Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/U2g8o5AYGEvdgyZFAFVcZp0IYgg.roa
File: U2g8o5AYGEvdgyZFAFVcZp0IYgg.roa (raw, json)
Hash identifier: w70c82ZyT9y2qdytbeSs8CBpnH0dvieKI6JkO8bHyUw=
Subject key identifier: 53:68:3C:A3:90:18:18:4B:DD:83:26:45:00:55:5C:66:9D:08:62:08
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1AC6
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/U2g8o5AYGEvdgyZFAFVcZp0IYgg.roa
Signing time: Wed 11 Jun 2025 18:39:47 +0000
ROA not before: Wed 11 Jun 2025 18:39:47 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6854 (0x1ac6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 11 18:39:47 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=53683CA39018184BDD83264500555C669D086208
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:c8:56:cb:66:04:f8:52:9f:57:98:e1:e3:62:
3f:f7:9a:fc:6b:b0:f9:32:69:19:88:32:24:22:71:
13:c7:05:4e:45:c1:9b:f0:e6:65:4a:a2:41:f8:d5:
f5:cc:62:b2:c0:ec:19:44:3f:77:63:72:45:ad:df:
42:2e:3a:16:0a:dd:52:1b:84:69:f4:8c:11:94:d7:
3e:69:0c:6e:e4:c7:b5:ee:96:ec:a9:52:59:b7:dd:
97:f6:d7:d9:11:96:39:7b:95:54:eb:c6:70:53:fe:
c6:be:7b:db:1b:d3:c9:74:ed:84:9e:c1:5b:1c:dc:
52:5a:fc:0d:b6:b3:50:e8:8e:9d:56:f8:fc:e8:37:
ab:e8:ae:80:58:92:40:ae:d3:e4:ce:b1:0d:fa:59:
22:6b:f9:50:62:1b:e3:13:dc:05:7e:ff:6c:95:3f:
35:d4:78:aa:25:55:10:e5:5a:d5:fd:72:53:ab:8f:
d1:cf:cb:c6:a3:b4:fd:ff:8d:5c:6b:e4:b1:84:1f:
39:3f:e7:6f:42:81:e9:e4:83:35:22:ff:ec:5c:d4:
27:33:82:26:18:28:3b:36:0b:0f:56:25:ee:a7:42:
07:85:6b:0a:d5:ca:64:8a:27:99:a1:9c:78:de:ea:
eb:15:34:e0:bb:96:04:6a:8f:25:dc:a8:01:4c:51:
27:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:68:3C:A3:90:18:18:4B:DD:83:26:45:00:55:5C:66:9D:08:62:08
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/U2g8o5AYGEvdgyZFAFVcZp0IYgg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
32:4d:17:d0:45:39:5c:dd:a5:fc:e1:5b:12:f6:29:b9:84:5f:
ae:75:0e:0a:e7:18:5c:66:27:d1:91:9e:da:98:24:6d:0e:df:
ee:ef:30:4d:b8:49:9f:1f:da:fe:b5:9d:fe:45:e4:08:5a:6e:
9e:30:c8:a8:7b:12:de:f0:85:ad:44:d3:1d:b5:a8:d7:86:a1:
a3:3d:b5:52:c1:70:4b:fc:e6:ca:e3:59:c5:63:85:c7:03:9a:
73:8e:c0:09:50:a1:3e:9f:ff:72:a8:5e:a3:4d:9a:c6:4c:04:
52:52:cb:42:cd:f8:db:3c:82:8b:9f:7c:71:8b:91:54:09:ae:
5a:8f:c4:df:cf:47:6f:5f:40:af:16:3f:99:cf:c6:28:46:95:
c3:67:29:de:77:0d:bc:57:d5:30:b5:71:65:d8:c1:5e:23:c5:
e0:11:e4:24:f9:21:29:52:2a:aa:16:b5:1d:5a:0a:54:14:d4:
10:9b:fa:b0:72:3e:0e:6c:80:c6:4d:d3:63:f1:52:6c:ab:8d:
c9:04:80:2f:30:56:c9:ea:83:30:74:fa:7f:0a:9b:cf:08:e2:
c2:e3:24:24:b0:87:b3:6c:c7:82:b9:4b:d5:4c:0c:1f:e2:06:
ed:d8:6f:67:1b:a5:1e:13:02:d3:4f:e4:d6:1a:45:08:8d:bc:
de:6a:18:4e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGsYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTEx
ODM5NDdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDUzNjgzQ0EzOTAxODE4
NEJERDgzMjY0NTAwNTU1QzY2OUQwODYyMDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCgyFbLZgT4Up9XmOHjYj/3mvxrsPkyaRmIMiQicRPHBU5FwZvw
5mVKokH41fXMYrLA7BlEP3djckWt30IuOhYK3VIbhGn0jBGU1z5pDG7kx7Xuluyp
Ulm33Zf219kRljl7lVTrxnBT/sa+e9sb08l07YSewVsc3FJa/A22s1Dojp1W+Pzo
N6voroBYkkCu0+TOsQ36WSJr+VBiG+MT3AV+/2yVPzXUeKolVRDlWtX9clOrj9HP
y8ajtP3/jVxr5LGEHzk/529CgenkgzUi/+xc1CczgiYYKDs2Cw9WJe6nQgeFawrV
ymSKJ5mhnHje6usVNOC7lgRqjyXcqAFMUScdAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUU2g8o5AYGEvdgyZFAFVcZp0IYggwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9VMmc4bzVBWUdFdmRneVpG
QUZWY1pwMElZZ2cucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBADJNF9BFOVzdpfzhWxL2KbmEX651DgrnGFxm
J9GRntqYJG0O3+7vME24SZ8f2v61nf5F5Ahabp4wyKh7Et7wha1E0x21qNeGoaM9
tVLBcEv85srjWcVjhccDmnOOwAlQoT6f/3KoXqNNmsZMBFJSy0LN+Ns8gouffHGL
kVQJrlqPxN/PR29fQK8WP5nPxihGlcNnKd53DbxX1TC1cWXYwV4jxeAR5CT5ISlS
KqoWtR1aClQU1BCb+rByPg5sgMZN02PxUmyrjckEgC8wVsnqgzB0+n8Km88I4sLj
JCSwh7Nsx4K5S9VMDB/iBu3Yb2cbpR4TAtNP5NYaRQiNvN5qGE4=
-----END CERTIFICATE-----
Generated at Tue Jul 22 02:36:03 2025 by rpki-client