Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/Q2NXfSwx1B1ZLgc907zNrH9sXXA.roa
File: Q2NXfSwx1B1ZLgc907zNrH9sXXA.roa (raw, json)
Hash identifier: +Sar2aMLVXUvsxmUB8PgJXFq86qOqsG25ixfqw88P5Q=
Subject key identifier: 43:63:57:7D:2C:31:D4:1D:59:2E:07:3D:D3:BC:CD:AC:7F:6C:5D:70
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 06CA
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Q2NXfSwx1B1ZLgc907zNrH9sXXA.roa
Signing time: Fri 16 May 2025 03:08:03 +0000
ROA not before: Fri 16 May 2025 03:08:03 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1738 (0x6ca)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 16 03:08:03 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=4363577D2C31D41D592E073DD3BCCDAC7F6C5D70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:72:bc:5d:bc:12:79:d6:19:60:39:25:d3:4d:
7b:b7:2b:3a:14:e6:6f:5d:55:c2:5b:48:83:0d:bb:
cc:75:51:ee:52:16:6a:4d:ab:01:45:bb:e2:c7:c0:
02:96:01:0e:fd:e7:eb:12:62:68:7e:c3:4e:07:a4:
32:61:94:2c:02:4f:32:34:6d:55:21:5f:ea:63:71:
b0:aa:67:96:95:bd:e0:64:bb:fa:8f:2e:a2:c4:58:
47:3c:95:50:8f:71:e3:a2:55:90:be:97:49:a0:ff:
4d:e7:55:b3:06:52:41:5f:00:85:a0:96:aa:b8:0c:
6e:4b:de:88:2a:ef:ec:3c:57:c2:5d:fa:a4:00:d3:
1b:ce:b3:f3:ca:58:5e:4e:0d:6b:e0:5e:5f:48:17:
3f:74:1f:bc:33:30:cd:11:fe:ae:77:1e:38:4e:65:
62:1d:df:8d:0f:6b:0b:86:7d:87:1b:4b:de:9f:6c:
8d:26:e2:5e:70:0a:73:c0:b7:94:4b:73:46:b3:f7:
3a:0f:c1:73:41:78:97:1a:b4:2a:46:68:05:4d:6f:
d7:51:80:52:2c:3c:43:e2:94:00:3b:f1:1c:ba:e5:
d3:7e:f8:c4:16:8d:03:a3:c4:e1:43:20:97:e5:95:
f0:3c:d6:fc:c0:92:3a:cb:29:91:c6:1d:14:a8:db:
5b:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:63:57:7D:2C:31:D4:1D:59:2E:07:3D:D3:BC:CD:AC:7F:6C:5D:70
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Q2NXfSwx1B1ZLgc907zNrH9sXXA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
68:d3:e7:36:b3:f8:48:56:c2:d1:e3:0f:d5:42:05:61:c3:34:
21:fc:c4:d6:7c:13:6d:af:50:e9:73:61:9e:27:f2:43:88:43:
64:eb:1f:0b:e7:9e:34:d9:31:1c:1b:aa:b6:7e:41:39:1e:53:
86:da:92:3d:16:27:63:b1:9d:17:8e:0c:07:15:74:62:49:4b:
f4:96:07:e0:99:49:a0:4d:47:1b:12:cc:c4:d6:26:8b:14:49:
6e:11:73:63:02:6a:0f:ec:83:24:e4:5d:b3:8f:da:f7:a7:f8:
b5:37:2d:17:82:90:e2:41:b3:cd:c5:3c:ed:e4:57:f6:ef:b5:
f1:29:2e:8f:a5:31:31:52:e8:5a:93:0a:8c:1c:16:62:a8:6c:
f2:d9:5c:1e:4c:1f:ec:61:0e:25:f5:5b:72:db:f0:86:5c:c5:
94:63:37:d4:79:76:c1:69:ac:23:35:15:10:17:6d:97:2e:98:
5e:13:dd:3d:13:10:cc:63:6d:35:0f:a6:7b:f6:54:bd:c5:c1:
c5:3f:71:e0:1a:bd:db:c8:3b:74:83:27:b1:ca:74:78:52:07:
3b:2c:ee:6d:e9:7b:ec:0e:09:1b:c7:6e:7f:fc:9e:d3:78:78:
c2:27:f5:3b:4e:8b:71:d9:a5:25:52:cd:77:f8:58:8f:d7:e6:
d8:cc:0c:dd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBsowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTYw
MzA4MDNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDQzNjM1NzdEMkMzMUQ0
MUQ1OTJFMDczREQzQkNDREFDN0Y2QzVENzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQcrxdvBJ51hlgOSXTTXu3KzoU5m9dVcJbSIMNu8x1Ue5SFmpN
qwFFu+LHwAKWAQ795+sSYmh+w04HpDJhlCwCTzI0bVUhX+pjcbCqZ5aVveBku/qP
LqLEWEc8lVCPceOiVZC+l0mg/03nVbMGUkFfAIWglqq4DG5L3ogq7+w8V8Jd+qQA
0xvOs/PKWF5ODWvgXl9IFz90H7wzMM0R/q53HjhOZWId340PawuGfYcbS96fbI0m
4l5wCnPAt5RLc0az9zoPwXNBeJcatCpGaAVNb9dRgFIsPEPilAA78Ry65dN++MQW
jQOjxOFDIJfllfA81vzAkjrLKZHGHRSo21vPAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUQ2NXfSwx1B1ZLgc907zNrH9sXXAwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9RMk5YZlN3eDFCMVpMZ2M5
MDd6TnJIOXNYWEEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAGjT5zaz+EhWwtHjD9VCBWHDNCH8xNZ8E22v
UOlzYZ4n8kOIQ2TrHwvnnjTZMRwbqrZ+QTkeU4bakj0WJ2OxnReODAcVdGJJS/SW
B+CZSaBNRxsSzMTWJosUSW4Rc2MCag/sgyTkXbOP2ven+LU3LReCkOJBs83FPO3k
V/bvtfEpLo+lMTFS6FqTCowcFmKobPLZXB5MH+xhDiX1W3Lb8IZcxZRjN9R5dsFp
rCM1FRAXbZcumF4T3T0TEMxjbTUPpnv2VL3FwcU/ceAavdvIO3SDJ7HKdHhSBzss
7m3pe+wOCRvHbn/8ntN4eMIn9TtOi3HZpSVSzXf4WI/X5tjMDN0=
-----END CERTIFICATE-----
Generated at Mon May 19 03:48:35 2025 by rpki-client