Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/pOZ25JKqnMmW8Ka-FYT-x74q2Zc.roa
File: pOZ25JKqnMmW8Ka-FYT-x74q2Zc.roa (raw, json)
Hash identifier: qYk655VNkStHZDvW5/jJyadlu+1P3A0huVGOqNKeyb0=
Subject key identifier: A4:E6:76:E4:92:AA:9C:C9:96:F0:A6:BE:15:84:FE:C7:BE:2A:D9:97
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0B66
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/pOZ25JKqnMmW8Ka-FYT-x74q2Zc.roa
Signing time: Thu 22 May 2025 06:38:26 +0000
ROA not before: Thu 22 May 2025 06:38:26 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2918 (0xb66)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 22 06:38:26 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=A4E676E492AA9CC996F0A6BE1584FEC7BE2AD997
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:8c:c4:e5:9e:36:99:46:86:f5:5a:5e:ca:d4:
25:1d:6b:55:52:ad:2e:c1:b3:08:d2:75:f6:08:7f:
47:c1:74:3e:37:16:6b:8d:7d:20:a5:64:aa:88:66:
3d:e1:c1:70:2a:63:73:4c:0d:c1:4b:5c:f3:0e:c5:
45:c5:18:cc:cf:08:8a:57:72:90:dc:ba:e9:36:7d:
64:b4:16:cd:fb:1a:54:a9:6d:15:83:42:9b:a2:3e:
29:26:d3:c6:ad:67:32:ba:8c:16:bd:1d:98:73:01:
8f:35:5a:08:96:04:49:dd:4c:89:ab:5f:ee:7d:9d:
be:a0:99:d6:2e:db:f7:50:94:50:a5:5d:04:99:e1:
10:55:09:cc:9a:e4:c8:50:52:52:3d:c3:96:7e:cc:
a3:ca:d0:dc:33:f7:6c:5f:6d:c3:96:21:ac:1c:ca:
d3:b0:50:64:cb:b9:2c:22:75:1b:e6:ed:4e:89:e8:
39:63:ba:c4:0d:30:d7:40:39:e3:52:13:5b:96:e2:
a9:bf:9a:a1:88:8d:ea:ed:cc:b1:db:a0:c5:be:2f:
df:9b:9c:f5:41:77:c6:46:45:5d:59:8b:95:b9:52:
a6:69:f3:75:39:87:be:90:94:03:71:78:58:fb:53:
7a:9e:31:4d:e1:02:e3:26:b7:7f:43:67:e7:44:16:
e0:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:E6:76:E4:92:AA:9C:C9:96:F0:A6:BE:15:84:FE:C7:BE:2A:D9:97
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/pOZ25JKqnMmW8Ka-FYT-x74q2Zc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
70:8d:2b:89:3d:d6:85:ba:c0:4b:71:4c:f5:f3:77:c6:1f:c5:
b3:32:31:cd:ff:5f:65:90:a5:e4:55:ec:0b:ca:45:97:89:87:
f2:a5:de:09:d3:31:b5:14:17:ad:83:77:08:4e:60:de:90:bb:
09:17:92:6c:cb:bd:fd:7e:c8:ad:7a:ad:f7:41:57:e6:66:a1:
0d:a8:8a:d1:24:90:29:70:10:0e:91:c7:49:fc:f9:78:0f:8e:
2c:6a:0a:7e:d1:ca:c9:33:d4:e2:90:a5:7f:b8:69:d6:99:34:
c2:d8:58:0a:78:bf:e5:62:c9:32:be:c8:69:6b:ed:2e:b2:6b:
a3:3b:a5:97:37:5f:75:af:e5:86:f7:f9:f1:83:79:fc:e4:d8:
f3:67:9c:82:ab:6c:81:ac:47:65:13:1e:fe:a0:1b:ac:62:d8:
12:fe:26:89:c6:68:b1:31:69:38:8b:2e:ef:4b:e1:fe:31:d4:
99:64:b5:ed:8e:04:bd:02:b5:31:14:46:d6:0e:a2:4d:1e:ba:
a7:0e:99:7b:54:55:87:a8:7f:b5:13:f7:d3:db:f0:af:e8:58:
7e:25:38:1b:ab:43:cb:e7:2b:d1:6a:f6:7c:e8:d0:80:ec:77:
6d:d2:ab:03:53:56:a3:1a:1c:f9:31:2c:ed:33:20:5d:91:83:
0f:8f:fc:e6
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICC2YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjIw
NjM4MjZaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEE0RTY3NkU0OTJBQTlD
Qzk5NkYwQTZCRTE1ODRGRUM3QkUyQUQ5OTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9jMTlnjaZRob1Wl7K1CUda1VSrS7BswjSdfYIf0fBdD43FmuN
fSClZKqIZj3hwXAqY3NMDcFLXPMOxUXFGMzPCIpXcpDcuuk2fWS0Fs37GlSpbRWD
QpuiPikm08atZzK6jBa9HZhzAY81WgiWBEndTImrX+59nb6gmdYu2/dQlFClXQSZ
4RBVCcya5MhQUlI9w5Z+zKPK0Nwz92xfbcOWIawcytOwUGTLuSwidRvm7U6J6Dlj
usQNMNdAOeNSE1uW4qm/mqGIjertzLHboMW+L9+bnPVBd8ZGRV1Zi5W5UqZp83U5
h76QlANxeFj7U3qeMU3hAuMmt39DZ+dEFuDVAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUpOZ25JKqnMmW8Ka+FYT+x74q2ZcwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9wT1oyNUpLcW5NbVc4S2Et
RllULXg3NHEyWmMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAHCNK4k91oW6wEtxTPXzd8YfxbMyMc3/X2WQ
peRV7AvKRZeJh/Kl3gnTMbUUF62DdwhOYN6QuwkXkmzLvf1+yK16rfdBV+ZmoQ2o
itEkkClwEA6Rx0n8+XgPjixqCn7Ryskz1OKQpX+4adaZNMLYWAp4v+ViyTK+yGlr
7S6ya6M7pZc3X3Wv5Yb3+fGDefzk2PNnnIKrbIGsR2UTHv6gG6xi2BL+JonGaLEx
aTiLLu9L4f4x1Jlkte2OBL0CtTEURtYOok0euqcOmXtUVYeof7UT99Pb8K/oWH4l
OBurQ8vnK9Fq9nzo0IDsd23SqwNTVqMaHPkxLO0zIF2Rgw+P/OY=
-----END CERTIFICATE-----
Generated at Wed Jun 4 01:00:08 2025 by rpki-client