Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/FkVKwq4rxeUnns_2K3f0MREM5xc.roa
File: FkVKwq4rxeUnns_2K3f0MREM5xc.roa (raw, json)
Hash identifier: Sf5/rBijCi2DttqCY/IEyMdST1ll4oTlF0LsCN1LxRw=
Subject key identifier: 16:45:4A:C2:AE:2B:C5:E5:27:9E:CF:F6:2B:77:F4:31:11:0C:E7:17
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 041E
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/FkVKwq4rxeUnns_2K3f0MREM5xc.roa
Signing time: Mon 12 May 2025 13:38:04 +0000
ROA not before: Mon 12 May 2025 13:38:04 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1054 (0x41e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 12 13:38:04 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=16454AC2AE2BC5E5279ECFF62B77F431110CE717
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:a3:3c:28:f2:12:86:c7:51:6a:76:49:4d:b9:
42:92:e4:7d:2e:48:66:7c:da:e9:8f:37:fa:43:24:
a8:9b:cf:5f:d9:de:c3:9b:fe:2b:a4:3f:90:37:91:
dd:85:ec:c7:83:e3:8b:de:61:97:9e:5b:51:33:5d:
2d:d0:3e:e3:07:59:d3:68:46:c3:f7:db:6f:bb:4a:
14:da:f5:f6:55:20:f5:cf:b8:5e:f8:b2:fd:a0:c6:
fb:5b:9e:ad:3a:4c:95:33:16:bb:cd:a8:bd:b2:b8:
a8:85:5a:59:30:77:cb:ef:d6:85:91:8d:7f:fd:95:
cf:1b:1b:c5:2e:50:fc:73:66:12:c6:69:66:59:77:
73:c6:fa:de:20:a1:be:cd:fb:08:17:7e:d1:fe:64:
e0:3c:d4:85:1f:2c:9e:6a:a6:30:da:bb:13:49:68:
4a:76:d1:15:d9:c9:9f:7c:f9:e5:d4:0d:3b:cf:a9:
84:87:6f:37:c3:71:75:23:c4:12:22:a3:a0:96:9f:
89:ee:c4:6c:b9:8c:87:b9:57:59:73:fb:09:d0:bd:
9e:98:f3:bf:55:3a:2a:bf:cb:f1:ac:05:dc:f2:cf:
c8:8c:ac:56:14:e6:d1:69:8f:87:f2:05:aa:46:9f:
f5:89:7e:a9:93:1c:65:4a:63:ea:8f:c8:26:d2:76:
1a:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:45:4A:C2:AE:2B:C5:E5:27:9E:CF:F6:2B:77:F4:31:11:0C:E7:17
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/FkVKwq4rxeUnns_2K3f0MREM5xc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
9f:5c:81:8c:6b:f3:8c:0b:de:23:55:1d:bf:4c:a3:09:8c:38:
2c:68:ac:2c:3c:ae:fd:06:34:6c:9c:df:50:cb:4c:d4:0c:1a:
ad:a3:94:c6:4c:99:29:ba:b9:0a:8b:0b:d0:a5:46:8b:7d:82:
57:d3:bd:c2:61:94:4c:4b:60:b3:44:fa:ac:a2:fa:e2:6d:8e:
94:45:c5:bb:55:20:79:1f:79:20:75:1e:8d:ed:f7:79:23:35:
87:5e:39:28:aa:50:d8:d5:f9:ee:5c:cd:2e:84:3b:4f:7c:67:
e5:c4:5d:74:1d:24:8c:08:89:1b:3a:96:4c:23:6e:34:77:5a:
c5:b4:dc:78:b1:ee:f9:8f:7d:2a:ad:77:48:ab:18:9b:09:d8:
2b:db:65:a1:9f:78:70:46:6d:5a:3b:eb:5d:78:fc:fd:3a:ab:
c8:1f:f8:b3:a2:15:c4:fd:b1:65:7c:3e:f5:a2:c0:a8:1f:a0:
b1:39:0d:21:3e:76:d8:33:b3:3c:12:41:ac:e7:f8:c1:01:f7:
76:f8:43:2e:ba:be:8b:a0:08:02:07:9b:19:24:f4:57:d4:c0:
1a:24:90:fb:fe:77:4d:a2:d5:2e:2c:4f:90:70:9b:a8:3c:17:
89:a5:cd:5d:08:eb:dd:e5:5a:f6:db:59:85:82:d7:03:6d:61:
4f:b5:af:dd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBB4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTIx
MzM4MDRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDE2NDU0QUMyQUUyQkM1
RTUyNzlFQ0ZGNjJCNzdGNDMxMTEwQ0U3MTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDeozwo8hKGx1FqdklNuUKS5H0uSGZ82umPN/pDJKibz1/Z3sOb
/iukP5A3kd2F7MeD44veYZeeW1EzXS3QPuMHWdNoRsP322+7ShTa9fZVIPXPuF74
sv2gxvtbnq06TJUzFrvNqL2yuKiFWlkwd8vv1oWRjX/9lc8bG8UuUPxzZhLGaWZZ
d3PG+t4gob7N+wgXftH+ZOA81IUfLJ5qpjDauxNJaEp20RXZyZ98+eXUDTvPqYSH
bzfDcXUjxBIio6CWn4nuxGy5jIe5V1lz+wnQvZ6Y879VOiq/y/GsBdzyz8iMrFYU
5tFpj4fyBapGn/WJfqmTHGVKY+qPyCbSdhqVAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUFkVKwq4rxeUnns/2K3f0MREM5xcwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9Ga1ZLd3E0cnhlVW5uc18y
SzNmME1SRU01eGMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAJ9cgYxr84wL3iNVHb9MowmMOCxorCw8rv0G
NGyc31DLTNQMGq2jlMZMmSm6uQqLC9ClRot9glfTvcJhlExLYLNE+qyi+uJtjpRF
xbtVIHkfeSB1Ho3t93kjNYdeOSiqUNjV+e5czS6EO098Z+XEXXQdJIwIiRs6lkwj
bjR3WsW03Hix7vmPfSqtd0irGJsJ2CvbZaGfeHBGbVo76114/P06q8gf+LOiFcT9
sWV8PvWiwKgfoLE5DSE+dtgzszwSQazn+MEB93b4Qy66vougCAIHmxkk9FfUwBok
kPv+d02i1S4sT5Bwm6g8F4mlzV0I693lWvbbWYWC1wNtYU+1r90=
-----END CERTIFICATE-----
Generated at Sun May 18 13:14:54 2025 by rpki-client