Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/ov_3nfAFcQ4MfuyH0VDB4HBjrvM.roa
File: ov_3nfAFcQ4MfuyH0VDB4HBjrvM.roa (raw, json)
Hash identifier: XV6gWDX/6diArD2UFw5uBPEEXFh9tRSDeRd821Uzc8Q=
Subject key identifier: A2:FF:F7:9D:F0:05:71:0E:0C:7E:EC:87:D1:50:C1:E0:70:63:AE:F3
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2136
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ov_3nfAFcQ4MfuyH0VDB4HBjrvM.roa
Signing time: Fri 20 Jun 2025 20:11:42 +0000
ROA not before: Fri 20 Jun 2025 20:11:42 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8502 (0x2136)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 20 20:11:42 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=A2FFF79DF005710E0C7EEC87D150C1E07063AEF3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:8c:30:72:56:a0:19:f3:3e:77:7b:e0:c5:f8:
b3:cd:6c:b6:f3:83:a0:28:59:d7:49:42:57:39:cd:
be:e8:ed:26:e5:6d:df:e7:4a:1f:88:82:de:2d:86:
e5:a1:79:40:32:77:9f:3e:8b:05:3f:7c:ea:7a:36:
39:9d:82:0e:93:fc:4c:8e:ce:c0:e1:27:d2:79:cc:
df:95:b5:78:df:76:c4:0c:74:ce:c3:68:1f:82:72:
2d:45:6a:ec:5d:9f:05:af:83:2f:97:f8:42:f7:51:
d9:f9:87:26:a8:02:e8:66:4c:df:f7:94:5a:4e:1e:
2b:72:b4:34:82:cd:0a:73:d1:68:ba:47:cf:32:61:
43:b9:e7:95:8b:d6:d6:08:c0:2e:d1:0c:49:f9:0e:
46:f2:c6:2d:26:e3:92:f7:21:3a:84:0e:93:ce:0b:
4a:28:50:8b:35:06:9e:72:49:d1:d0:b7:c0:0b:cd:
01:5b:05:42:de:47:79:81:86:ff:3e:f9:01:03:9c:
7a:0f:cb:d5:4a:1d:e8:db:a0:b3:a9:f5:c9:4b:c4:
37:dd:29:81:47:68:6c:dd:8c:02:cb:18:b0:b3:fe:
f2:79:d5:fc:21:a7:b5:71:68:8d:d5:14:84:a9:c0:
e8:67:1e:99:0a:ba:e4:b9:5f:ee:4f:34:b0:4c:b1:
2e:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:FF:F7:9D:F0:05:71:0E:0C:7E:EC:87:D1:50:C1:E0:70:63:AE:F3
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ov_3nfAFcQ4MfuyH0VDB4HBjrvM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
05:da:2c:bd:4b:7c:9d:fe:1a:12:c5:72:11:74:29:48:7e:f6:
05:30:8f:66:00:b2:28:27:63:80:e1:51:f8:7e:a9:92:5e:56:
fb:31:78:fa:2d:33:d6:42:ee:98:51:d6:91:d8:f8:99:8b:8f:
24:37:f0:e3:b6:f0:7b:98:97:30:e3:81:64:cd:5d:06:e0:09:
c4:53:7c:49:f9:47:e3:59:64:2c:1b:72:8a:df:01:64:26:83:
f5:94:c3:b6:94:5b:34:ef:c8:05:b4:ac:1a:f2:2e:2e:6b:ad:
00:38:02:0b:72:c6:c8:74:19:b1:cd:e8:15:15:ba:a1:d2:94:
b2:04:4d:e8:31:01:3e:aa:10:27:90:6d:12:db:63:6f:c6:1d:
6c:30:a8:3a:fb:42:c8:3d:b5:16:12:fa:84:b1:26:41:33:b5:
c6:d9:c1:cf:e7:c0:26:20:ea:e8:79:e8:f7:ff:13:46:9e:9a:
3f:48:fe:21:5f:14:48:35:2a:dd:14:18:2c:6e:90:39:3a:4f:
43:ba:96:5d:aa:87:25:95:cd:f3:03:0a:8e:a9:17:b7:ef:a7:
be:ab:8c:41:37:f2:b8:19:2e:50:6c:50:46:52:4a:4c:20:41:
98:4a:6c:72:a7:9a:e0:5f:02:60:d3:ef:fa:8e:eb:f7:3b:20:
ec:a2:65:d0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICITYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjAy
MDExNDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEEyRkZGNzlERjAwNTcx
MEUwQzdFRUM4N0QxNTBDMUUwNzA2M0FFRjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDmjDByVqAZ8z53e+DF+LPNbLbzg6AoWddJQlc5zb7o7Sblbd/n
Sh+Igt4thuWheUAyd58+iwU/fOp6Njmdgg6T/EyOzsDhJ9J5zN+VtXjfdsQMdM7D
aB+Cci1FauxdnwWvgy+X+EL3Udn5hyaoAuhmTN/3lFpOHitytDSCzQpz0Wi6R88y
YUO555WL1tYIwC7RDEn5Dkbyxi0m45L3ITqEDpPOC0ooUIs1Bp5ySdHQt8ALzQFb
BULeR3mBhv8++QEDnHoPy9VKHejboLOp9clLxDfdKYFHaGzdjALLGLCz/vJ51fwh
p7VxaI3VFISpwOhnHpkKuuS5X+5PNLBMsS7fAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUov/3nfAFcQ4MfuyH0VDB4HBjrvMwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9vdl8zbmZBRmNRNE1mdXlI
MFZEQjRIQmpydk0ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAAXaLL1LfJ3+GhLFchF0KUh+9gUwj2YAsign
Y4DhUfh+qZJeVvsxePotM9ZC7phR1pHY+JmLjyQ38OO28HuYlzDjgWTNXQbgCcRT
fEn5R+NZZCwbcorfAWQmg/WUw7aUWzTvyAW0rBryLi5rrQA4Agtyxsh0GbHN6BUV
uqHSlLIETegxAT6qECeQbRLbY2/GHWwwqDr7Qsg9tRYS+oSxJkEztcbZwc/nwCYg
6uh56Pf/E0aemj9I/iFfFEg1Kt0UGCxukDk6T0O6ll2qhyWVzfMDCo6pF7fvp76r
jEE38rgZLlBsUEZSSkwgQZhKbHKnmuBfAmDT7/qO6/c7IOyiZdA=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:32:09 2025 by rpki-client