Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/aokMfad-L-kuCP8SoiLHoflLPHw.roa
File: aokMfad-L-kuCP8SoiLHoflLPHw.roa (raw, json)
Hash identifier: 0F8NjJCqAwraDmF5nnaJawmGaEe2r1ZGu134nMb499w=
Subject key identifier: 6A:89:0C:7D:A7:7E:2F:E9:2E:08:FF:12:A2:22:C7:A1:F9:4B:3C:7C
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 210E
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/aokMfad-L-kuCP8SoiLHoflLPHw.roa
Signing time: Fri 20 Jun 2025 15:11:42 +0000
ROA not before: Fri 20 Jun 2025 15:11:42 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8462 (0x210e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 20 15:11:42 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=6A890C7DA77E2FE92E08FF12A222C7A1F94B3C7C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:a5:62:05:6e:f8:a1:d7:78:78:dd:ba:26:5f:
6c:95:ee:f8:10:86:57:f6:9d:ef:bb:4f:05:a3:b8:
ef:73:de:f0:84:86:b1:1c:57:de:03:c6:75:f7:6e:
fd:b5:40:3f:a4:c2:65:a5:68:09:d9:6d:4c:6f:e8:
7c:ef:7a:1b:b7:49:c7:ff:de:b4:85:26:84:f8:b5:
98:46:21:52:11:b6:11:da:d3:ae:5f:3c:a7:10:7b:
5f:7c:f6:a7:ad:05:fa:68:c4:31:45:56:e5:97:97:
e6:c1:8d:f3:2c:ee:d9:0e:70:58:80:7d:85:fe:18:
d0:7a:30:bf:b2:e6:03:40:06:36:6e:7f:f3:12:c1:
9f:8d:3b:47:67:76:df:fb:8b:5f:bc:64:1a:5d:8e:
5d:80:08:1c:4b:fc:eb:e4:61:f2:a6:83:38:28:6d:
d3:bd:f9:72:73:e9:88:06:b4:43:8c:cc:22:c0:fb:
1f:42:63:be:b9:46:27:e5:4c:06:56:5b:59:f3:a8:
aa:7b:ef:eb:d5:84:bb:02:46:9b:ae:e4:09:b6:17:
74:6e:76:04:2c:8c:22:8f:1d:3a:6c:86:be:f1:f5:
f1:12:60:13:b3:ce:5a:fa:e1:3c:b8:fb:19:8e:d4:
38:f9:95:6e:80:c1:68:e0:76:9d:82:2a:90:ef:52:
42:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:89:0C:7D:A7:7E:2F:E9:2E:08:FF:12:A2:22:C7:A1:F9:4B:3C:7C
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/aokMfad-L-kuCP8SoiLHoflLPHw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
59:cf:1a:d7:c2:67:94:c2:e5:08:7f:c8:7c:30:6d:b4:01:8e:
6a:8a:44:30:de:b8:d9:5e:9e:11:9c:8a:a5:f0:5d:ca:1b:3a:
b2:4d:a8:ff:8a:5b:7a:8d:bf:ad:c1:11:84:f8:9d:e8:a2:8d:
29:c4:6a:60:43:76:19:64:79:b3:b1:6e:35:e4:be:8c:97:0b:
0f:ba:53:4b:b5:d9:99:3b:71:04:70:3b:7e:3e:ae:11:96:9b:
c1:6c:32:07:c0:4d:19:d3:53:dc:7f:cc:a4:40:df:90:e2:20:
9b:48:37:f7:6f:45:75:a2:5a:08:7d:bc:ea:47:0c:0f:d7:16:
79:0a:f2:4f:9b:12:24:8e:66:41:c3:af:87:7e:33:63:01:9b:
73:72:b3:5e:57:0d:c0:c6:6d:91:02:3b:90:3b:3b:c4:54:c6:
ae:3c:7e:d4:de:72:f4:a6:85:ab:fa:61:71:2f:07:a0:66:c8:
19:7c:e0:0b:39:0a:fc:e9:9a:19:db:ad:98:4d:40:59:e3:63:
d3:17:71:0e:33:65:32:72:50:8f:80:e4:ca:e7:dc:29:d7:0a:
4e:2e:8b:09:e0:00:83:46:00:dd:32:58:78:79:2e:50:15:31:
a7:c7:72:8f:30:36:cd:5f:c9:3c:20:a2:ff:35:8d:dd:91:6a:
30:43:26:17
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIQ4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjAx
NTExNDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDZBODkwQzdEQTc3RTJG
RTkyRTA4RkYxMkEyMjJDN0ExRjk0QjNDN0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCspWIFbvih13h43bomX2yV7vgQhlf2ne+7TwWjuO9z3vCEhrEc
V94DxnX3bv21QD+kwmWlaAnZbUxv6Hzvehu3Scf/3rSFJoT4tZhGIVIRthHa065f
PKcQe1989qetBfpoxDFFVuWXl+bBjfMs7tkOcFiAfYX+GNB6ML+y5gNABjZuf/MS
wZ+NO0dndt/7i1+8ZBpdjl2ACBxL/OvkYfKmgzgobdO9+XJz6YgGtEOMzCLA+x9C
Y765RiflTAZWW1nzqKp77+vVhLsCRpuu5Am2F3RudgQsjCKPHTpshr7x9fESYBOz
zlr64Ty4+xmO1Dj5lW6AwWjgdp2CKpDvUkJFAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUaokMfad+L+kuCP8SoiLHoflLPHwwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9hb2tNZmFkLUwta3VDUDhT
b2lMSG9mbExQSHcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAFnPGtfCZ5TC5Qh/yHwwbbQBjmqKRDDeuNle
nhGciqXwXcobOrJNqP+KW3qNv63BEYT4neiijSnEamBDdhlkebOxbjXkvoyXCw+6
U0u12Zk7cQRwO34+rhGWm8FsMgfATRnTU9x/zKRA35DiIJtIN/dvRXWiWgh9vOpH
DA/XFnkK8k+bEiSOZkHDr4d+M2MBm3Nys15XDcDGbZECO5A7O8RUxq48ftTecvSm
hav6YXEvB6BmyBl84As5CvzpmhnbrZhNQFnjY9MXcQ4zZTJyUI+A5Mrn3CnXCk4u
iwngAINGAN0yWHh5LlAVMafHco8wNs1fyTwgov81jd2RajBDJhc=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:49:39 2025 by rpki-client