Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/bq5xssi2kY991iAEDeXvojbNoD8.roa
File: bq5xssi2kY991iAEDeXvojbNoD8.roa (raw, json)
Hash identifier: BmrZezyA5ouwtv5iNhnDxXswC4T8+4yX5KNpjKuM8pg=
Subject key identifier: 6E:AE:71:B2:C8:B6:91:8F:7D:D6:20:04:0D:E5:EF:A2:36:CD:A0:3F
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 046A
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/bq5xssi2kY991iAEDeXvojbNoD8.roa
Signing time: Mon 12 May 2025 23:07:58 +0000
ROA not before: Mon 12 May 2025 23:07:58 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1130 (0x46a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 12 23:07:58 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=6EAE71B2C8B6918F7DD620040DE5EFA236CDA03F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:9f:7f:b0:08:76:8c:b2:dd:97:a1:d0:36:74:
bd:3f:35:61:a8:c3:40:d9:06:05:9c:d5:6e:78:22:
a0:ef:e3:6d:f5:c6:5b:e8:97:0e:c4:55:44:7d:13:
6a:88:6e:21:7a:07:c1:07:42:68:25:3f:52:54:35:
d4:b4:87:26:85:29:21:20:5a:4a:30:12:4a:8c:a5:
56:37:1a:b2:d3:bc:2b:d9:28:59:58:61:e5:56:6e:
e4:32:3c:bb:4e:1a:d9:65:e3:cb:71:6c:26:06:6f:
1c:aa:53:96:d4:c2:bb:7d:64:96:3b:e5:7b:1b:5f:
83:ce:f8:ae:05:58:7e:76:03:bd:1e:39:60:23:23:
86:20:05:0d:34:ee:4c:e0:ce:f0:f0:8f:9b:c5:ec:
1e:38:1d:3f:bc:63:2a:eb:6d:fb:68:e2:14:45:d8:
0c:82:bd:f8:5a:2c:6b:12:f0:d1:34:f9:00:31:65:
f5:87:31:63:50:d4:9d:19:29:f3:0d:d8:72:0b:a7:
f2:eb:9d:26:06:9a:44:0a:e3:96:5f:4a:3d:3a:77:
31:bf:5a:5a:d3:d3:74:ee:10:e4:a8:7c:44:ab:fe:
f6:b4:48:f5:48:a9:0f:80:b4:16:8f:86:5d:75:82:
60:df:2d:ec:d9:1c:6d:2f:11:9b:e2:7d:17:5d:04:
61:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:AE:71:B2:C8:B6:91:8F:7D:D6:20:04:0D:E5:EF:A2:36:CD:A0:3F
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/bq5xssi2kY991iAEDeXvojbNoD8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
51:76:f0:8a:61:24:eb:14:1e:08:b5:eb:16:3d:ef:0c:76:1d:
a6:c2:7f:78:23:f5:37:e4:79:28:a1:a8:86:1b:8d:63:86:10:
02:4a:77:2f:c1:d3:8c:0d:fc:4d:c2:a4:29:4e:01:ab:e6:b4:
9b:41:93:87:f3:35:1d:71:ee:eb:48:3f:db:99:86:3e:32:eb:
69:87:9d:63:84:f7:f3:be:8e:0f:7b:ed:e7:34:97:44:e0:11:
30:3c:53:3f:fc:29:c2:37:36:04:fc:b4:8e:7f:ce:b7:30:68:
8d:7f:06:14:f3:6e:87:75:a1:84:0c:c6:5b:d6:42:29:e4:99:
7e:37:ac:f7:85:c5:3a:ed:14:70:a5:6b:9d:1d:bc:5f:ac:ce:
97:be:64:2a:2f:9c:38:e6:6f:db:18:1d:bf:3d:bc:77:65:78:
f0:6c:82:09:c3:59:1b:51:07:88:72:6d:9c:d5:db:d2:35:33:
a7:13:ca:d4:58:65:56:7d:a5:e8:fe:7d:d2:9e:b6:95:ac:ca:
f7:45:7e:17:eb:f4:18:71:c5:31:87:77:78:1b:57:6d:c4:e8:
30:07:53:b1:d6:2c:ba:aa:6d:13:c2:66:33:95:a5:af:8f:15:
5b:99:1a:77:62:00:60:df:db:e8:08:96:44:52:02:1d:2e:ac:
6d:9c:58:ac
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBGowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTIy
MzA3NThaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDZFQUU3MUIyQzhCNjkx
OEY3REQ2MjAwNDBERTVFRkEyMzZDREEwM0YwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDjn3+wCHaMst2XodA2dL0/NWGow0DZBgWc1W54IqDv4231xlvo
lw7EVUR9E2qIbiF6B8EHQmglP1JUNdS0hyaFKSEgWkowEkqMpVY3GrLTvCvZKFlY
YeVWbuQyPLtOGtll48txbCYGbxyqU5bUwrt9ZJY75XsbX4PO+K4FWH52A70eOWAj
I4YgBQ007kzgzvDwj5vF7B44HT+8Yyrrbfto4hRF2AyCvfhaLGsS8NE0+QAxZfWH
MWNQ1J0ZKfMN2HILp/LrnSYGmkQK45ZfSj06dzG/WlrT03TuEOSofESr/va0SPVI
qQ+AtBaPhl11gmDfLezZHG0vEZvifRddBGF9AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUbq5xssi2kY991iAEDeXvojbNoD8wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9icTV4c3NpMmtZOTkxaUFF
RGVYdm9qYk5vRDgucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAFF28IphJOsUHgi16xY97wx2HabCf3gj9Tfk
eSihqIYbjWOGEAJKdy/B04wN/E3CpClOAavmtJtBk4fzNR1x7utIP9uZhj4y62mH
nWOE9/O+jg977ec0l0TgETA8Uz/8KcI3NgT8tI5/zrcwaI1/BhTzbod1oYQMxlvW
QinkmX43rPeFxTrtFHCla50dvF+szpe+ZCovnDjmb9sYHb89vHdlePBsggnDWRtR
B4hybZzV29I1M6cTytRYZVZ9pej+fdKetpWsyvdFfhfr9BhxxTGHd3gbV23E6DAH
U7HWLLqqbRPCZjOVpa+PFVuZGndiAGDf2+gIlkRSAh0urG2cWKw=
-----END CERTIFICATE-----
Generated at Sun May 18 09:49:32 2025 by rpki-client