Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/IKHn2QehfuMUxAxSQUznpZgaK58.roa
File: IKHn2QehfuMUxAxSQUznpZgaK58.roa (raw, json)
Hash identifier: hjBI6Lw5zDYgOzO/pOCu47l4NuLELoPnpKfuYdq3Aec=
Subject key identifier: 20:A1:E7:D9:07:A1:7E:E3:14:C4:0C:52:41:4C:E7:A5:98:1A:2B:9F
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1DD6
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/IKHn2QehfuMUxAxSQUznpZgaK58.roa
Signing time: Sun 15 Jun 2025 20:39:59 +0000
ROA not before: Sun 15 Jun 2025 20:39:59 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7638 (0x1dd6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 15 20:39:59 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=20A1E7D907A17EE314C40C52414CE7A5981A2B9F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:3f:2c:ff:a7:56:95:4c:81:10:9e:99:1e:3a:
ca:a8:f1:1c:d3:5d:56:2c:5f:c3:b8:da:94:42:20:
0a:10:9a:c8:4c:3b:d1:9c:9d:17:9f:fc:da:21:33:
16:3f:9e:54:b5:fd:1a:09:42:90:36:45:cc:df:02:
29:89:07:a3:10:70:b7:95:d2:98:5a:d9:36:fe:2b:
20:66:e7:b3:63:ac:03:83:4a:65:8b:d1:63:c4:bd:
62:9e:a2:a2:df:cc:0b:52:ad:a5:b7:bb:48:48:67:
b1:ab:f8:e4:0c:6c:13:bd:aa:01:2a:c1:fd:74:ca:
32:44:0f:4e:9d:db:56:71:9d:48:ca:9e:2b:3c:14:
bf:99:77:86:43:08:bf:01:ec:73:d5:92:2a:bc:94:
0f:5e:76:45:f0:92:6c:9b:64:34:04:25:e1:f3:9d:
e6:27:dc:2f:7b:2e:6c:80:20:63:1f:11:9f:22:42:
36:49:15:20:32:e1:c6:65:95:6c:28:1d:98:ab:16:
e4:8a:79:16:a4:27:ec:ed:30:3d:bb:55:8f:4d:a5:
85:5c:09:c7:8c:d4:63:c5:cf:2d:ee:37:d0:8a:47:
4a:03:cf:6f:d3:fe:e2:ee:34:c8:a3:0c:be:b4:98:
86:26:1d:a2:b2:4d:f1:de:28:21:31:20:28:2a:06:
15:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:A1:E7:D9:07:A1:7E:E3:14:C4:0C:52:41:4C:E7:A5:98:1A:2B:9F
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/IKHn2QehfuMUxAxSQUznpZgaK58.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
47:02:a0:52:9a:b2:f6:0f:e1:7f:cd:2c:79:dd:a7:70:35:9f:
9c:40:74:7a:09:f3:0e:91:1e:cc:60:8a:b7:23:63:08:45:ff:
46:4b:d8:9c:5a:b6:1f:25:b4:cb:6d:ef:08:e1:ad:f1:ab:04:
5c:7f:71:af:2e:a5:df:24:3c:98:b7:fe:c1:57:c4:d1:8e:ba:
b2:80:df:4d:9f:11:4c:4a:e8:af:3f:ca:65:8c:9f:71:ae:f1:
df:1a:1d:a5:c0:86:f4:5d:18:d8:f6:9c:25:97:44:04:59:4f:
98:d3:b7:58:63:25:6b:2e:ce:2d:f4:5b:44:91:d6:7f:80:e6:
fb:99:b8:f7:73:93:43:00:1f:6b:2c:ce:71:2e:b2:08:6f:48:
2a:ff:18:96:f7:8c:06:0f:49:96:59:f0:7a:76:82:a9:5f:83:
db:65:db:cc:07:a3:d8:fb:83:8f:00:a6:05:50:97:64:c4:13:
11:12:02:fa:d8:28:66:07:b3:6f:f5:6d:79:b4:05:b4:ba:84:
d9:b3:d9:b3:5d:1f:e6:75:61:a2:ea:d8:2c:51:49:61:ee:dc:
f5:71:2c:95:bc:c6:08:62:ff:95:d4:72:1d:b8:25:e2:72:5e:
ab:c1:07:0b:b2:ac:6d:c5:55:97:6a:af:d4:71:eb:d1:ba:29:
bc:23:01:7c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHdYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTUy
MDM5NTlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDIwQTFFN0Q5MDdBMTdF
RTMxNEM0MEM1MjQxNENFN0E1OTgxQTJCOUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJPyz/p1aVTIEQnpkeOsqo8RzTXVYsX8O42pRCIAoQmshMO9Gc
nRef/NohMxY/nlS1/RoJQpA2RczfAimJB6MQcLeV0pha2Tb+KyBm57NjrAODSmWL
0WPEvWKeoqLfzAtSraW3u0hIZ7Gr+OQMbBO9qgEqwf10yjJED06d21ZxnUjKnis8
FL+Zd4ZDCL8B7HPVkiq8lA9edkXwkmybZDQEJeHzneYn3C97LmyAIGMfEZ8iQjZJ
FSAy4cZllWwoHZirFuSKeRakJ+ztMD27VY9NpYVcCceM1GPFzy3uN9CKR0oDz2/T
/uLuNMijDL60mIYmHaKyTfHeKCExICgqBhWrAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUIKHn2QehfuMUxAxSQUznpZgaK58wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9JS0huMlFlaGZ1TVV4QXhT
UVV6bnBaZ2FLNTgucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAEcCoFKasvYP4X/NLHndp3A1n5xAdHoJ8w6R
HsxgircjYwhF/0ZL2Jxath8ltMtt7wjhrfGrBFx/ca8upd8kPJi3/sFXxNGOurKA
302fEUxK6K8/ymWMn3Gu8d8aHaXAhvRdGNj2nCWXRARZT5jTt1hjJWsuzi30W0SR
1n+A5vuZuPdzk0MAH2ssznEusghvSCr/GJb3jAYPSZZZ8Hp2gqlfg9tl28wHo9j7
g48ApgVQl2TEExESAvrYKGYHs2/1bXm0BbS6hNmz2bNdH+Z1YaLq2CxRSWHu3PVx
LJW8xghi/5XUch24JeJyXqvBBwuyrG3FVZdqr9Rx69G6KbwjAXw=
-----END CERTIFICATE-----
Generated at Mon Jul 21 08:25:00 2025 by rpki-client