Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/KvVkFrOtfwV13uZ2fTrbpWR-UpM.roa
File: KvVkFrOtfwV13uZ2fTrbpWR-UpM.roa (raw, json)
Hash identifier: kzivyZ5hNpEdlYb0TpLtOt2gQFS/ntdrHzEgo+arbLo=
Subject key identifier: 2A:F5:64:16:B3:AD:7F:05:75:DE:E6:76:7D:3A:DB:A5:64:7E:52:93
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0C82
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KvVkFrOtfwV13uZ2fTrbpWR-UpM.roa
Signing time: Fri 23 May 2025 18:09:11 +0000
ROA not before: Fri 23 May 2025 18:09:11 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3202 (0xc82)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 23 18:09:11 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=2AF56416B3AD7F0575DEE6767D3ADBA5647E5293
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:73:70:ff:1f:4d:2f:11:f0:7c:bc:04:0d:ef:
bb:3f:fd:47:02:09:7e:09:5e:55:73:f0:15:8f:f4:
05:b5:cc:8f:b1:23:7d:4d:dd:e0:47:88:b0:cd:42:
11:73:1b:9d:9a:95:3d:08:4c:bb:bd:60:c7:84:7e:
c6:43:bd:90:c3:d1:0c:fe:72:ce:86:5d:1e:93:21:
3e:65:2d:a8:ea:6a:b9:0a:84:2d:d0:4b:db:fb:49:
25:92:f3:2a:4a:a5:21:38:ea:d4:be:f1:94:94:f0:
4c:1e:bc:7f:b7:ea:02:af:cf:7f:d2:55:db:23:e1:
8b:b6:e7:67:dd:59:b2:6f:f0:60:73:c0:1b:7d:ad:
11:2f:02:b6:6c:ef:ad:db:6d:d9:46:ae:63:c5:ab:
39:17:09:03:8a:96:8c:36:94:e7:27:9f:61:3d:a3:
64:82:52:e0:cf:ce:22:f6:95:71:29:87:44:47:5f:
ed:e2:5f:ee:61:dc:9e:40:37:5e:81:94:b0:ef:e0:
ee:35:d1:b1:ef:cf:62:c6:34:51:0a:38:dd:06:31:
65:1c:c1:29:1e:f3:b5:aa:22:78:13:fb:b5:73:c6:
d9:4a:e9:b9:64:b4:de:d5:a8:36:95:2a:c0:ac:09:
e9:cf:4a:3b:0b:72:b5:48:b3:71:62:f3:c9:99:e1:
1c:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:F5:64:16:B3:AD:7F:05:75:DE:E6:76:7D:3A:DB:A5:64:7E:52:93
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KvVkFrOtfwV13uZ2fTrbpWR-UpM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
33:0c:3c:23:27:92:54:14:af:3f:4c:c5:f7:c0:a7:b6:de:d4:
46:a6:b9:78:9e:e7:23:f8:1e:6f:9c:11:9c:c4:58:89:52:ec:
70:02:f5:ce:ae:92:8c:87:73:a6:34:21:69:fb:cf:91:ba:a8:
1a:62:dd:34:66:66:98:6b:11:b7:c4:24:c3:66:e7:1d:fb:1f:
06:d7:20:94:b3:6c:45:69:8d:bb:53:f0:80:e9:cd:39:20:09:
e8:ed:5e:80:72:29:08:84:98:7d:6a:13:68:70:01:f8:be:11:
64:6c:ab:71:8b:5f:ce:f7:e6:90:30:e1:12:8e:2f:91:26:39:
ba:9a:eb:e5:7c:5d:60:67:1a:4a:2a:a2:5c:17:67:f2:36:f6:
ef:63:17:18:91:50:93:87:7f:71:b8:39:b0:0f:85:18:4b:75:
61:5a:8f:4d:e9:75:c0:2a:51:6c:c3:f7:22:6f:ef:be:b1:9b:
4a:cf:7c:b5:a1:98:5a:e5:a1:20:b0:a6:80:18:c8:3e:5a:90:
a1:f9:78:e2:c8:0d:a1:8c:da:65:19:7b:75:0f:18:ec:f9:f6:
e4:11:52:90:5d:57:f3:ac:de:d9:a3:fa:7b:89:65:d4:50:26:
33:75:4c:00:04:50:35:9b:ee:5e:a7:77:c6:56:41:3a:f0:4b:
65:dc:2a:1c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDIIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjMx
ODA5MTFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDJBRjU2NDE2QjNBRDdG
MDU3NURFRTY3NjdEM0FEQkE1NjQ3RTUyOTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDbc3D/H00vEfB8vAQN77s//UcCCX4JXlVz8BWP9AW1zI+xI31N
3eBHiLDNQhFzG52alT0ITLu9YMeEfsZDvZDD0Qz+cs6GXR6TIT5lLajqarkKhC3Q
S9v7SSWS8ypKpSE46tS+8ZSU8EwevH+36gKvz3/SVdsj4Yu252fdWbJv8GBzwBt9
rREvArZs763bbdlGrmPFqzkXCQOKlow2lOcnn2E9o2SCUuDPziL2lXEph0RHX+3i
X+5h3J5AN16BlLDv4O410bHvz2LGNFEKON0GMWUcwSke87WqIngT+7VzxtlK6blk
tN7VqDaVKsCsCenPSjsLcrVIs3Fi88mZ4RzjAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUKvVkFrOtfwV13uZ2fTrbpWR+UpMwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9LdlZrRnJPdGZ3VjEzdVoy
ZlRyYnBXUi1VcE0ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBADMMPCMnklQUrz9MxffAp7be1EamuXie5yP4
Hm+cEZzEWIlS7HAC9c6ukoyHc6Y0IWn7z5G6qBpi3TRmZphrEbfEJMNm5x37HwbX
IJSzbEVpjbtT8IDpzTkgCejtXoByKQiEmH1qE2hwAfi+EWRsq3GLX8735pAw4RKO
L5EmObqa6+V8XWBnGkoqolwXZ/I29u9jFxiRUJOHf3G4ObAPhRhLdWFaj03pdcAq
UWzD9yJv776xm0rPfLWhmFrloSCwpoAYyD5akKH5eOLIDaGM2mUZe3UPGOz59uQR
UpBdV/Os3tmj+nuJZdRQJjN1TAAEUDWb7l6nd8ZWQTrwS2XcKhw=
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:59:54 2025 by rpki-client