Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/XYRtwJkBCIrnSx8ZCMYdJE89FTE.roa
File: XYRtwJkBCIrnSx8ZCMYdJE89FTE.roa (raw, json)
Hash identifier: Y7wm9xSX7JpkGYBUiXHdwIYIUeOoEszOl0v+wVnURIY=
Subject key identifier: 5D:84:6D:C0:99:01:08:8A:E7:4B:1F:19:08:C6:1D:24:4F:3D:15:31
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2142
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XYRtwJkBCIrnSx8ZCMYdJE89FTE.roa
Signing time: Fri 20 Jun 2025 21:41:42 +0000
ROA not before: Fri 20 Jun 2025 21:41:42 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8514 (0x2142)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 20 21:41:42 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=5D846DC09901088AE74B1F1908C61D244F3D1531
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:55:3a:d8:a0:ee:f2:81:da:d2:31:6c:c1:69:
90:03:17:90:76:4e:49:32:ba:fa:44:b8:fb:ef:a5:
60:0b:f6:13:b9:17:ea:39:ed:91:c4:ad:9f:c9:f2:
e1:3d:ab:bc:95:de:78:b7:74:b4:f6:a7:29:d9:71:
ba:9c:88:94:30:00:8b:8c:2b:44:57:d3:98:d2:ad:
60:a3:9e:ab:49:7b:c4:b2:f3:ab:0c:a0:36:98:2b:
76:2c:fd:89:a5:34:7a:3a:92:7e:84:f9:43:b3:aa:
09:d6:ab:58:fd:85:4c:af:07:f9:e8:89:8b:b4:e7:
b4:36:7c:97:01:80:7f:78:32:c1:c3:82:89:97:87:
f0:be:47:d6:ee:a5:fb:69:30:1a:fd:a1:df:69:4e:
2d:f5:47:a7:b1:98:86:3b:cb:7e:cf:a5:09:91:bf:
c8:49:1f:57:e0:19:28:b7:67:38:eb:57:52:d7:ec:
33:86:4a:0f:f3:02:3f:3b:ed:d9:89:69:26:46:20:
c3:47:6f:46:8b:86:a8:4b:0b:9c:e1:0e:26:58:88:
2f:05:0b:32:56:0b:de:31:f0:7a:ba:6e:70:3a:99:
e2:e5:d8:9f:ff:af:0e:b8:5b:e0:75:32:53:86:28:
7a:74:01:cf:9c:7d:0e:4d:1e:6a:a6:f2:72:a3:5c:
8a:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:84:6D:C0:99:01:08:8A:E7:4B:1F:19:08:C6:1D:24:4F:3D:15:31
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XYRtwJkBCIrnSx8ZCMYdJE89FTE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8c:13:e0:96:33:44:42:9c:21:01:3f:9e:e1:c4:a6:fb:02:ca:
46:c7:90:fd:d2:20:b3:d1:ce:94:26:7d:78:f1:bb:74:6d:f4:
75:d3:9b:da:ff:cd:d5:ef:4f:49:0e:ea:89:26:ba:7d:e3:e1:
fa:cd:83:99:bf:68:48:62:f8:68:81:04:5b:cd:4f:7c:ba:1a:
4d:ee:74:4e:7d:06:1d:09:fc:11:d2:0a:7c:d6:c8:6d:14:2d:
da:67:66:d9:98:30:99:0a:bf:97:ce:33:bc:37:1b:2e:fa:06:
4b:f4:a2:d1:ca:75:ec:a7:74:31:c6:5b:cc:b9:7f:aa:e8:05:
40:38:e7:73:25:83:90:eb:df:38:90:2c:1a:2e:bc:8e:0f:37:
2a:4c:05:f1:3e:f1:7c:50:6d:75:f4:72:ac:aa:8a:96:18:55:
21:62:47:61:88:bf:28:6a:10:9a:8e:f8:57:6c:65:78:a0:b5:
2e:84:ad:36:15:3c:39:b1:1d:07:c9:2e:cc:a8:c5:0b:db:c5:
9a:eb:e5:f8:d0:59:ca:bc:7f:ec:40:ca:21:79:97:e5:2e:11:
4e:22:c9:ce:74:e6:8d:57:5e:3e:24:48:78:cd:ae:06:05:ea:
c7:c2:bc:2e:f4:7b:8f:f4:5b:05:2f:f4:e3:eb:c5:a3:09:89:
d3:5b:48:b6
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIUIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjAy
MTQxNDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDVEODQ2REMwOTkwMTA4
OEFFNzRCMUYxOTA4QzYxRDI0NEYzRDE1MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIVTrYoO7ygdrSMWzBaZADF5B2TkkyuvpEuPvvpWAL9hO5F+o5
7ZHErZ/J8uE9q7yV3ni3dLT2pynZcbqciJQwAIuMK0RX05jSrWCjnqtJe8Sy86sM
oDaYK3Ys/YmlNHo6kn6E+UOzqgnWq1j9hUyvB/noiYu057Q2fJcBgH94MsHDgomX
h/C+R9bupftpMBr9od9pTi31R6exmIY7y37PpQmRv8hJH1fgGSi3ZzjrV1LX7DOG
Sg/zAj877dmJaSZGIMNHb0aLhqhLC5zhDiZYiC8FCzJWC94x8Hq6bnA6meLl2J//
rw64W+B1MlOGKHp0Ac+cfQ5NHmqm8nKjXIozAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUXYRtwJkBCIrnSx8ZCMYdJE89FTEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9YWVJ0d0prQkNJcm5TeDha
Q01ZZEpFODlGVEUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAIwT4JYzREKcIQE/nuHEpvsCykbHkP3SILPR
zpQmfXjxu3Rt9HXTm9r/zdXvT0kO6okmun3j4frNg5m/aEhi+GiBBFvNT3y6Gk3u
dE59Bh0J/BHSCnzWyG0ULdpnZtmYMJkKv5fOM7w3Gy76Bkv0otHKdeyndDHGW8y5
f6roBUA453Mlg5Dr3ziQLBouvI4PNypMBfE+8XxQbXX0cqyqipYYVSFiR2GIvyhq
EJqO+FdsZXigtS6ErTYVPDmxHQfJLsyoxQvbxZrr5fjQWcq8f+xAyiF5l+UuEU4i
yc505o1XXj4kSHjNrgYF6sfCvC70e4/0WwUv9OPrxaMJidNbSLY=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:41 2025 by rpki-client