Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/NNSWxXhMNksoprPTriWuQ9mMGls.roa
File: NNSWxXhMNksoprPTriWuQ9mMGls.roa (raw, json)
Hash identifier: P0aT2vmMdEQ+oFnlE/6nAZrQ6ia+1A5+nSa+V9nNt2o=
Subject key identifier: 34:D4:96:C5:78:4C:36:4B:28:A6:B3:D3:AE:25:AE:43:D9:8C:1A:5B
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 130E
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/NNSWxXhMNksoprPTriWuQ9mMGls.roa
Signing time: Sun 01 Jun 2025 11:39:19 +0000
ROA not before: Sun 01 Jun 2025 11:39:19 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4878 (0x130e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 1 11:39:19 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=34D496C5784C364B28A6B3D3AE25AE43D98C1A5B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:44:9e:ed:6d:54:17:50:ac:40:b9:2c:f9:1b:
92:05:b7:c8:88:95:5e:3c:65:53:2b:20:d2:88:a3:
3f:57:74:8b:ff:fe:7e:16:ab:66:f5:25:94:b1:89:
0f:e0:3c:78:3b:f3:5a:23:35:cb:42:a8:3d:69:01:
b5:64:3f:ec:9c:ce:73:cd:4e:d3:a1:08:6d:73:f9:
94:8b:c3:b9:6b:21:fe:56:d7:29:ab:89:3b:f6:ec:
7b:9a:0c:a6:01:57:ff:8e:07:71:5b:c8:08:f7:ee:
f3:b7:d4:7a:9a:80:2b:e9:6b:d0:8d:81:cb:94:04:
bf:24:57:27:60:56:b9:c3:d5:c4:cd:02:65:50:c5:
3c:57:83:53:d8:9a:2d:04:fc:b1:24:22:7a:28:5d:
7e:6a:40:5a:b9:2a:79:c3:64:6e:b2:b8:85:1f:79:
50:bc:5b:b0:5f:d7:ef:87:1f:74:13:e3:fc:62:f5:
08:cc:e0:29:78:17:41:8f:89:6d:e5:76:42:92:11:
80:f4:19:5a:ff:45:a2:1e:72:f8:d2:53:90:65:fa:
91:e0:df:25:91:56:a6:1b:e1:be:80:35:bc:70:b4:
fc:43:18:c5:f0:63:03:dc:4f:a4:32:4a:ed:d8:13:
ce:5d:ed:f4:96:ac:0d:02:2f:64:6b:37:ba:8a:74:
24:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:D4:96:C5:78:4C:36:4B:28:A6:B3:D3:AE:25:AE:43:D9:8C:1A:5B
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/NNSWxXhMNksoprPTriWuQ9mMGls.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3d:d9:8e:f3:c9:82:6c:06:29:bf:e9:8e:f3:15:f8:67:49:f8:
48:a2:00:00:8d:a9:95:cf:7c:11:08:b8:97:41:26:07:b8:fd:
ba:73:3e:f8:6a:53:9b:ba:86:47:c2:78:63:72:f0:e4:6a:b0:
6f:bc:ca:fb:ba:57:f3:b1:16:64:78:f3:0d:a5:9d:52:92:c7:
87:4f:0f:12:8c:46:a2:08:be:15:e6:3a:6a:0f:77:80:1c:0f:
a2:ed:4b:bd:6e:9e:86:c8:bb:30:30:e6:ff:2a:f8:0d:48:e3:
14:6c:cd:2d:41:a3:53:df:4c:3d:dd:f3:5a:18:ee:13:86:d4:
0b:66:19:ad:e9:62:47:58:34:39:a9:14:8c:ae:c1:14:8e:cd:
d3:c6:b3:0d:f3:1f:5c:81:f7:ed:5d:30:e7:47:1a:61:45:89:
2f:aa:d8:8d:74:45:01:15:19:df:df:f9:d8:77:cd:b9:43:fd:
26:62:a5:cf:30:3f:86:4f:b8:90:a8:84:49:84:40:41:ad:22:
7e:ba:52:d5:d8:82:01:7f:21:4e:63:dc:a7:c4:18:2c:b6:d3:
4e:07:e3:b1:89:f1:cd:8c:7f:4f:96:24:ed:34:d5:37:70:2a:
6b:c4:7d:e6:59:59:d5:f7:17:e1:7b:f0:81:83:fb:d0:9c:07:
7b:a7:9f:11
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICEw4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDEx
MTM5MTlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDM0RDQ5NkM1Nzg0QzM2
NEIyOEE2QjNEM0FFMjVBRTQzRDk4QzFBNUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/RJ7tbVQXUKxAuSz5G5IFt8iIlV48ZVMrINKIoz9XdIv//n4W
q2b1JZSxiQ/gPHg781ojNctCqD1pAbVkP+ycznPNTtOhCG1z+ZSLw7lrIf5W1ymr
iTv27HuaDKYBV/+OB3FbyAj37vO31HqagCvpa9CNgcuUBL8kVydgVrnD1cTNAmVQ
xTxXg1PYmi0E/LEkInooXX5qQFq5KnnDZG6yuIUfeVC8W7Bf1++HH3QT4/xi9QjM
4Cl4F0GPiW3ldkKSEYD0GVr/RaIecvjSU5Bl+pHg3yWRVqYb4b6ANbxwtPxDGMXw
YwPcT6QySu3YE85d7fSWrA0CL2RrN7qKdCRzAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUNNSWxXhMNksoprPTriWuQ9mMGlswHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9OTlNXeFhoTU5rc29wclBU
cmlXdVE5bU1HbHMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAD3ZjvPJgmwGKb/pjvMV+GdJ+EiiAACNqZXP
fBEIuJdBJge4/bpzPvhqU5u6hkfCeGNy8ORqsG+8yvu6V/OxFmR48w2lnVKSx4dP
DxKMRqIIvhXmOmoPd4AcD6LtS71unobIuzAw5v8q+A1I4xRszS1Bo1PfTD3d81oY
7hOG1AtmGa3pYkdYNDmpFIyuwRSOzdPGsw3zH1yB9+1dMOdHGmFFiS+q2I10RQEV
Gd/f+dh3zblD/SZipc8wP4ZPuJCohEmEQEGtIn66UtXYggF/IU5j3KfEGCy2004H
47GJ8c2Mf0+WJO001TdwKmvEfeZZWdX3F+F78IGD+9CcB3unnxE=
-----END CERTIFICATE-----
Generated at Thu Jun 5 20:34:57 2025 by rpki-client