Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/XJITjO-3ecGRi22l4PlrctGCAu0.roa
File: XJITjO-3ecGRi22l4PlrctGCAu0.roa (raw, json)
Hash identifier: Bpd6dPFfJR81sGvySkUDGoXe7joR5IIsZMmGDmNVzIc=
Subject key identifier: 5C:92:13:8C:EF:B7:79:C1:91:8B:6D:A5:E0:F9:6B:72:D1:82:02:ED
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 241A
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XJITjO-3ecGRi22l4PlrctGCAu0.roa
Signing time: Tue 24 Jun 2025 16:42:00 +0000
ROA not before: Tue 24 Jun 2025 16:42:00 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9242 (0x241a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 24 16:42:00 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=5C92138CEFB779C1918B6DA5E0F96B72D18202ED
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:d5:b9:ea:64:23:02:95:eb:28:d5:2c:c5:aa:
34:61:19:95:ce:c9:1e:a3:1b:4b:a9:b9:c3:f8:da:
4c:3f:4a:86:d8:4c:bd:28:30:57:19:e3:2f:8e:61:
0f:52:66:a0:41:ea:c4:0b:c4:86:59:b7:22:fd:69:
1d:68:e9:0c:49:95:a8:e2:ba:62:91:5f:21:34:de:
ab:9c:59:f6:b8:95:44:67:06:41:56:1e:44:7f:ce:
94:21:3a:26:8d:13:59:dc:b2:2d:a3:83:e1:ab:04:
77:22:4d:1b:d4:8f:22:c7:a0:43:c8:ae:2d:4f:48:
2f:8f:69:93:4f:9a:78:ea:ff:a4:6c:37:79:0a:79:
4c:d5:4f:3f:f5:ff:10:cc:53:10:d4:62:e0:9a:1b:
9d:e5:f4:57:e1:05:8e:a6:ba:93:79:68:f8:1e:ce:
b9:36:92:5f:13:33:b8:ad:6b:c8:7c:af:f6:28:58:
15:6c:31:1e:5c:7d:79:25:db:5c:52:48:c5:7b:bd:
a0:5c:91:3c:6c:3b:8a:64:38:a3:df:12:bf:72:a9:
5d:3f:11:da:86:61:19:f0:40:14:7b:a1:77:66:d1:
2f:5d:c0:87:01:66:3a:ba:3a:fa:39:f4:62:bc:89:
6d:c0:b2:ab:39:56:05:37:72:70:ad:1e:5c:41:68:
36:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:92:13:8C:EF:B7:79:C1:91:8B:6D:A5:E0:F9:6B:72:D1:82:02:ED
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XJITjO-3ecGRi22l4PlrctGCAu0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
3c:b7:36:e7:03:74:46:1c:22:6b:7b:0d:b0:bd:2c:ae:4d:c0:
77:37:e6:01:d0:38:a5:5d:ae:7d:89:d5:85:7a:bb:fc:eb:29:
44:c2:be:b0:62:c8:82:f8:6d:d2:98:92:e3:f4:4f:44:e2:f6:
33:5d:9a:42:cd:3b:53:b7:e0:ca:88:66:44:1d:f1:5d:5c:c0:
9c:a6:f3:84:bd:21:3e:d0:96:c1:d1:e6:d6:28:99:f0:e6:10:
85:4e:63:61:b7:91:47:0e:6b:ee:a4:13:a1:3d:1c:1a:33:f1:
a5:a0:22:19:d3:c2:5a:59:94:b1:a2:45:91:66:93:d4:1b:49:
69:a7:9b:17:97:7f:ce:99:85:8b:dc:f3:fe:13:a5:43:86:35:
14:08:86:5e:47:e8:da:0e:b5:c2:e9:2c:d2:a9:e5:8b:a4:f0:
43:f4:e0:7d:fd:58:b8:a3:58:0d:25:4f:39:f4:f4:2d:ec:f7:
56:72:14:58:aa:6a:67:fd:0b:2a:64:90:a8:df:3b:f0:0f:28:
a0:9f:42:a0:79:ac:30:28:76:c7:6e:28:8d:f1:93:dd:f7:82:
cf:77:39:1a:16:3e:9b:59:10:1a:a8:9a:31:a8:a8:79:c0:94:
75:db:f0:be:93:3b:c7:d3:8e:f0:cf:79:f4:a7:bd:2f:74:7a:
f8:8d:38:28
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICJBowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjQx
NjQyMDBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDVDOTIxMzhDRUZCNzc5
QzE5MThCNkRBNUUwRjk2QjcyRDE4MjAyRUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDM1bnqZCMCleso1SzFqjRhGZXOyR6jG0upucP42kw/SobYTL0o
MFcZ4y+OYQ9SZqBB6sQLxIZZtyL9aR1o6QxJlajiumKRXyE03qucWfa4lURnBkFW
HkR/zpQhOiaNE1ncsi2jg+GrBHciTRvUjyLHoEPIri1PSC+PaZNPmnjq/6RsN3kK
eUzVTz/1/xDMUxDUYuCaG53l9FfhBY6mupN5aPgezrk2kl8TM7ita8h8r/YoWBVs
MR5cfXkl21xSSMV7vaBckTxsO4pkOKPfEr9yqV0/EdqGYRnwQBR7oXdm0S9dwIcB
Zjq6Ovo59GK8iW3Asqs5VgU3cnCtHlxBaDY/AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUXJITjO+3ecGRi22l4PlrctGCAu0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9YSklUak8tM2VjR1JpMjJs
NFBscmN0R0NBdTAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBADy3NucDdEYcImt7DbC9LK5NwHc35gHQOKVd
rn2J1YV6u/zrKUTCvrBiyIL4bdKYkuP0T0Ti9jNdmkLNO1O34MqIZkQd8V1cwJym
84S9IT7QlsHR5tYomfDmEIVOY2G3kUcOa+6kE6E9HBoz8aWgIhnTwlpZlLGiRZFm
k9QbSWmnmxeXf86ZhYvc8/4TpUOGNRQIhl5H6NoOtcLpLNKp5Yuk8EP04H39WLij
WA0lTzn09C3s91ZyFFiqamf9CypkkKjfO/APKKCfQqB5rDAodsduKI3xk933gs93
ORoWPptZEBqomjGoqHnAlHXb8L6TO8fTjvDPefSnvS90eviNOCg=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:47:38 2025 by rpki-client