Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/iOeZq86BAAuY4M_I4HzxW9NqjsQ.roa
File: iOeZq86BAAuY4M_I4HzxW9NqjsQ.roa (raw, json)
Hash identifier: 1iGNN1i1qzYzbrgUUnZcRWHELmcOxPKM+Lv5r8ks4x8=
Subject key identifier: 88:E7:99:AB:CE:81:00:0B:98:E0:CF:C8:E0:7C:F1:5B:D3:6A:8E:C4
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 09F6
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/iOeZq86BAAuY4M_I4HzxW9NqjsQ.roa
Signing time: Tue 20 May 2025 08:38:56 +0000
ROA not before: Tue 20 May 2025 08:38:56 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2550 (0x9f6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 20 08:38:56 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=88E799ABCE81000B98E0CFC8E07CF15BD36A8EC4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:13:48:9d:0d:20:a2:c3:68:5a:1b:b3:68:4a:
84:4d:9c:6b:6c:23:71:d9:88:d1:e6:8e:d1:3f:43:
16:09:30:4b:8b:34:c3:b2:be:ab:cc:c6:c5:97:62:
0d:81:88:22:e2:d8:ba:a9:4c:39:24:ff:2d:4f:18:
91:4e:7f:3a:c0:b9:ef:9b:26:e6:bc:7c:33:d5:ca:
8d:d0:87:6a:77:a8:83:51:20:5b:0b:1d:4c:d3:57:
23:3e:8e:1d:7b:9f:67:59:2d:55:45:32:7d:90:4c:
49:39:14:b0:11:16:a4:52:5c:3f:e6:ac:56:24:7e:
7b:10:de:4d:79:ab:42:b2:e4:8e:d7:c0:a3:09:8b:
e6:e1:af:8c:e1:0b:53:4e:3f:91:4f:9c:2d:ee:ff:
ca:c0:a7:59:71:08:4c:0d:7c:3f:43:97:4f:02:6c:
4c:2a:f2:8b:91:ce:e5:1e:2b:eb:b4:7f:cc:69:18:
a3:00:f0:5f:c1:9b:97:cb:a3:e6:79:70:95:44:62:
a6:70:2f:83:ca:87:b0:35:94:32:a5:fd:11:9a:3f:
5a:78:3b:1f:87:19:8c:24:54:2e:46:ac:19:01:83:
97:53:ee:25:78:76:aa:26:35:7d:c1:8d:ec:61:07:
7e:4e:82:b6:80:56:b9:2c:a9:bc:40:1d:da:36:80:
eb:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:E7:99:AB:CE:81:00:0B:98:E0:CF:C8:E0:7C:F1:5B:D3:6A:8E:C4
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/iOeZq86BAAuY4M_I4HzxW9NqjsQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
7c:3d:3a:1c:c1:04:a3:28:ce:a6:84:92:d3:41:5f:dc:18:9b:
00:1d:4a:b6:a4:59:6f:4d:90:26:4c:4f:96:60:1d:3a:c2:aa:
c0:9a:25:db:96:b0:59:0d:81:b9:63:c0:7a:69:ef:f2:72:07:
4e:73:54:6b:b5:e9:2d:9a:a4:24:2f:e5:15:e0:84:d6:3e:6c:
cb:da:90:d7:e7:9d:79:2e:87:6d:4c:e9:aa:4d:c0:b6:49:1b:
c5:d1:f9:63:52:ed:be:02:cb:ef:7d:5e:f8:da:04:70:86:81:
36:14:85:ff:be:c9:8f:dc:1f:6d:d2:43:b2:d4:1e:5e:cb:8a:
fc:2f:b0:a1:cf:db:d4:30:76:c7:4a:19:e7:21:87:25:20:fb:
b3:ea:3f:2c:8b:42:26:09:32:23:49:bb:5c:e2:e8:ed:03:d0:
d4:93:fc:3c:b1:69:54:2c:ea:28:b7:40:aa:b0:db:23:fd:0e:
fc:f8:d9:f5:a4:5a:9c:d6:fe:86:49:02:8f:1a:84:f9:40:7f:
6d:73:ca:a9:1f:08:48:68:89:a4:d1:68:be:16:f8:98:cf:1e:
61:26:88:05:86:29:8e:70:64:a4:28:6c:da:94:77:f3:00:c5:
5d:9a:31:37:d1:15:b1:3a:cf:db:ac:d2:39:4f:e0:7e:55:22:
0c:8c:50:69
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICCfYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjAw
ODM4NTZaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDg4RTc5OUFCQ0U4MTAw
MEI5OEUwQ0ZDOEUwN0NGMTVCRDM2QThFQzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDuE0idDSCiw2haG7NoSoRNnGtsI3HZiNHmjtE/QxYJMEuLNMOy
vqvMxsWXYg2BiCLi2LqpTDkk/y1PGJFOfzrAue+bJua8fDPVyo3Qh2p3qINRIFsL
HUzTVyM+jh17n2dZLVVFMn2QTEk5FLARFqRSXD/mrFYkfnsQ3k15q0Ky5I7XwKMJ
i+bhr4zhC1NOP5FPnC3u/8rAp1lxCEwNfD9Dl08CbEwq8ouRzuUeK+u0f8xpGKMA
8F/Bm5fLo+Z5cJVEYqZwL4PKh7A1lDKl/RGaP1p4Ox+HGYwkVC5GrBkBg5dT7iV4
dqomNX3BjexhB35OgraAVrksqbxAHdo2gOv1AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUiOeZq86BAAuY4M/I4HzxW9NqjsQwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9pT2VacTg2QkFBdVk0TV9J
NEh6eFc5TnFqc1Eucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAHw9OhzBBKMozqaEktNBX9wYmwAdSrakWW9N
kCZMT5ZgHTrCqsCaJduWsFkNgbljwHpp7/JyB05zVGu16S2apCQv5RXghNY+bMva
kNfnnXkuh21M6apNwLZJG8XR+WNS7b4Cy+99XvjaBHCGgTYUhf++yY/cH23SQ7LU
Hl7LivwvsKHP29QwdsdKGechhyUg+7PqPyyLQiYJMiNJu1zi6O0D0NST/DyxaVQs
6ii3QKqw2yP9Dvz42fWkWpzW/oZJAo8ahPlAf21zyqkfCEhoiaTRaL4W+JjPHmEm
iAWGKY5wZKQobNqUd/MAxV2aMTfRFbE6z9us0jlP4H5VIgyMUGk=
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:14:02 2025 by rpki-client