Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/4_JWKoLkddAxya02FZksytGXfn0.roa
File: 4_JWKoLkddAxya02FZksytGXfn0.roa (raw, json)
Hash identifier: 91ViccvGab7U5QbLIs+K4JmftSPtq+e7BUgNjc10fqo=
Subject key identifier: E3:F2:56:2A:82:E4:75:D0:31:C9:AD:36:15:99:2C:CA:D1:97:7E:7D
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0306
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/4_JWKoLkddAxya02FZksytGXfn0.roa
Signing time: Sun 11 May 2025 02:37:56 +0000
ROA not before: Sun 11 May 2025 02:37:56 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 774 (0x306)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 11 02:37:56 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=E3F2562A82E475D031C9AD3615992CCAD1977E7D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:92:9e:f5:67:76:27:0a:6b:b2:cf:5b:84:b1:
79:83:de:a4:2b:27:37:9c:24:90:0e:3d:52:fa:94:
d0:90:92:b1:43:5a:b5:26:c0:90:68:8c:6e:e9:6d:
ac:08:a4:aa:bb:c1:dd:58:bc:6b:ea:b8:1e:f8:44:
37:54:d0:31:91:ce:e3:f0:ea:3d:47:0f:0a:3b:ab:
de:09:1f:a5:c0:2c:5b:24:0b:7b:f4:51:b2:2e:10:
66:a9:04:d9:41:f0:2d:c5:9d:01:0c:7d:1f:06:b4:
d5:52:2c:41:e2:f7:8b:17:d9:ed:b6:54:47:e4:63:
a9:46:2c:21:e1:e1:bc:6b:3f:ef:be:e4:5e:bd:bc:
86:3d:2b:c9:44:07:24:85:0b:72:7b:d6:b8:ec:fb:
c8:9b:27:df:21:38:62:c2:80:87:34:3d:71:64:cd:
3b:b8:f5:76:de:8e:da:26:8b:f1:9b:97:07:fb:5f:
1d:f3:b4:e2:9f:f9:e6:ad:d3:50:a2:3c:65:42:37:
25:12:2c:45:d6:f0:07:e0:67:97:74:d6:92:a5:21:
e5:a5:32:0e:7e:5b:10:fd:70:b2:e1:a4:9e:ff:3b:
17:c3:8b:65:aa:6d:59:71:cb:b6:ff:ca:3b:5a:8d:
6b:f5:28:e6:32:bc:41:fe:d4:62:e4:54:26:30:95:
7c:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:F2:56:2A:82:E4:75:D0:31:C9:AD:36:15:99:2C:CA:D1:97:7E:7D
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/4_JWKoLkddAxya02FZksytGXfn0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
92:f4:d7:e5:c7:c3:f9:ed:dd:a3:f7:ed:a5:95:17:fe:33:e0:
b0:ba:35:f1:84:96:51:ec:0c:a9:69:64:fc:81:07:31:f3:6b:
ce:b2:20:87:3f:1d:c7:8b:eb:47:cb:7d:1e:3e:6a:bd:43:3c:
68:1a:cc:be:98:68:e5:90:f7:62:92:4e:24:f2:b5:a9:32:96:
14:18:24:a9:13:fe:11:28:a6:9d:15:19:5f:84:51:71:9b:f1:
99:fe:ef:98:83:42:fa:f1:aa:41:41:ce:48:31:ce:b6:06:f7:
b1:4d:92:1a:af:93:3e:27:47:59:9d:38:5c:86:f5:8c:62:6b:
08:01:1e:02:68:d2:30:57:f0:1a:0b:62:3f:52:85:56:5c:8b:
62:bb:2c:24:96:b0:4c:85:3f:ba:4b:bd:f0:0e:b7:3f:09:c7:
9c:ee:4e:92:69:e7:27:85:c8:7a:81:e6:cc:37:53:97:6d:64:
b2:45:c6:d4:66:78:69:0c:4b:59:d0:f9:b7:45:79:64:8a:64:
74:6d:64:42:f6:05:de:98:33:ae:fc:af:d3:17:78:00:20:6a:
d1:20:f9:da:c1:14:c5:36:7d:d5:0a:e0:fd:b1:bf:0b:f8:ad:
5e:32:85:1b:41:9b:d3:02:0f:8d:df:1c:4c:d8:56:21:15:94:
3a:74:4d:e5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAwYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTEw
MjM3NTZaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEUzRjI1NjJBODJFNDc1
RDAzMUM5QUQzNjE1OTkyQ0NBRDE5NzdFN0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxkp71Z3YnCmuyz1uEsXmD3qQrJzecJJAOPVL6lNCQkrFDWrUm
wJBojG7pbawIpKq7wd1YvGvquB74RDdU0DGRzuPw6j1HDwo7q94JH6XALFskC3v0
UbIuEGapBNlB8C3FnQEMfR8GtNVSLEHi94sX2e22VEfkY6lGLCHh4bxrP+++5F69
vIY9K8lEBySFC3J71rjs+8ibJ98hOGLCgIc0PXFkzTu49Xbejtomi/Gblwf7Xx3z
tOKf+eat01CiPGVCNyUSLEXW8AfgZ5d01pKlIeWlMg5+WxD9cLLhpJ7/OxfDi2Wq
bVlxy7b/yjtajWv1KOYyvEH+1GLkVCYwlXzHAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU4/JWKoLkddAxya02FZksytGXfn0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni80X0pXS29Ma2RkQXh5YTAy
Rlprc3l0R1hmbjAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAJL01+XHw/nt3aP37aWVF/4z4LC6NfGEllHs
DKlpZPyBBzHza86yIIc/HceL60fLfR4+ar1DPGgazL6YaOWQ92KSTiTytakylhQY
JKkT/hEopp0VGV+EUXGb8Zn+75iDQvrxqkFBzkgxzrYG97FNkhqvkz4nR1mdOFyG
9YxiawgBHgJo0jBX8BoLYj9ShVZci2K7LCSWsEyFP7pLvfAOtz8Jx5zuTpJp5yeF
yHqB5sw3U5dtZLJFxtRmeGkMS1nQ+bdFeWSKZHRtZEL2Bd6YM678r9MXeAAgatEg
+drBFMU2fdUK4P2xvwv4rV4yhRtBm9MCD43fHEzYViEVlDp0TeU=
-----END CERTIFICATE-----
Generated at Sat May 17 22:46:41 2025 by rpki-client