Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/RcnW_onqiyreNvvvDK4oLXbpP-o.roa
File: RcnW_onqiyreNvvvDK4oLXbpP-o.roa (raw, json)
Hash identifier: aQyFXrkkOQtlvJbEp+61mVoSnyxT95RthiXfjpS8gSY=
Subject key identifier: 45:C9:D6:FE:89:EA:8B:2A:DE:36:FB:EF:0C:AE:28:2D:76:E9:3F:EA
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2456
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/RcnW_onqiyreNvvvDK4oLXbpP-o.roa
Signing time: Wed 25 Jun 2025 00:12:00 +0000
ROA not before: Wed 25 Jun 2025 00:12:00 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9302 (0x2456)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 25 00:12:00 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=45C9D6FE89EA8B2ADE36FBEF0CAE282D76E93FEA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:b1:11:4b:ca:65:4c:35:81:11:e0:24:e9:6c:
40:ed:6e:74:7c:8b:39:3e:59:93:07:c6:f7:69:c5:
a0:5f:eb:52:99:ce:8e:b8:92:00:e8:a9:f4:41:37:
a0:9d:df:f8:07:1b:e8:0e:77:ea:ed:7c:cc:f7:51:
9d:c2:72:0f:00:ae:1c:99:0d:eb:71:02:f4:fe:92:
d7:34:7e:be:f7:13:83:67:f3:ca:e3:33:fc:35:0b:
67:93:d4:c0:ef:23:8d:5b:cb:42:4c:32:41:1b:e6:
77:be:05:77:b2:f5:03:30:9d:40:d3:dc:f4:24:94:
dd:be:4a:e7:d5:82:16:ba:5e:10:49:8a:6e:be:b5:
71:9c:a1:53:99:9d:17:80:01:02:09:71:19:02:ec:
98:9d:03:fa:d3:a8:41:71:3c:7c:43:ed:aa:32:39:
0d:2a:43:6d:75:43:d0:9e:ca:91:1f:b1:08:f8:4a:
2f:b5:4d:8e:76:e9:8c:b8:be:7b:19:ea:06:00:87:
43:a1:b6:ba:27:55:47:0c:8c:25:09:87:75:fb:76:
ce:00:2f:3e:c5:0a:0a:1a:b8:04:24:26:1e:76:c5:
af:c7:87:64:f3:a1:b7:0b:9f:78:bd:59:aa:ed:88:
69:20:24:a7:a4:80:f1:d7:eb:f8:70:33:12:6c:4e:
de:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:C9:D6:FE:89:EA:8B:2A:DE:36:FB:EF:0C:AE:28:2D:76:E9:3F:EA
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/RcnW_onqiyreNvvvDK4oLXbpP-o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
62:27:31:f6:2c:59:60:ce:46:ae:84:55:19:63:33:e1:a3:a3:
91:f5:e4:94:78:10:91:82:c2:7f:8a:d2:ad:53:e3:07:0e:f0:
ba:da:a7:3d:1a:60:7f:e1:f0:26:fb:d7:41:4b:33:2a:b0:4c:
4d:52:7d:17:e3:82:81:1c:e5:e0:d2:47:ca:92:cb:0e:ca:fb:
50:c0:a1:17:01:60:d3:07:5c:f1:0d:56:72:de:dc:28:84:79:
ae:5d:ab:fc:3b:bb:0c:ee:da:87:a2:12:9e:63:45:c9:f3:ac:
2a:06:71:2b:7b:b3:4f:fe:82:53:09:37:8a:55:35:5f:1c:60:
1e:ea:8e:2a:22:73:05:60:96:30:ab:9a:05:a9:13:df:25:61:
1a:d7:db:6f:e9:de:0e:b6:f0:84:5f:7f:57:82:d3:97:ea:a0:
26:df:aa:39:a2:10:0e:c0:c2:15:7c:e7:a9:0f:1e:9b:ee:32:
61:86:50:73:7c:bd:e5:e3:18:11:16:03:6f:d7:9f:de:ac:04:
6c:48:48:0d:5e:35:d4:1a:7e:93:79:7d:46:ff:16:f6:77:36:
94:3d:d9:dd:82:ad:dd:61:06:9b:d1:e4:6e:7f:75:0f:f7:a5:
d7:52:e1:4c:7d:4c:fe:b9:5b:99:ef:67:ea:f1:76:82:2b:e6:
ee:db:fb:01
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICJFYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjUw
MDEyMDBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDQ1QzlENkZFODlFQThC
MkFERTM2RkJFRjBDQUUyODJENzZFOTNGRUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDTsRFLymVMNYER4CTpbEDtbnR8izk+WZMHxvdpxaBf61KZzo64
kgDoqfRBN6Cd3/gHG+gOd+rtfMz3UZ3Ccg8ArhyZDetxAvT+ktc0fr73E4Nn88rj
M/w1C2eT1MDvI41by0JMMkEb5ne+BXey9QMwnUDT3PQklN2+SufVgha6XhBJim6+
tXGcoVOZnReAAQIJcRkC7JidA/rTqEFxPHxD7aoyOQ0qQ211Q9CeypEfsQj4Si+1
TY526Yy4vnsZ6gYAh0OhtronVUcMjCUJh3X7ds4ALz7FCgoauAQkJh52xa/Hh2Tz
obcLn3i9WartiGkgJKekgPHX6/hwMxJsTt5/AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQURcnW/onqiyreNvvvDK4oLXbpP+owHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9SY25XX29ucWl5cmVOdnZ2
REs0b0xYYnBQLW8ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAGInMfYsWWDORq6EVRljM+Gjo5H15JR4EJGC
wn+K0q1T4wcO8Lrapz0aYH/h8Cb710FLMyqwTE1SfRfjgoEc5eDSR8qSyw7K+1DA
oRcBYNMHXPENVnLe3CiEea5dq/w7uwzu2oeiEp5jRcnzrCoGcSt7s0/+glMJN4pV
NV8cYB7qjioicwVgljCrmgWpE98lYRrX22/p3g628IRff1eC05fqoCbfqjmiEA7A
whV856kPHpvuMmGGUHN8veXjGBEWA2/Xn96sBGxISA1eNdQafpN5fUb/FvZ3NpQ9
2d2Crd1hBpvR5G5/dQ/3pddS4Ux9TP65W5nvZ+rxdoIr5u7b+wE=
-----END CERTIFICATE-----
Generated at Sun Jul 20 23:07:55 2025 by rpki-client