Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/fq_9ZkE-aZlS76sw9vOzs3eLVbU.roa
File: fq_9ZkE-aZlS76sw9vOzs3eLVbU.roa (raw, json)
Hash identifier: Ne5QTKhy07LaizUeF4H5+q8LXuSy5f1CmGgTaOPzpd8=
Subject key identifier: 7E:AF:FD:66:41:3E:69:99:52:EF:AB:30:F6:F3:B3:B3:77:8B:55:B5
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 23C2
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/fq_9ZkE-aZlS76sw9vOzs3eLVbU.roa
Signing time: Tue 24 Jun 2025 05:41:57 +0000
ROA not before: Tue 24 Jun 2025 05:41:57 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9154 (0x23c2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 24 05:41:57 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=7EAFFD66413E699952EFAB30F6F3B3B3778B55B5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:e9:81:5a:38:c2:26:b6:ce:35:0d:c2:76:a0:
da:fc:08:b4:f8:41:cc:33:d5:fd:0f:ff:b4:9e:9c:
6e:6f:c3:01:da:f4:1e:4b:52:33:db:05:2d:aa:aa:
19:4a:a1:11:10:bc:ec:be:49:0c:e0:82:20:cf:07:
ad:01:35:a3:fd:5e:29:5a:92:af:7b:40:4f:49:3b:
ba:85:62:ce:24:a3:83:b6:32:c1:d6:73:e6:76:54:
f0:b7:4f:78:c5:f3:14:b0:b0:80:21:05:13:a8:ce:
5a:2f:ba:fa:c6:26:2d:04:aa:08:f0:b9:fa:0f:c6:
59:15:51:19:81:5b:54:0a:6a:c2:a7:0c:89:7f:61:
35:d8:14:4f:f2:51:39:81:62:02:95:d1:71:51:fa:
0b:3f:08:8a:6a:dc:c0:b3:df:23:33:95:5f:4a:7e:
f5:57:f0:85:d3:36:c9:9a:ed:50:33:00:d1:b3:db:
d3:ba:80:44:b1:93:c8:db:20:f2:27:a0:ad:47:3e:
66:60:aa:d5:5f:6b:27:36:58:2b:57:32:ef:53:91:
0c:86:02:13:d0:9e:3e:99:5e:df:e8:e0:a9:ef:be:
21:95:f3:da:03:28:91:38:c2:62:84:b5:37:39:e0:
f8:4e:8d:88:09:ce:aa:63:d0:f7:0d:f5:cd:c1:fc:
c1:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:AF:FD:66:41:3E:69:99:52:EF:AB:30:F6:F3:B3:B3:77:8B:55:B5
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/fq_9ZkE-aZlS76sw9vOzs3eLVbU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
51:43:da:b7:3d:79:54:0d:ea:0f:75:75:92:64:84:ff:e7:26:
f4:08:15:42:d8:00:b1:9a:9c:0f:2d:a8:a7:ba:6d:d6:c9:b8:
32:0c:a8:dc:8f:10:ef:89:b4:6a:c2:7d:8b:8f:4e:7a:76:76:
7c:63:b5:1b:70:83:75:3e:50:9f:97:65:34:73:90:3b:fb:0d:
6d:d9:90:58:e4:61:a7:22:c9:dc:28:ec:14:16:d2:02:28:41:
b3:b1:02:b7:c1:ba:07:88:af:89:e1:48:44:cf:01:82:34:77:
0f:8b:0d:e2:de:cd:d8:c6:8e:00:ef:97:d2:2a:3a:ff:b7:7a:
3d:e9:56:63:1d:fd:07:6b:2c:8c:5d:a5:fe:e7:36:67:8a:03:
c2:d8:ca:d1:69:15:3a:65:84:b5:3b:8e:02:e9:f3:9f:0e:ed:
78:14:4f:af:f9:45:3f:f9:91:ee:ab:7f:3f:8b:ab:6e:e3:ca:
d8:19:8d:aa:6f:7f:26:cb:7b:78:88:cc:d3:87:b3:11:d5:70:
f7:d1:f6:7f:67:53:95:71:16:11:48:2f:30:13:eb:ba:15:6e:
ac:0e:f4:13:58:47:3a:a6:6e:d7:70:14:9a:a4:51:11:bc:16:
37:70:1d:1d:74:f2:b7:4d:a8:f6:63:6f:d2:5d:33:9f:69:a5:
d6:44:37:dc
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICI8IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjQw
NTQxNTdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDdFQUZGRDY2NDEzRTY5
OTk1MkVGQUIzMEY2RjNCM0IzNzc4QjU1QjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDS6YFaOMImts41DcJ2oNr8CLT4Qcwz1f0P/7SenG5vwwHa9B5L
UjPbBS2qqhlKoREQvOy+SQzggiDPB60BNaP9Xilakq97QE9JO7qFYs4ko4O2MsHW
c+Z2VPC3T3jF8xSwsIAhBROozlovuvrGJi0EqgjwufoPxlkVURmBW1QKasKnDIl/
YTXYFE/yUTmBYgKV0XFR+gs/CIpq3MCz3yMzlV9KfvVX8IXTNsma7VAzANGz29O6
gESxk8jbIPInoK1HPmZgqtVfayc2WCtXMu9TkQyGAhPQnj6ZXt/o4KnvviGV89oD
KJE4wmKEtTc54PhOjYgJzqpj0PcN9c3B/MH/AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUfq/9ZkE+aZlS76sw9vOzs3eLVbUwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9mcV85WmtFLWFabFM3NnN3
OXZPenMzZUxWYlUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAFFD2rc9eVQN6g91dZJkhP/nJvQIFULYALGa
nA8tqKe6bdbJuDIMqNyPEO+JtGrCfYuPTnp2dnxjtRtwg3U+UJ+XZTRzkDv7DW3Z
kFjkYaciydwo7BQW0gIoQbOxArfBugeIr4nhSETPAYI0dw+LDeLezdjGjgDvl9Iq
Ov+3ej3pVmMd/QdrLIxdpf7nNmeKA8LYytFpFTplhLU7jgLp858O7XgUT6/5RT/5
ke6rfz+Lq27jytgZjapvfybLe3iIzNOHsxHVcPfR9n9nU5VxFhFILzAT67oVbqwO
9BNYRzqmbtdwFJqkURG8FjdwHR108rdNqPZjb9JdM59ppdZEN9w=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:51:28 2025 by rpki-client