Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/HE4mMxyd-nGZ0MEvMh1QFabi8sU.roa
File: HE4mMxyd-nGZ0MEvMh1QFabi8sU.roa (raw, json)
Hash identifier: hXHFpY23n1r463rvmN9kIsMqOhDnYOUt02npmL3UPws=
Subject key identifier: 1C:4E:26:33:1C:9D:FA:71:99:D0:C1:2F:32:1D:50:15:A6:E2:F2:C5
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0E3E
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/HE4mMxyd-nGZ0MEvMh1QFabi8sU.roa
Signing time: Mon 26 May 2025 01:38:38 +0000
ROA not before: Mon 26 May 2025 01:38:38 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3646 (0xe3e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 26 01:38:38 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=1C4E26331C9DFA7199D0C12F321D5015A6E2F2C5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:d0:95:de:ef:bf:22:12:6d:56:9b:6e:20:f6:
68:4d:57:8c:80:01:41:24:e2:70:fe:b9:8c:10:91:
37:ab:c7:21:be:ed:b0:6b:8a:e0:51:41:54:7b:7b:
b8:80:1d:96:50:c2:ec:c4:2f:0d:d3:fb:b0:67:f2:
fa:18:c0:2c:f6:07:30:b4:fd:d6:f6:67:9d:11:04:
26:36:8d:55:82:3f:85:33:0a:38:6c:c3:7f:b6:56:
01:14:88:93:f3:46:d0:d4:ed:76:cf:7b:7c:3f:f8:
35:70:b5:dd:44:a6:e3:47:b4:f7:2c:a0:48:8b:b8:
cd:a9:28:f3:66:9b:db:a6:35:29:e2:f5:4d:53:02:
4d:f6:15:e5:6f:e1:4f:16:e7:47:0e:43:84:77:6f:
05:97:d9:48:d8:8a:58:1d:9d:a0:52:65:a4:9b:78:
09:fd:b8:00:b2:32:fb:a3:1b:9e:9a:fe:57:8e:1a:
20:c7:f3:24:76:2c:65:14:c8:fa:96:03:5d:e0:23:
a5:12:2b:e8:f0:4c:0f:b7:db:17:00:b7:30:bb:f5:
2e:c8:96:9d:5a:dc:99:d2:6f:f9:17:ad:18:43:2e:
0a:de:a1:d5:4a:31:7a:1d:91:a5:ed:28:0a:3c:a2:
86:cc:fd:74:84:c5:b1:36:27:77:86:77:87:6c:3c:
36:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:4E:26:33:1C:9D:FA:71:99:D0:C1:2F:32:1D:50:15:A6:E2:F2:C5
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/HE4mMxyd-nGZ0MEvMh1QFabi8sU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
61:26:46:df:9d:03:ca:e7:cd:e1:ad:e3:b9:e0:10:90:19:2f:
92:fa:6c:5c:60:7c:74:70:d3:61:9a:20:91:c9:29:dc:56:96:
38:0a:8e:fc:08:d7:af:ff:ca:db:ec:cb:8f:e5:b1:61:ab:6a:
da:21:7a:11:4f:aa:b8:7e:0f:e4:82:ea:fd:73:35:2e:0d:46:
a3:cb:4c:82:51:ae:29:47:21:9a:28:78:22:04:e9:04:1f:60:
65:e6:ce:95:f7:46:24:60:cd:9c:70:6e:ea:d6:e6:27:a3:66:
24:6c:b3:18:fa:32:17:fe:44:dc:5a:0d:75:c1:6f:be:ff:fb:
6b:e3:ab:67:66:59:0e:fe:3f:5d:49:6c:1f:99:10:06:bc:cf:
81:1b:a1:18:a7:1e:e3:4c:59:a0:11:b2:80:83:81:75:47:53:
13:3e:5a:49:66:1c:23:1d:f6:e6:4b:32:bb:cf:85:c8:8e:3c:
0a:2d:49:07:97:57:ae:35:8c:e5:01:62:ce:0c:3e:67:74:e2:
3a:45:6f:27:9b:86:6c:db:f7:5b:22:6a:7e:ac:12:30:2d:fd:
01:d1:65:d9:cb:a8:d9:5d:07:b5:fc:67:a2:f2:04:e1:ad:7f:
8f:59:38:1d:a9:1f:07:7c:89:80:fb:24:18:00:26:5d:5c:ea:
b1:d9:0f:3f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDj4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjYw
MTM4MzhaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDFDNEUyNjMzMUM5REZB
NzE5OUQwQzEyRjMyMUQ1MDE1QTZFMkYyQzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDC0JXe778iEm1Wm24g9mhNV4yAAUEk4nD+uYwQkTerxyG+7bBr
iuBRQVR7e7iAHZZQwuzELw3T+7Bn8voYwCz2BzC0/db2Z50RBCY2jVWCP4UzCjhs
w3+2VgEUiJPzRtDU7XbPe3w/+DVwtd1EpuNHtPcsoEiLuM2pKPNmm9umNSni9U1T
Ak32FeVv4U8W50cOQ4R3bwWX2UjYilgdnaBSZaSbeAn9uACyMvujG56a/leOGiDH
8yR2LGUUyPqWA13gI6USK+jwTA+32xcAtzC79S7Ilp1a3JnSb/kXrRhDLgreodVK
MXodkaXtKAo8oobM/XSExbE2J3eGd4dsPDa/AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUHE4mMxyd+nGZ0MEvMh1QFabi8sUwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9IRTRtTXh5ZC1uR1owTUV2
TWgxUUZhYmk4c1Uucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAGEmRt+dA8rnzeGt47ngEJAZL5L6bFxgfHRw
02GaIJHJKdxWljgKjvwI16//ytvsy4/lsWGratohehFPqrh+D+SC6v1zNS4NRqPL
TIJRrilHIZooeCIE6QQfYGXmzpX3RiRgzZxwburW5iejZiRssxj6Mhf+RNxaDXXB
b77/+2vjq2dmWQ7+P11JbB+ZEAa8z4EboRinHuNMWaARsoCDgXVHUxM+WklmHCMd
9uZLMrvPhciOPAotSQeXV641jOUBYs4MPmd04jpFbyebhmzb91sian6sEjAt/QHR
ZdnLqNldB7X8Z6LyBOGtf49ZOB2pHwd8iYD7JBgAJl1c6rHZDz8=
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:17:52 2025 by rpki-client