Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/h4PkLZYmOjhjlWnlG6dpnW3DrHE.roa
File: h4PkLZYmOjhjlWnlG6dpnW3DrHE.roa (raw, json)
Hash identifier: R+WznpNILBgqc1o3nuZ5hqtIlr+E0SJxpZ3Ae1xt98I=
Subject key identifier: 87:83:E4:2D:96:26:3A:38:63:95:69:E5:1B:A7:69:9D:6D:C3:AC:71
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0446
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/h4PkLZYmOjhjlWnlG6dpnW3DrHE.roa
Signing time: Mon 12 May 2025 18:38:06 +0000
ROA not before: Mon 12 May 2025 18:38:06 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1094 (0x446)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 12 18:38:06 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=8783E42D96263A38639569E51BA7699D6DC3AC71
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:a6:60:1a:6a:b6:58:52:a0:be:62:f8:66:a9:
d5:79:46:bd:f8:ff:c1:82:18:33:ea:1c:7f:5a:18:
60:4b:22:44:97:f2:23:20:08:4f:9f:85:ba:1f:c0:
7b:23:f6:6d:db:7f:fa:dc:a0:28:5e:0d:c7:95:3b:
9a:6d:c3:b5:ff:f8:37:c2:a0:b4:85:62:53:c0:0a:
f0:a8:86:48:64:62:33:52:32:d5:6d:05:59:ac:b8:
0c:e0:f0:95:3d:cf:71:e5:4a:61:b3:ff:a7:5a:8f:
79:a4:9b:9b:29:eb:ab:e0:83:9d:64:95:d5:ca:7b:
48:c4:21:5e:96:28:60:52:df:73:5e:92:b8:a1:a4:
f2:20:1c:4e:51:88:df:6e:c4:43:5e:8b:d8:87:eb:
f3:ee:e9:96:50:48:e0:c3:17:16:f7:b2:f0:25:9b:
5b:f0:4b:b7:9b:bc:29:cd:54:ba:6f:12:1b:49:c0:
0c:0f:e8:ff:b5:c4:57:f8:8c:b4:73:1f:f6:41:08:
6b:30:4c:9f:70:ea:13:03:88:0b:2d:e8:34:05:0b:
ab:9f:7d:71:78:20:1b:3e:09:70:04:b3:9b:e6:0b:
de:63:89:80:75:83:9d:ca:c6:fc:3d:63:b6:0b:04:
f1:bc:cb:bc:3c:d2:fb:2d:d2:fc:5f:2c:31:68:36:
82:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:83:E4:2D:96:26:3A:38:63:95:69:E5:1B:A7:69:9D:6D:C3:AC:71
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/h4PkLZYmOjhjlWnlG6dpnW3DrHE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
42:ef:00:ee:02:b5:d9:77:d6:44:00:40:60:69:1a:e1:19:86:
0a:0a:1b:ee:01:be:6e:6d:63:fc:08:06:f0:93:81:41:cb:6f:
1c:2f:da:39:a8:2b:0e:51:c8:f5:97:37:29:b6:09:14:22:ec:
9d:54:24:a1:3d:fc:e5:5f:90:56:00:f2:f2:47:f1:0b:83:61:
e0:55:29:e8:8c:54:c8:ea:9f:7d:1e:da:0b:11:e3:21:dc:1e:
b1:3c:37:0a:60:28:4b:7f:20:3e:c1:62:47:6d:00:e9:54:c8:
51:94:71:d0:6d:36:b2:d5:ab:a4:97:54:05:07:91:0f:bb:3a:
c0:42:c7:ed:56:ae:fb:3c:73:81:19:99:d3:41:a5:16:9d:0c:
2d:88:56:d9:1e:06:dc:25:ed:5b:0a:5c:94:97:d8:e5:09:48:
fb:46:7d:da:57:68:33:96:b8:e0:87:c5:ce:87:dd:61:98:41:
4b:77:5c:f8:61:39:cb:29:a0:2a:e6:ab:2c:17:d2:51:55:54:
f3:60:57:5a:f1:d5:4f:13:7c:87:f1:12:53:b0:9d:7f:4e:c6:
95:1c:1c:53:ee:03:4c:1d:a3:64:d3:ef:cf:12:bf:67:e9:32:
2c:01:28:c2:da:f5:bd:27:ee:e8:7c:75:7a:bf:0b:ec:f7:2c:
63:ca:9a:b9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBEYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTIx
ODM4MDZaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDg3ODNFNDJEOTYyNjNB
Mzg2Mzk1NjlFNTFCQTc2OTlENkRDM0FDNzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhpmAaarZYUqC+YvhmqdV5Rr34/8GCGDPqHH9aGGBLIkSX8iMg
CE+fhbofwHsj9m3bf/rcoCheDceVO5ptw7X/+DfCoLSFYlPACvCohkhkYjNSMtVt
BVmsuAzg8JU9z3HlSmGz/6daj3mkm5sp66vgg51kldXKe0jEIV6WKGBS33Nekrih
pPIgHE5RiN9uxENei9iH6/Pu6ZZQSODDFxb3svAlm1vwS7ebvCnNVLpvEhtJwAwP
6P+1xFf4jLRzH/ZBCGswTJ9w6hMDiAst6DQFC6uffXF4IBs+CXAEs5vmC95jiYB1
g53Kxvw9Y7YLBPG8y7w80vst0vxfLDFoNoKxAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUh4PkLZYmOjhjlWnlG6dpnW3DrHEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9oNFBrTFpZbU9qaGpsV25s
RzZkcG5XM0RySEUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAELvAO4Ctdl31kQAQGBpGuEZhgoKG+4Bvm5t
Y/wIBvCTgUHLbxwv2jmoKw5RyPWXNym2CRQi7J1UJKE9/OVfkFYA8vJH8QuDYeBV
KeiMVMjqn30e2gsR4yHcHrE8NwpgKEt/ID7BYkdtAOlUyFGUcdBtNrLVq6SXVAUH
kQ+7OsBCx+1Wrvs8c4EZmdNBpRadDC2IVtkeBtwl7VsKXJSX2OUJSPtGfdpXaDOW
uOCHxc6H3WGYQUt3XPhhOcspoCrmqywX0lFVVPNgV1rx1U8TfIfxElOwnX9OxpUc
HFPuA0wdo2TT788Sv2fpMiwBKMLa9b0n7uh8dXq/C+z3LGPKmrk=
-----END CERTIFICATE-----
Generated at Sun May 18 01:57:41 2025 by rpki-client