Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/XADpJ4uKQQobcuGO5c9zSPAj_68.roa
File: XADpJ4uKQQobcuGO5c9zSPAj_68.roa (raw, json)
Hash identifier: ef1zh3gqMqO+ZSSdDa1ri8jUwTzp+jDoMwcN3PbtP7k=
Subject key identifier: 5C:00:E9:27:8B:8A:41:0A:1B:72:E1:8E:E5:CF:73:48:F0:23:FF:AF
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 239A
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XADpJ4uKQQobcuGO5c9zSPAj_68.roa
Signing time: Tue 24 Jun 2025 00:41:58 +0000
ROA not before: Tue 24 Jun 2025 00:41:58 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9114 (0x239a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 24 00:41:58 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=5C00E9278B8A410A1B72E18EE5CF7348F023FFAF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:08:09:2d:8e:8f:0d:c8:57:13:b5:86:68:1f:
85:b6:9d:c3:b9:3f:25:f2:f8:1b:7b:a8:fd:42:f9:
f9:32:28:39:e5:07:ed:7c:bb:87:d0:76:d1:41:1f:
73:b2:e7:e2:d3:c7:93:4e:a5:7d:45:f9:ef:cc:c0:
f5:f2:2d:cc:d9:af:7d:ed:a8:3b:61:f1:09:b6:da:
22:86:16:13:3b:ca:73:11:cf:33:e3:fb:c6:05:78:
d5:62:ba:ea:5d:16:8e:aa:61:22:73:94:75:ee:b6:
79:f2:9e:a8:b5:84:78:62:bc:d8:0c:71:d5:47:6c:
9e:83:87:17:7a:19:b7:3b:00:90:ee:41:71:73:0b:
e7:ff:20:d5:f6:3d:12:f3:18:ab:b4:20:c9:cb:88:
c6:ce:38:8d:af:4c:d6:d5:07:00:6f:f0:cf:18:43:
c5:af:67:99:97:a0:56:37:22:b9:f1:5e:77:67:c7:
3a:fb:7d:58:19:fd:3a:a3:2a:ec:dc:ac:73:c3:fc:
76:6c:4e:2c:17:6a:3c:36:c4:d6:44:91:7d:98:25:
83:26:23:16:45:1f:24:86:ff:be:e7:a0:0c:19:4b:
b2:23:35:e6:db:e2:15:71:0d:d3:aa:10:50:3b:68:
8a:07:6a:5c:2e:72:51:52:5e:53:6d:67:b7:a7:46:
ca:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:00:E9:27:8B:8A:41:0A:1B:72:E1:8E:E5:CF:73:48:F0:23:FF:AF
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XADpJ4uKQQobcuGO5c9zSPAj_68.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
44:cf:97:f0:72:23:65:ac:5f:9b:d1:77:d1:fa:9a:ff:e3:50:
90:a0:15:8c:e0:32:cf:18:fe:10:22:80:f9:31:cf:f9:82:0c:
b9:18:ab:96:a7:a9:d6:74:2c:13:9e:c1:9c:0a:ca:68:de:45:
66:3a:6c:4e:28:54:d0:f6:cc:d2:fe:99:2b:b6:01:8b:97:c9:
cd:59:85:d2:83:fc:c9:6e:81:87:ce:24:9a:c3:48:f3:dd:b2:
2d:54:9c:3e:cc:a4:15:3a:62:c1:e0:d3:8b:56:05:d1:16:03:
9d:ce:20:13:a3:a5:34:11:49:b6:54:ce:cf:9e:50:82:ca:9e:
4f:c1:f8:50:a1:1f:b8:ce:90:67:91:79:ba:9e:9f:1f:9e:b3:
f6:b7:84:11:4f:0a:46:1e:cb:34:a0:99:14:38:7f:b9:1e:c0:
26:f1:cc:e2:04:6d:0e:1e:89:03:f5:1e:d7:1d:8a:dc:f3:bb:
b0:9a:db:be:6c:06:ee:2b:3d:3b:c1:99:1e:db:8b:e3:3a:4e:
5d:8d:01:06:3c:db:35:cb:58:49:28:38:0f:14:81:a7:23:81:
65:63:a4:c6:31:8f:ad:83:83:df:b0:81:1d:df:5c:90:95:a9:
aa:97:de:e3:b6:b3:bc:fc:09:28:7b:ac:85:c0:bf:28:41:2f:
6f:63:d2:73
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICI5owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjQw
MDQxNThaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDVDMDBFOTI3OEI4QTQx
MEExQjcyRTE4RUU1Q0Y3MzQ4RjAyM0ZGQUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdCAktjo8NyFcTtYZoH4W2ncO5PyXy+Bt7qP1C+fkyKDnlB+18
u4fQdtFBH3Oy5+LTx5NOpX1F+e/MwPXyLczZr33tqDth8Qm22iKGFhM7ynMRzzPj
+8YFeNViuupdFo6qYSJzlHXutnnynqi1hHhivNgMcdVHbJ6Dhxd6Gbc7AJDuQXFz
C+f/INX2PRLzGKu0IMnLiMbOOI2vTNbVBwBv8M8YQ8WvZ5mXoFY3IrnxXndnxzr7
fVgZ/TqjKuzcrHPD/HZsTiwXajw2xNZEkX2YJYMmIxZFHySG/77noAwZS7IjNebb
4hVxDdOqEFA7aIoHalwuclFSXlNtZ7enRsrHAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUXADpJ4uKQQobcuGO5c9zSPAj/68wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9YQURwSjR1S1FRb2JjdUdP
NWM5elNQQWpfNjgucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAETPl/ByI2WsX5vRd9H6mv/jUJCgFYzgMs8Y
/hAigPkxz/mCDLkYq5anqdZ0LBOewZwKymjeRWY6bE4oVND2zNL+mSu2AYuXyc1Z
hdKD/MlugYfOJJrDSPPdsi1UnD7MpBU6YsHg04tWBdEWA53OIBOjpTQRSbZUzs+e
UILKnk/B+FChH7jOkGeRebqenx+es/a3hBFPCkYeyzSgmRQ4f7kewCbxzOIEbQ4e
iQP1Htcditzzu7Ca275sBu4rPTvBmR7bi+M6Tl2NAQY82zXLWEkoOA8UgacjgWVj
pMYxj62Dg9+wgR3fXJCVqaqX3uO2s7z8CSh7rIXAvyhBL29j0nM=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:37:37 2025 by rpki-client