Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/QLPfdXCYlvFnixTYazEbZteQA3o.roa
File: QLPfdXCYlvFnixTYazEbZteQA3o.roa (raw, json)
Hash identifier: gysIwmcWtHmhjxYZcjNMjO+CX3AOFaYFJJwj/BVjIU0=
Subject key identifier: 40:B3:DF:75:70:98:96:F1:67:8B:14:D8:6B:31:1B:66:D7:90:03:7A
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1D56
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/QLPfdXCYlvFnixTYazEbZteQA3o.roa
Signing time: Sun 15 Jun 2025 04:40:08 +0000
ROA not before: Sun 15 Jun 2025 04:40:08 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7510 (0x1d56)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 15 04:40:08 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=40B3DF75709896F1678B14D86B311B66D790037A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:75:a9:88:11:1d:a4:bd:f8:de:ce:14:d2:1a:
6d:ea:26:5b:ef:4d:b2:65:44:09:7f:e3:50:79:da:
03:d6:cc:fb:78:5a:e8:70:17:f4:fa:23:f8:c8:b8:
96:ed:62:71:91:37:3f:3f:88:32:89:a9:98:49:23:
70:49:ea:e4:e6:bf:35:31:91:b3:a8:bb:01:0b:54:
98:81:0e:f7:7e:f8:94:e9:5c:b7:a4:2e:fd:6d:ce:
bf:6d:91:ed:22:e6:75:8d:60:dc:38:5a:1e:eb:00:
e6:78:b4:b8:4d:26:0a:06:14:68:12:87:94:d9:fb:
a2:be:f0:e6:2c:3a:08:86:e1:88:c6:12:45:1c:7c:
b7:12:0c:fe:e1:30:11:c3:69:10:88:dd:b2:7a:3f:
9e:f4:43:e4:06:c3:41:a8:e1:61:1b:03:b5:45:a3:
12:22:7f:60:f4:83:49:09:ea:82:9b:5d:11:89:ac:
ec:3e:ae:74:c6:57:12:b3:4a:32:7a:c8:9e:8b:f1:
0d:69:51:35:03:7d:ac:28:fb:e5:a7:0e:68:b4:26:
4e:2b:dd:4f:a4:f2:97:c7:01:10:26:0d:48:66:25:
35:97:75:72:04:c8:c8:79:6a:be:d4:76:99:39:8d:
7d:16:af:28:8f:65:08:04:9b:6f:a3:85:6e:b7:e7:
9c:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:B3:DF:75:70:98:96:F1:67:8B:14:D8:6B:31:1B:66:D7:90:03:7A
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/QLPfdXCYlvFnixTYazEbZteQA3o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
54:07:ca:6d:78:2d:fa:e1:54:ec:18:a1:df:1c:62:91:37:b4:
bc:a9:16:4a:a4:b7:0f:cf:75:2c:8b:60:41:c8:54:b3:e3:2f:
a7:19:46:65:e4:fc:5a:d9:a0:fe:2d:31:53:7a:c6:34:c9:28:
0b:fc:f6:e9:e3:0c:b7:8e:16:1d:77:7b:48:c2:8d:77:03:ed:
cc:86:1e:ca:ee:72:7d:a7:bb:0b:96:6b:f5:4a:d1:16:6a:c5:
ac:31:fb:73:d5:de:db:bc:44:83:d9:d6:d1:a7:d4:91:27:82:
a1:59:66:f1:e3:dd:7e:f9:2e:cf:6f:52:67:a4:6d:06:9a:76:
2a:d0:69:cc:9f:2a:81:81:9d:b1:90:33:a5:33:73:52:32:80:
61:9b:2a:97:4b:3d:45:04:23:af:06:76:3d:f4:96:02:ad:bd:
81:11:0c:46:19:60:a0:8b:a2:27:44:c7:b7:f5:84:49:1b:da:
5d:ff:09:b0:e5:88:25:9f:90:c1:15:20:a4:e0:6b:09:51:64:
f4:8c:60:da:dd:60:08:90:cd:f2:14:02:61:9c:be:9f:0d:3c:
b7:6f:a9:ae:72:cf:95:48:db:7b:e6:f1:a4:a5:ce:14:bf:2b:
5b:55:bd:ea:72:d6:cf:10:1a:52:0b:33:c8:bd:31:cf:a8:20:
b0:db:d8:0c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHVYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTUw
NDQwMDhaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDQwQjNERjc1NzA5ODk2
RjE2NzhCMTREODZCMzExQjY2RDc5MDAzN0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCVdamIER2kvfjezhTSGm3qJlvvTbJlRAl/41B52gPWzPt4Wuhw
F/T6I/jIuJbtYnGRNz8/iDKJqZhJI3BJ6uTmvzUxkbOouwELVJiBDvd++JTpXLek
Lv1tzr9tke0i5nWNYNw4Wh7rAOZ4tLhNJgoGFGgSh5TZ+6K+8OYsOgiG4YjGEkUc
fLcSDP7hMBHDaRCI3bJ6P570Q+QGw0Go4WEbA7VFoxIif2D0g0kJ6oKbXRGJrOw+
rnTGVxKzSjJ6yJ6L8Q1pUTUDfawo++WnDmi0Jk4r3U+k8pfHARAmDUhmJTWXdXIE
yMh5ar7Udpk5jX0WryiPZQgEm2+jhW6355yvAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUQLPfdXCYlvFnixTYazEbZteQA3owHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9RTFBmZFhDWWx2Rm5peFRZ
YXpFYlp0ZVFBM28ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAFQHym14LfrhVOwYod8cYpE3tLypFkqktw/P
dSyLYEHIVLPjL6cZRmXk/FrZoP4tMVN6xjTJKAv89unjDLeOFh13e0jCjXcD7cyG
Hsrucn2nuwuWa/VK0RZqxawx+3PV3tu8RIPZ1tGn1JEngqFZZvHj3X75Ls9vUmek
bQaadirQacyfKoGBnbGQM6Uzc1IygGGbKpdLPUUEI68Gdj30lgKtvYERDEYZYKCL
oidEx7f1hEkb2l3/CbDliCWfkMEVIKTgawlRZPSMYNrdYAiQzfIUAmGcvp8NPLdv
qa5yz5VI23vm8aSlzhS/K1tVvepy1s8QGlILM8i9Mc+oILDb2Aw=
-----END CERTIFICATE-----
Generated at Mon Jul 21 12:47:55 2025 by rpki-client