Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/KaHLiB_kk3XQ0q9yPy-bCeEjHDg.roa
File: KaHLiB_kk3XQ0q9yPy-bCeEjHDg.roa (raw, json)
Hash identifier: wcu6Ll+Fb/5evQmIVSYwUriZqfBqBxlycG63/E50EPI=
Subject key identifier: 29:A1:CB:88:1F:E4:93:75:D0:D2:AF:72:3F:2F:9B:09:E1:23:1C:38
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 232A
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KaHLiB_kk3XQ0q9yPy-bCeEjHDg.roa
Signing time: Mon 23 Jun 2025 10:41:53 +0000
ROA not before: Mon 23 Jun 2025 10:41:53 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9002 (0x232a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 23 10:41:53 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=29A1CB881FE49375D0D2AF723F2F9B09E1231C38
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:64:01:15:fa:e8:b3:c4:ff:75:2a:b7:41:c9:
1b:27:95:8d:1b:51:c8:dd:1b:75:92:c2:1d:1b:94:
ed:2b:a5:e2:0c:10:b7:38:48:23:d9:9a:a4:d4:73:
86:c2:7b:ea:fd:f3:5a:32:56:05:f6:7e:31:3d:ca:
ac:1d:d3:46:30:ee:17:ed:b1:e4:1f:bb:f7:dd:54:
cc:1c:9f:d5:f7:ef:46:2c:8b:5e:b2:1d:6e:c3:28:
3b:ab:cc:1f:1d:8a:bb:fd:78:88:00:8f:ff:ab:8b:
77:6f:b6:ae:ec:aa:aa:0d:73:a1:ff:7f:19:1c:2c:
17:2a:62:6f:5b:e7:2a:7e:30:81:04:82:9d:26:27:
71:50:1f:cf:5c:92:58:83:51:70:8c:71:f0:50:38:
15:ed:4d:2a:8a:65:5b:46:8b:df:42:a6:22:e9:39:
dd:60:b8:16:87:6e:e0:44:7d:d2:73:e4:0a:4d:19:
45:0b:9b:2a:59:a9:7f:c2:8a:58:18:56:cd:56:a1:
c6:97:90:72:e4:4d:c6:41:c0:29:df:fd:29:09:a1:
0d:c2:d7:7c:2c:76:54:e5:86:fd:27:73:08:8b:4f:
37:6c:cf:8f:a6:63:9e:7f:59:68:16:28:38:79:47:
eb:d7:a4:a7:93:51:47:2e:b0:5e:9c:04:d7:46:76:
fe:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:A1:CB:88:1F:E4:93:75:D0:D2:AF:72:3F:2F:9B:09:E1:23:1C:38
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KaHLiB_kk3XQ0q9yPy-bCeEjHDg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3c:6b:6b:28:97:e6:00:08:0a:b7:52:b4:6c:e4:c6:4b:1c:53:
5c:ea:55:46:76:da:4e:f2:2b:55:55:52:86:2f:c7:74:5f:2d:
62:87:6e:fe:34:b2:52:15:1a:cf:4c:09:30:3d:59:ca:cc:05:
5f:55:69:c5:05:76:1d:b9:0c:88:ac:64:24:97:dd:1e:b1:1c:
e7:ec:3a:d6:7a:56:b5:ad:4f:e9:20:77:d5:4f:00:fa:b9:d2:
f6:3e:33:1e:7c:76:76:73:d9:b8:72:65:2d:d3:1e:12:76:a4:
ef:3b:72:3b:5b:79:aa:45:b2:e1:8e:4e:e9:9f:ad:9b:4a:47:
f0:2a:03:81:dc:2c:a2:4f:9a:07:55:ef:21:c7:c4:08:12:38:
7d:84:1b:d6:f1:8d:c1:9d:27:9c:c9:1f:65:c2:c3:30:07:d2:
c7:a3:cd:35:e6:e0:b0:fb:ca:38:14:23:16:3e:ae:7b:cf:65:
20:a6:b7:19:b9:c4:f3:ff:c3:b7:42:5a:c5:71:0d:14:56:f7:
cc:91:db:f4:9e:c0:58:7e:4a:97:62:7e:ac:3f:09:69:5d:b1:
55:66:62:8e:a9:b9:d6:58:fe:0b:09:8e:0c:af:7a:e5:06:bb:
02:12:eb:f2:74:34:33:c8:9e:19:cb:df:07:b3:f4:ef:64:fe:
17:01:0d:4a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIyowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjMx
MDQxNTNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDI5QTFDQjg4MUZFNDkz
NzVEMEQyQUY3MjNGMkY5QjA5RTEyMzFDMzgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDAZAEV+uizxP91KrdByRsnlY0bUcjdG3WSwh0blO0rpeIMELc4
SCPZmqTUc4bCe+r981oyVgX2fjE9yqwd00Yw7hftseQfu/fdVMwcn9X370Ysi16y
HW7DKDurzB8dirv9eIgAj/+ri3dvtq7sqqoNc6H/fxkcLBcqYm9b5yp+MIEEgp0m
J3FQH89ckliDUXCMcfBQOBXtTSqKZVtGi99CpiLpOd1guBaHbuBEfdJz5ApNGUUL
mypZqX/CilgYVs1WocaXkHLkTcZBwCnf/SkJoQ3C13wsdlTlhv0ncwiLTzdsz4+m
Y55/WWgWKDh5R+vXpKeTUUcusF6cBNdGdv4NAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUKaHLiB/kk3XQ0q9yPy+bCeEjHDgwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9LYUhMaUJfa2szWFEwcTl5
UHktYkNlRWpIRGcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBADxrayiX5gAICrdStGzkxkscU1zqVUZ22k7y
K1VVUoYvx3RfLWKHbv40slIVGs9MCTA9WcrMBV9VacUFdh25DIisZCSX3R6xHOfs
OtZ6VrWtT+kgd9VPAPq50vY+Mx58dnZz2bhyZS3THhJ2pO87cjtbeapFsuGOTumf
rZtKR/AqA4HcLKJPmgdV7yHHxAgSOH2EG9bxjcGdJ5zJH2XCwzAH0sejzTXm4LD7
yjgUIxY+rnvPZSCmtxm5xPP/w7dCWsVxDRRW98yR2/SewFh+Spdifqw/CWldsVVm
Yo6pudZY/gsJjgyveuUGuwIS6/J0NDPInhnL3wez9O9k/hcBDUo=
-----END CERTIFICATE-----
Generated at Sun Jul 20 19:07:14 2025 by rpki-client