Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/XYZ4guIbIpWUhT0zEox5VXMPabk.roa
File: XYZ4guIbIpWUhT0zEox5VXMPabk.roa (raw, json)
Hash identifier: xm5CJ8on4bHb564D+pB0R+lBX0soJmhLms5zPNqM97o=
Subject key identifier: 5D:86:78:82:E2:1B:22:95:94:85:3D:33:12:8C:79:55:73:0F:69:B9
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: DE
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XYZ4guIbIpWUhT0zEox5VXMPabk.roa
Signing time: Thu 08 May 2025 05:37:40 +0000
ROA not before: Thu 08 May 2025 05:37:40 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 222 (0xde)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 8 05:37:40 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=5D867882E21B229594853D33128C7955730F69B9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:ce:0a:88:9e:02:e0:a6:59:1f:05:00:31:27:
a7:be:53:6a:29:fe:84:af:c5:9e:4a:01:56:d7:d5:
c1:8f:0a:78:0e:55:83:26:5d:16:63:bb:82:f6:9d:
5a:1f:b7:a2:90:a3:18:58:63:c8:65:4b:05:e9:ce:
f9:4c:df:a5:55:b1:84:ff:29:b2:b6:98:ec:51:29:
44:00:75:c6:47:4f:c0:8b:7f:2e:e0:98:27:3c:04:
0d:d3:dc:e0:f3:8a:f6:a5:c2:b1:25:6c:87:6d:0b:
20:0a:9e:53:9c:62:35:6b:96:f9:ad:99:b0:ad:84:
d0:dc:69:e2:cb:b3:d9:b0:ce:2c:10:3b:f2:cb:1f:
b5:06:7d:97:80:6e:1f:1a:c6:ec:0d:8f:8e:74:e4:
85:a2:bf:fa:94:fe:69:9a:60:20:6b:a7:cc:98:08:
b2:ea:85:87:6b:94:83:86:78:3c:dd:75:40:6d:e6:
73:11:44:40:10:d0:f2:3f:ca:74:0a:20:d7:cd:5a:
a5:2b:d8:ab:2d:e4:da:f0:3d:34:7f:9c:f2:f1:0f:
22:78:66:81:59:ef:35:d6:75:18:31:3e:d1:51:c4:
9a:04:ac:7b:ec:b8:41:1f:35:71:de:07:a2:c8:62:
40:08:a8:1d:7f:9d:a3:d6:8b:e1:0a:9e:3a:6f:fa:
81:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:86:78:82:E2:1B:22:95:94:85:3D:33:12:8C:79:55:73:0F:69:B9
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XYZ4guIbIpWUhT0zEox5VXMPabk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
81:57:60:7e:9a:44:83:b6:96:53:1e:a9:79:83:46:5d:e3:cd:
54:26:71:76:f7:41:20:3c:c8:36:da:44:36:cc:b2:41:7a:97:
12:28:ef:9e:94:c1:c8:3c:17:05:26:97:e2:3b:7d:a0:fe:4a:
25:e1:36:8e:01:10:ae:3a:91:29:7c:8e:a7:38:0e:48:13:7d:
55:28:8c:79:9e:82:82:b1:7d:f5:17:f5:c8:3c:ff:b3:dc:87:
cd:f3:ad:b5:d9:70:c3:b7:da:42:be:e4:05:71:4c:2a:7b:67:
5e:78:b6:29:13:7d:ac:83:a6:96:57:91:6f:7d:3a:29:a9:7c:
5d:2d:d5:45:40:1d:a3:59:8f:82:7c:72:92:16:17:19:ed:43:
83:6b:aa:ca:bb:a7:b6:cf:0b:a7:6c:e5:2b:00:b4:e0:03:b9:
58:de:58:92:95:7d:a3:e2:51:b6:e9:f1:4f:b4:9a:44:7c:ec:
c5:6f:7b:3f:b3:0e:cf:ad:7e:2a:7b:2f:42:57:a3:ff:e6:8a:
85:c8:94:de:d7:95:2a:1b:7a:6f:9f:84:ba:29:47:6e:a7:92:
cc:8a:1c:6e:29:b8:88:1e:8d:25:1d:8b:1b:6b:34:00:db:01:
cf:39:85:aa:55:b9:e5:f5:ab:32:cd:64:bd:e2:bc:82:d1:8c:
76:7f:cf:13
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAN4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MDgw
NTM3NDBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDVEODY3ODgyRTIxQjIy
OTU5NDg1M0QzMzEyOEM3OTU1NzMwRjY5QjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8zgqIngLgplkfBQAxJ6e+U2op/oSvxZ5KAVbX1cGPCngOVYMm
XRZju4L2nVoft6KQoxhYY8hlSwXpzvlM36VVsYT/KbK2mOxRKUQAdcZHT8CLfy7g
mCc8BA3T3ODzivalwrElbIdtCyAKnlOcYjVrlvmtmbCthNDcaeLLs9mwziwQO/LL
H7UGfZeAbh8axuwNj4505IWiv/qU/mmaYCBrp8yYCLLqhYdrlIOGeDzddUBt5nMR
REAQ0PI/ynQKINfNWqUr2Kst5NrwPTR/nPLxDyJ4ZoFZ7zXWdRgxPtFRxJoErHvs
uEEfNXHeB6LIYkAIqB1/naPWi+EKnjpv+oHLAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUXYZ4guIbIpWUhT0zEox5VXMPabkwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9YWVo0Z3VJYklwV1VoVDB6
RW94NVZYTVBhYmsucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAIFXYH6aRIO2llMeqXmDRl3jzVQmcXb3QSA8
yDbaRDbMskF6lxIo756Uwcg8FwUml+I7faD+SiXhNo4BEK46kSl8jqc4DkgTfVUo
jHmegoKxffUX9cg8/7Pch83zrbXZcMO32kK+5AVxTCp7Z154tikTfayDppZXkW99
OimpfF0t1UVAHaNZj4J8cpIWFxntQ4Nrqsq7p7bPC6ds5SsAtOADuVjeWJKVfaPi
Ubbp8U+0mkR87MVvez+zDs+tfip7L0JXo//mioXIlN7XlSobem+fhLopR26nksyK
HG4puIgejSUdixtrNADbAc85hapVueX1qzLNZL3ivILRjHZ/zxM=
-----END CERTIFICATE-----
Generated at Sat May 17 22:44:48 2025 by rpki-client