Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/2shXTkaaN56csQzfepnDI9Dyftc.roa
File: 2shXTkaaN56csQzfepnDI9Dyftc.roa (raw, json)
Hash identifier: GKT+Uuw9HTKi3GR6UpuRqLwNCnQaUoKl8cC6ui8Rcqo=
Subject key identifier: DA:C8:57:4E:46:9A:37:9E:9C:B1:0C:DF:7A:99:C3:23:D0:F2:7E:D7
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 15C6
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/2shXTkaaN56csQzfepnDI9Dyftc.roa
Signing time: Thu 05 Jun 2025 02:40:03 +0000
ROA not before: Thu 05 Jun 2025 02:40:03 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5574 (0x15c6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 5 02:40:03 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=DAC8574E469A379E9CB10CDF7A99C323D0F27ED7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:18:8c:b3:cb:07:e5:6e:14:a5:b7:ed:fe:07:
21:f9:56:de:be:47:a2:fb:eb:b3:7d:6a:6a:cc:b1:
f0:f6:ca:89:64:b4:c1:e4:d0:82:72:2f:ba:a7:02:
4f:12:38:8f:a7:27:85:a4:c4:22:43:68:fd:02:ed:
c8:f4:3f:35:dd:6a:03:8b:14:0d:6e:1b:14:a3:72:
44:4d:02:73:a3:40:98:13:e6:d9:f0:d0:e7:14:ed:
3c:ad:7e:f5:0c:b5:d5:65:1e:f1:78:55:71:43:1a:
ad:13:c0:52:75:a9:bd:dc:a4:ce:f5:a7:c7:93:49:
3b:0b:54:69:34:11:15:2d:75:64:46:a3:5b:f0:76:
d9:05:c2:96:cd:2d:bc:5b:72:49:87:d8:2f:ff:4a:
4d:a3:bf:df:96:b1:b3:8b:a1:5e:66:4a:82:92:66:
00:3e:dd:ef:e0:b5:66:4f:eb:94:81:e1:97:fa:c6:
46:8f:a8:d3:a9:c7:d8:8a:d9:86:3e:f4:64:8d:b8:
80:25:11:79:d2:0b:1c:65:ff:d5:64:6e:4d:3b:96:
0e:70:1a:49:73:81:ba:99:7b:20:8a:c8:de:1c:ce:
51:21:df:60:ad:1b:bd:d6:7a:47:b4:01:8b:b0:6f:
20:ae:17:20:6c:ff:6d:8a:ee:11:b2:57:6e:56:fc:
37:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:C8:57:4E:46:9A:37:9E:9C:B1:0C:DF:7A:99:C3:23:D0:F2:7E:D7
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/2shXTkaaN56csQzfepnDI9Dyftc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
12:50:a0:fc:3d:3c:83:22:de:b3:b7:42:70:ff:8f:cf:d8:50:
95:94:67:74:fc:ec:54:79:bb:4e:9d:77:f0:ce:2e:44:82:b1:
a1:2a:e6:3b:7d:91:20:f5:5e:53:7f:5f:58:e0:ed:e2:d5:2f:
d6:8f:5a:bb:f3:3a:0c:50:f2:4e:d5:54:ff:d6:f4:f7:57:dd:
0d:c7:45:63:86:65:ac:6f:1d:b6:9c:aa:89:5b:79:ee:c0:58:
2a:0e:3c:96:d7:3d:f7:ea:18:99:b0:71:3c:20:bd:69:af:45:
b4:c1:90:61:da:14:f3:db:17:cd:09:93:6b:e1:13:79:fe:3f:
c3:f6:dd:90:14:b8:fa:dc:0f:5c:32:88:15:22:18:a7:48:32:
83:c2:40:93:87:79:aa:1e:44:fc:41:a5:5f:87:8f:6f:7b:a2:
d7:9a:98:b4:ec:17:37:18:11:23:b6:27:f1:61:9d:38:82:31:
9f:d9:80:a9:31:89:24:07:95:57:f5:05:5e:b9:36:6f:b4:87:
af:fa:17:05:2f:22:58:0a:45:ed:ec:b6:8f:7e:17:0b:22:aa:
fe:ed:cf:93:e9:86:0a:d8:68:6f:d3:88:4b:dc:15:e2:a4:c2:
07:ad:b2:68:81:b7:19:ec:ee:47:f8:c0:7d:04:4f:2a:32:45:
49:40:88:75
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFcYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDUw
MjQwMDNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKERBQzg1NzRFNDY5QTM3
OUU5Q0IxMENERjdBOTlDMzIzRDBGMjdFRDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCGIyzywflbhSlt+3+ByH5Vt6+R6L767N9amrMsfD2yolktMHk
0IJyL7qnAk8SOI+nJ4WkxCJDaP0C7cj0PzXdagOLFA1uGxSjckRNAnOjQJgT5tnw
0OcU7TytfvUMtdVlHvF4VXFDGq0TwFJ1qb3cpM71p8eTSTsLVGk0ERUtdWRGo1vw
dtkFwpbNLbxbckmH2C//Sk2jv9+WsbOLoV5mSoKSZgA+3e/gtWZP65SB4Zf6xkaP
qNOpx9iK2YY+9GSNuIAlEXnSCxxl/9Vkbk07lg5wGklzgbqZeyCKyN4czlEh32Ct
G73Weke0AYuwbyCuFyBs/22K7hGyV25W/DejAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU2shXTkaaN56csQzfepnDI9DyftcwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni8yc2hYVGthYU41NmNzUXpm
ZXBuREk5RHlmdGMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBABJQoPw9PIMi3rO3QnD/j8/YUJWUZ3T87FR5
u06dd/DOLkSCsaEq5jt9kSD1XlN/X1jg7eLVL9aPWrvzOgxQ8k7VVP/W9PdX3Q3H
RWOGZaxvHbacqolbee7AWCoOPJbXPffqGJmwcTwgvWmvRbTBkGHaFPPbF80Jk2vh
E3n+P8P23ZAUuPrcD1wyiBUiGKdIMoPCQJOHeaoeRPxBpV+Hj297oteamLTsFzcY
ESO2J/FhnTiCMZ/ZgKkxiSQHlVf1BV65Nm+0h6/6FwUvIlgKRe3sto9+Fwsiqv7t
z5PphgrYaG/TiEvcFeKkwgetsmiBtxns7kf4wH0ETyoyRUlAiHU=
-----END CERTIFICATE-----
Generated at Sat Jun 21 07:06:07 2025 by rpki-client