Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/XsQafiVykoDFl7LIPc9KyieHhOg.roa
File: XsQafiVykoDFl7LIPc9KyieHhOg.roa (raw, json)
Hash identifier: mDdEt318jcrhsXj5Sro+5TI/Nyn8f8Ec0R1VpyCBoDM=
Subject key identifier: 5E:C4:1A:7E:25:72:92:80:C5:97:B2:C8:3D:CF:4A:CA:27:87:84:E8
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 225A
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XsQafiVykoDFl7LIPc9KyieHhOg.roa
Signing time: Sun 22 Jun 2025 08:41:49 +0000
ROA not before: Sun 22 Jun 2025 08:41:49 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8794 (0x225a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 22 08:41:49 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=5EC41A7E25729280C597B2C83DCF4ACA278784E8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:2e:bd:11:10:b9:b3:95:f2:35:4d:c0:fc:89:
0f:07:fb:00:d9:dc:2f:16:62:20:9a:0c:0e:46:52:
c1:8a:ab:16:5d:3a:34:45:ec:98:73:55:8e:c5:74:
8e:6b:19:f8:0a:68:9c:8e:fc:4b:a1:bb:f3:a0:52:
16:65:f8:c2:1f:6b:33:3d:77:82:e0:0f:1e:0a:8d:
07:04:05:0d:04:3f:bd:a6:89:69:24:5a:f6:ac:e4:
13:39:15:2a:e7:54:16:ce:05:cf:a9:1b:87:4b:b9:
66:c1:33:24:6e:ee:94:e3:a4:5f:1f:49:af:b4:09:
db:a9:94:6a:f6:27:9c:ea:58:c0:f5:2c:23:f2:eb:
b9:c5:fe:b1:06:57:ca:97:29:cb:d7:58:b7:99:35:
7e:bc:42:db:5d:df:b1:72:ac:dd:98:2e:18:f8:d7:
0c:6b:5c:14:47:26:75:25:af:0a:8b:15:a0:3b:ff:
85:59:c9:26:ea:75:f8:41:ab:95:14:19:45:1a:8e:
d0:51:de:a1:3e:94:7d:fb:6a:b5:67:b1:30:0e:12:
df:a7:f9:91:01:cd:4a:0a:10:bb:b0:dd:07:c0:ae:
ed:78:79:2d:3d:f7:54:a1:8d:bf:6b:92:9f:03:e2:
0b:c4:44:98:ea:d5:27:16:da:f7:e3:a8:48:20:b5:
90:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:C4:1A:7E:25:72:92:80:C5:97:B2:C8:3D:CF:4A:CA:27:87:84:E8
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XsQafiVykoDFl7LIPc9KyieHhOg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a2:88:94:0c:8b:19:b5:3d:ea:a2:28:cd:b6:7b:37:17:f2:ea:
68:f4:28:6b:2e:c2:cb:38:e8:8e:d9:0b:15:7f:fa:a6:15:26:
a6:bf:8c:ce:35:13:3a:8d:0f:7e:9a:fa:0d:d7:cc:a2:8d:44:
ad:6e:e9:16:c0:a7:d5:a9:f9:95:9e:71:5e:21:08:20:e1:e2:
d1:79:cd:15:89:9a:63:e0:8e:34:e7:1d:65:fd:5b:bb:da:80:
da:2f:53:a4:97:79:a9:1f:b0:c9:01:6f:45:7b:6b:dd:9c:26:
e0:3b:21:49:25:34:a0:84:30:e9:74:fc:fb:62:ac:f1:8a:5a:
c1:a8:7f:e9:5c:d3:0f:ad:58:a3:05:3a:b6:fe:ee:12:f6:ea:
da:a1:9d:89:11:6c:77:c9:29:6d:6a:70:d9:cb:19:c8:c9:eb:
67:01:a5:89:30:80:0a:12:41:00:72:2b:c8:d7:63:b3:14:5f:
e6:e7:7e:2c:c7:56:8a:9d:1a:f5:ef:24:8f:ea:f4:e4:1e:e4:
51:be:25:5c:20:89:23:e9:c5:7b:6c:b0:1b:52:85:3d:1e:42:
94:24:7a:a8:da:66:a5:4d:dc:10:fc:c2:f8:cc:fe:a1:64:d3:
a7:69:42:3a:cb:1f:3f:8c:95:59:f9:78:62:da:bf:47:44:6e:
99:cd:5a:a1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIlowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjIw
ODQxNDlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDVFQzQxQTdFMjU3Mjky
ODBDNTk3QjJDODNEQ0Y0QUNBMjc4Nzg0RTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCWLr0RELmzlfI1TcD8iQ8H+wDZ3C8WYiCaDA5GUsGKqxZdOjRF
7JhzVY7FdI5rGfgKaJyO/Euhu/OgUhZl+MIfazM9d4LgDx4KjQcEBQ0EP72miWkk
Wvas5BM5FSrnVBbOBc+pG4dLuWbBMyRu7pTjpF8fSa+0CduplGr2J5zqWMD1LCPy
67nF/rEGV8qXKcvXWLeZNX68Qttd37FyrN2YLhj41wxrXBRHJnUlrwqLFaA7/4VZ
ySbqdfhBq5UUGUUajtBR3qE+lH37arVnsTAOEt+n+ZEBzUoKELuw3QfAru14eS09
91Shjb9rkp8D4gvERJjq1ScW2vfjqEggtZBfAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUXsQafiVykoDFl7LIPc9KyieHhOgwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9Yc1FhZmlWeWtvREZsN0xJ
UGM5S3lpZUhoT2cucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAKKIlAyLGbU96qIozbZ7Nxfy6mj0KGsuwss4
6I7ZCxV/+qYVJqa/jM41EzqND36a+g3XzKKNRK1u6RbAp9Wp+ZWecV4hCCDh4tF5
zRWJmmPgjjTnHWX9W7vagNovU6SXeakfsMkBb0V7a92cJuA7IUklNKCEMOl0/Pti
rPGKWsGof+lc0w+tWKMFOrb+7hL26tqhnYkRbHfJKW1qcNnLGcjJ62cBpYkwgAoS
QQByK8jXY7MUX+bnfizHVoqdGvXvJI/q9OQe5FG+JVwgiSPpxXtssBtShT0eQpQk
eqjaZqVN3BD8wvjM/qFk06dpQjrLHz+MlVn5eGLav0dEbpnNWqE=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:36:59 2025 by rpki-client