Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/NwhDE0NlPNNchPnJjPFFVTqP5Ik.roa
File: NwhDE0NlPNNchPnJjPFFVTqP5Ik.roa (raw, json)
Hash identifier: n0oM4aJRO1Nm9coak0SULXKgm771v8+wXoETFc10Xsg=
Subject key identifier: 37:08:43:13:43:65:3C:D3:5C:84:F9:C9:8C:F1:45:55:3A:8F:E4:89
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1DDE
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/NwhDE0NlPNNchPnJjPFFVTqP5Ik.roa
Signing time: Sun 15 Jun 2025 21:39:59 +0000
ROA not before: Sun 15 Jun 2025 21:39:59 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7646 (0x1dde)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 15 21:39:59 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=3708431343653CD35C84F9C98CF145553A8FE489
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:7d:a5:44:df:0f:bb:86:cd:a1:e6:ad:a9:c1:
8d:51:a5:1b:51:8e:10:d0:16:7f:5a:38:dc:f1:09:
be:58:b4:f1:9d:5c:da:ab:ba:a2:dd:4b:b1:de:b5:
82:4a:c8:48:69:09:1b:1e:db:d6:6f:2c:0f:6a:01:
c2:94:2c:88:ad:e6:5f:9b:69:06:0b:0a:4e:75:a2:
21:09:a5:7c:f0:ea:18:eb:74:90:d9:89:af:b1:af:
49:48:d8:76:0c:1c:dd:36:2d:95:55:ec:51:d8:8a:
d5:22:16:fa:f4:da:3b:28:d5:74:e0:da:dc:cd:68:
31:68:9e:c5:31:f5:26:92:57:28:ad:ea:2d:28:5e:
32:65:57:e3:6c:9b:d3:37:a9:93:69:01:44:01:46:
1c:56:85:80:5d:8e:3b:bf:17:48:61:6f:f2:c8:ca:
de:b8:dd:9f:d8:fd:f7:5c:7e:77:e4:05:f6:8e:0e:
0a:84:64:70:48:77:3b:db:e3:71:06:17:2e:19:c1:
b9:b0:bd:91:e9:4b:75:c1:22:5c:89:c2:33:f6:08:
b7:6e:c4:13:f0:ad:74:53:e5:89:18:db:1e:25:ff:
28:68:8d:d7:8f:4a:5a:45:80:85:06:6c:67:35:fb:
7f:9d:7a:4e:12:eb:af:22:7d:64:b6:18:b5:10:c2:
17:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:08:43:13:43:65:3C:D3:5C:84:F9:C9:8C:F1:45:55:3A:8F:E4:89
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/NwhDE0NlPNNchPnJjPFFVTqP5Ik.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
10:6f:9b:e8:1d:d1:92:9c:df:b7:fa:6d:21:85:5f:24:d1:9b:
45:ff:7b:60:30:ad:45:6f:51:ad:c2:5b:23:cf:44:af:3d:fc:
ba:63:7f:5b:60:a7:2f:41:bd:ac:b5:37:78:bd:28:7f:9a:3c:
0a:22:29:3a:0c:55:a6:77:29:57:18:05:09:be:a7:5c:5a:1c:
b4:f9:b5:6c:99:16:ca:37:d1:b6:fe:42:f1:89:3e:37:98:04:
45:ff:e3:9c:69:eb:1f:0a:a2:95:c8:99:b5:24:7f:1f:27:a1:
41:83:04:b6:92:65:ad:5c:13:77:9a:f0:e6:8d:98:5e:2f:e9:
a5:50:47:6a:1a:02:6f:1a:70:4b:48:dd:70:ef:30:5e:28:c6:
13:8b:9c:4c:d1:ce:d7:b4:32:80:dd:c1:ab:47:ec:b0:51:12:
7f:f5:8f:d6:b3:01:ce:6e:e8:3d:8e:cc:8a:59:cb:cb:a8:ae:
1b:5a:fc:b2:3a:dd:5f:f7:65:25:cc:ba:c2:5f:fd:2e:37:5c:
8b:19:c1:11:40:6f:0d:1d:c2:ed:77:fc:40:ce:2b:7c:81:a0:
dd:60:87:46:7d:c8:e4:7c:d2:b1:ba:86:31:2c:dc:99:67:2e:
ec:9a:7e:99:44:2d:18:32:d8:07:4f:e5:a4:d5:78:fc:13:df:
20:ed:3f:ed
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHd4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTUy
MTM5NTlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDM3MDg0MzEzNDM2NTND
RDM1Qzg0RjlDOThDRjE0NTU1M0E4RkU0ODkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDafaVE3w+7hs2h5q2pwY1RpRtRjhDQFn9aONzxCb5YtPGdXNqr
uqLdS7HetYJKyEhpCRse29ZvLA9qAcKULIit5l+baQYLCk51oiEJpXzw6hjrdJDZ
ia+xr0lI2HYMHN02LZVV7FHYitUiFvr02jso1XTg2tzNaDFonsUx9SaSVyit6i0o
XjJlV+Nsm9M3qZNpAUQBRhxWhYBdjju/F0hhb/LIyt643Z/Y/fdcfnfkBfaODgqE
ZHBIdzvb43EGFy4ZwbmwvZHpS3XBIlyJwjP2CLduxBPwrXRT5YkY2x4l/yhojdeP
SlpFgIUGbGc1+3+dek4S668ifWS2GLUQwhc7AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUNwhDE0NlPNNchPnJjPFFVTqP5IkwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9Od2hERTBObFBOTmNoUG5K
alBGRlZUcVA1SWsucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBABBvm+gd0ZKc37f6bSGFXyTRm0X/e2AwrUVv
Ua3CWyPPRK89/Lpjf1tgpy9Bvay1N3i9KH+aPAoiKToMVaZ3KVcYBQm+p1xaHLT5
tWyZFso30bb+QvGJPjeYBEX/45xp6x8KopXImbUkfx8noUGDBLaSZa1cE3ea8OaN
mF4v6aVQR2oaAm8acEtI3XDvMF4oxhOLnEzRzte0MoDdwatH7LBREn/1j9azAc5u
6D2OzIpZy8uorhta/LI63V/3ZSXMusJf/S43XIsZwRFAbw0dwu13/EDOK3yBoN1g
h0Z9yOR80rG6hjEs3JlnLuyafplELRgy2AdP5aTVePwT3yDtP+0=
-----END CERTIFICATE-----
Generated at Mon Jul 21 12:50:11 2025 by rpki-client