdK7hqS7+LNZmLY5mjLZ7KZEX8owHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9HZEs3aHFTNy1MTlptTFk1
bWpMWjdLWkVYOG8ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAIf8VgC1DpSWg2G6MR9iUKARHhK3h3wl509n
vypvCV3p+REyowBmW70VstCmJiXfJdAtnYUDb6KcbMgR8YJoGKYDxe8G0LcfkIgv
YwL/fYp/7M9eQHxacmxEsFDktZk0UJW3rANrq8u1WatviF0SKaWz90sva+XWltIB
VvVw6p5CSUZQi3LHknnF7sCYp1qatK4N2jz8NgiFrvIZzepOyx9bWZEUl7ogggqF
pDC8ex/i6IYqeBaaln6M6N/HccYDHUgECG04NIe7NnjUfKmzluLlao9xwtainxPC
b4fSMiQZwf1OulD4MlXHOnMon/DjrFQRTFU1w6RhrShCExJs9WI=
-----END CERTIFICATE-----
Generated at Sun Jul 20 13:14:42 2025 by rpki-client