Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/xyApoy82FHlGAiynoIBWMN8KQ0E.roa
File: xyApoy82FHlGAiynoIBWMN8KQ0E.roa (raw, json)
Hash identifier: yKn3d+upAgTdgrq9cQKRUDuv6Gts/MlYCBd3M4P5YO8=
Subject key identifier: C7:20:29:A3:2F:36:14:79:46:02:2C:A7:A0:80:56:30:DF:0A:43:41
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: F6
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/xyApoy82FHlGAiynoIBWMN8KQ0E.roa
Signing time: Thu 08 May 2025 08:37:42 +0000
ROA not before: Thu 08 May 2025 08:37:42 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 246 (0xf6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 8 08:37:42 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=C72029A32F36147946022CA7A0805630DF0A4341
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:9a:71:4e:96:ea:cd:3d:b3:04:b9:c5:d7:09:
68:53:4d:f9:fd:23:a1:12:eb:8c:7a:21:fe:cc:91:
fd:75:14:bd:c1:b2:a2:4d:d4:85:26:cc:af:92:8a:
e8:cb:ce:90:94:7c:bf:4b:b7:cb:34:1d:1a:11:ae:
2d:20:cc:21:76:70:bc:81:8c:d1:da:11:8f:72:79:
1e:ee:d6:b1:bc:7b:cf:48:93:f7:cf:61:41:a7:13:
a5:97:ab:e7:f2:c4:e4:04:78:f8:f0:0e:d0:ed:76:
93:18:a2:f8:cc:3a:d3:78:71:94:25:26:99:32:ee:
93:82:de:4f:70:5c:5e:6a:d9:63:cc:48:2f:2c:34:
a6:71:cc:08:cc:84:35:68:18:3d:96:f5:71:4b:15:
25:8e:81:ca:4b:7c:13:40:28:88:97:fa:2f:2f:2b:
92:8f:1a:82:0a:97:27:03:a5:75:26:93:e2:b9:7f:
42:0d:7e:5f:4d:c9:6f:c5:b3:b6:f2:09:f2:b7:c5:
db:62:42:dc:1c:58:44:6b:bc:c7:2e:14:10:c4:f9:
ba:30:98:42:39:ac:d2:79:21:28:91:49:09:c3:84:
3e:aa:9b:90:2d:16:79:4a:51:1a:da:4d:57:61:ad:
89:1b:6e:05:92:f2:f5:8e:59:6d:ab:cb:6c:3c:fd:
4f:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:20:29:A3:2F:36:14:79:46:02:2C:A7:A0:80:56:30:DF:0A:43:41
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/xyApoy82FHlGAiynoIBWMN8KQ0E.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
98:50:be:a8:62:1d:88:6e:38:f9:50:14:a3:26:d1:1f:9d:14:
3a:73:6b:cc:2e:75:c8:c3:f2:a6:35:01:be:52:8d:85:a3:9c:
91:2a:df:f6:96:bb:eb:99:7c:08:1a:bd:d0:75:4c:12:61:47:
51:72:99:1f:d9:89:81:30:51:33:d6:8a:df:5c:2f:6d:d5:3d:
18:51:61:f9:64:e1:d6:d5:eb:55:ca:13:46:cb:d5:32:98:d2:
19:b5:39:38:55:60:fe:dd:79:b3:78:1a:12:ab:45:ba:cb:e5:
47:57:86:35:7b:e4:73:cb:5b:7c:8f:04:55:84:de:1a:42:ab:
a7:49:f5:79:cc:61:1f:bd:4a:9d:75:01:e8:af:e0:9d:10:90:
f0:8c:9b:ee:2f:2f:a8:78:46:0f:13:16:9f:18:0e:b5:24:0b:
c2:db:3d:f1:09:81:39:28:db:9e:2b:95:29:d6:97:85:54:88:
88:e4:ab:a6:60:91:a1:18:01:59:eb:5e:e9:56:57:ac:20:86:
c7:db:6a:84:56:d0:e9:a6:f9:27:7e:1c:0b:9a:61:fa:b3:c9:
7f:45:32:4f:82:05:be:4c:a3:3e:ad:8c:90:a1:e4:58:a0:b0:
4e:fa:bf:d8:c9:03:bf:7e:ef:d9:e5:c7:b2:ee:35:b1:68:29:
aa:b2:5a:e2
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAPYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MDgw
ODM3NDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEM3MjAyOUEzMkYzNjE0
Nzk0NjAyMkNBN0EwODA1NjMwREYwQTQzNDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhmnFOlurNPbMEucXXCWhTTfn9I6ES64x6If7Mkf11FL3BsqJN
1IUmzK+SiujLzpCUfL9Lt8s0HRoRri0gzCF2cLyBjNHaEY9yeR7u1rG8e89Ik/fP
YUGnE6WXq+fyxOQEePjwDtDtdpMYovjMOtN4cZQlJpky7pOC3k9wXF5q2WPMSC8s
NKZxzAjMhDVoGD2W9XFLFSWOgcpLfBNAKIiX+i8vK5KPGoIKlycDpXUmk+K5f0IN
fl9NyW/Fs7byCfK3xdtiQtwcWERrvMcuFBDE+bowmEI5rNJ5ISiRSQnDhD6qm5At
FnlKURraTVdhrYkbbgWS8vWOWW2ry2w8/U8xAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUxyApoy82FHlGAiynoIBWMN8KQ0EwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni94eUFwb3k4MkZIbEdBaXlu
b0lCV01OOEtRMEUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAJhQvqhiHYhuOPlQFKMm0R+dFDpza8wudcjD
8qY1Ab5SjYWjnJEq3/aWu+uZfAgavdB1TBJhR1FymR/ZiYEwUTPWit9cL23VPRhR
Yflk4dbV61XKE0bL1TKY0hm1OThVYP7debN4GhKrRbrL5UdXhjV75HPLW3yPBFWE
3hpCq6dJ9XnMYR+9Sp11Aeiv4J0QkPCMm+4vL6h4Rg8TFp8YDrUkC8LbPfEJgTko
254rlSnWl4VUiIjkq6ZgkaEYAVnrXulWV6wghsfbaoRW0Omm+Sd+HAuaYfqzyX9F
Mk+CBb5Moz6tjJCh5FigsE76v9jJA79+79nlx7LuNbFoKaqyWuI=
-----END CERTIFICATE-----
Generated at Sun May 18 13:01:21 2025 by rpki-client