Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/al4bcxNJyeUKL1YFPY60WDa0dgM.roa
File: al4bcxNJyeUKL1YFPY60WDa0dgM.roa (raw, json)
Hash identifier: 7sk8bJRZC3ebF2iB9aprNIpogt8VaxUM11gvN5w9xA4=
Subject key identifier: 6A:5E:1B:73:13:49:C9:E5:0A:2F:56:05:3D:8E:B4:58:36:B4:76:03
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1FF2
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/al4bcxNJyeUKL1YFPY60WDa0dgM.roa
Signing time: Wed 18 Jun 2025 16:52:17 +0000
ROA not before: Wed 18 Jun 2025 16:52:17 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8178 (0x1ff2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 18 16:52:17 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=6A5E1B731349C9E50A2F56053D8EB45836B47603
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:a5:3d:d8:50:15:75:cc:53:42:46:4e:1a:1e:
19:d4:6a:f9:01:bc:f3:a7:08:6a:15:18:70:59:05:
a9:93:f2:7a:83:57:28:ee:78:11:0c:d0:4d:81:4b:
2a:07:a3:03:23:fc:71:28:18:52:1c:fe:c8:aa:63:
7e:25:7d:62:f6:79:bf:8f:5d:55:d3:5b:a9:10:f5:
c1:b5:7b:37:30:39:0b:91:23:ec:04:71:17:3d:ee:
07:96:d0:f8:ad:a2:a9:37:05:16:43:b2:82:1e:e7:
d3:3d:c1:e1:b9:e9:80:06:d9:26:0c:50:bf:af:63:
bb:f8:65:6b:e8:8f:85:3a:48:da:14:b7:2a:bd:76:
58:bb:31:a3:9d:fd:23:c0:74:1b:eb:17:b4:c0:ce:
7f:77:b5:a6:97:4b:84:ec:a4:c6:14:f9:1e:5e:5e:
db:f6:67:7b:da:19:f8:9e:63:3a:4d:db:a8:31:2b:
b7:40:57:9b:0d:18:6e:43:8a:75:38:09:f6:30:bb:
29:bc:26:40:88:3f:3e:b1:9c:8d:ea:0f:a8:ee:64:
65:3c:86:89:5a:c4:b4:64:48:60:e2:75:69:7c:36:
c4:63:e2:8f:a7:8a:60:0d:2f:06:c7:2a:3c:a5:73:
93:ba:a2:e6:7a:e8:4f:e9:26:67:6f:29:0f:da:92:
6f:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:5E:1B:73:13:49:C9:E5:0A:2F:56:05:3D:8E:B4:58:36:B4:76:03
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/al4bcxNJyeUKL1YFPY60WDa0dgM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
83:3e:a8:92:18:21:50:de:33:7f:d1:a9:0a:b2:05:83:a2:f9:
95:a4:16:88:fa:18:ce:23:0d:4d:82:aa:d0:36:77:08:1d:0b:
b5:4a:17:f1:19:0d:7d:ed:f7:c6:33:b3:5b:4b:a1:86:3e:e3:
28:4b:ff:72:66:91:6c:3a:29:cd:98:dd:c1:03:4b:ec:14:90:
5c:88:cd:e0:94:54:2c:82:6e:6f:78:a0:b1:99:6f:1c:75:a0:
eb:eb:52:a5:59:45:79:15:6d:26:e3:d4:70:63:3a:2c:48:5e:
25:e5:54:e9:ca:91:4b:ca:c9:a5:fd:40:8f:6a:40:f7:76:09:
7a:ab:85:a4:85:ae:fa:db:ba:56:2b:25:a4:1b:2c:fb:17:cc:
87:ad:b9:cb:2e:93:3f:7a:5d:39:b9:c7:0f:fa:1b:8f:cd:f0:
87:58:e4:39:de:31:69:ef:e3:ad:05:fb:97:f8:e7:cb:c8:6e:
10:eb:d5:9f:8d:3c:8d:9f:43:f9:21:a5:7a:a4:44:73:d1:9f:
96:dd:74:17:ff:e0:67:2d:30:44:46:0c:3b:66:e6:d8:f7:b7:
fe:69:65:16:d4:61:86:a2:9d:95:f7:18:e5:64:b0:4a:4d:76:
fe:ed:38:80:ab:63:f0:92:3a:14:c1:3a:39:2a:c9:f7:37:2d:
7c:0c:c3:59
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICH/IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTgx
NjUyMTdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDZBNUUxQjczMTM0OUM5
RTUwQTJGNTYwNTNEOEVCNDU4MzZCNDc2MDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdpT3YUBV1zFNCRk4aHhnUavkBvPOnCGoVGHBZBamT8nqDVyju
eBEM0E2BSyoHowMj/HEoGFIc/siqY34lfWL2eb+PXVXTW6kQ9cG1ezcwOQuRI+wE
cRc97geW0Pitoqk3BRZDsoIe59M9weG56YAG2SYMUL+vY7v4ZWvoj4U6SNoUtyq9
dli7MaOd/SPAdBvrF7TAzn93taaXS4TspMYU+R5eXtv2Z3vaGfieYzpN26gxK7dA
V5sNGG5DinU4CfYwuym8JkCIPz6xnI3qD6juZGU8holaxLRkSGDidWl8NsRj4o+n
imANLwbHKjylc5O6ouZ66E/pJmdvKQ/akm/HAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUal4bcxNJyeUKL1YFPY60WDa0dgMwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9hbDRiY3hOSnllVUtMMVlG
UFk2MFdEYTBkZ00ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAIM+qJIYIVDeM3/RqQqyBYOi+ZWkFoj6GM4j
DU2CqtA2dwgdC7VKF/EZDX3t98Yzs1tLoYY+4yhL/3JmkWw6Kc2Y3cEDS+wUkFyI
zeCUVCyCbm94oLGZbxx1oOvrUqVZRXkVbSbj1HBjOixIXiXlVOnKkUvKyaX9QI9q
QPd2CXqrhaSFrvrbulYrJaQbLPsXzIetucsukz96XTm5xw/6G4/N8IdY5DneMWnv
460F+5f458vIbhDr1Z+NPI2fQ/khpXqkRHPRn5bddBf/4GctMERGDDtm5tj3t/5p
ZRbUYYainZX3GOVksEpNdv7tOICrY/CSOhTBOjkqyfc3LXwMw1k=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:44:03 2025 by rpki-client