Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/3DTU-xw97trwSTapXPZ3KJu_VLU.roa
File: 3DTU-xw97trwSTapXPZ3KJu_VLU.roa (raw, json)
Hash identifier: fIU3kKjLMKALjorxyCeD3duRwJO897A5/EeR4lTYfI4=
Subject key identifier: DC:34:D4:FB:1C:3D:EE:DA:F0:49:36:A9:5C:F6:77:28:9B:BF:54:B5
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1C56
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/3DTU-xw97trwSTapXPZ3KJu_VLU.roa
Signing time: Fri 13 Jun 2025 20:39:54 +0000
ROA not before: Fri 13 Jun 2025 20:39:54 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7254 (0x1c56)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 13 20:39:54 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=DC34D4FB1C3DEEDAF04936A95CF677289BBF54B5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:ca:b2:b6:b8:e8:30:40:7f:9f:89:bd:ae:a8:
b0:23:ec:3b:c3:8b:f6:09:49:96:35:33:13:6e:bf:
17:26:12:04:28:26:a0:fc:2a:4f:0f:9f:92:5e:6b:
3e:81:a1:be:4a:a0:50:52:28:37:d4:7b:7c:20:2e:
21:85:d6:52:9b:4f:cf:3e:a6:a9:df:28:ad:12:5d:
84:aa:44:6f:7b:ca:bf:54:77:e3:bb:86:62:da:d4:
1a:90:d3:79:66:5a:08:16:d7:a0:bc:0b:8d:27:47:
1b:0f:ad:e8:1d:06:46:a4:9f:16:42:ab:3a:c1:eb:
33:21:0e:5b:05:5d:0f:20:c2:55:7e:3a:69:71:35:
4e:ff:e1:53:51:bc:a3:9d:fa:0d:11:69:40:9c:09:
87:d2:38:9d:c1:7f:5b:b2:fe:c4:5c:c5:ba:5c:5a:
f1:9c:6d:d8:f9:a5:89:e7:a5:9a:ac:60:9c:49:d6:
93:ba:9a:24:7b:0c:4e:14:0e:c3:9b:ed:0a:91:42:
42:67:0b:0d:a6:16:2a:a3:db:b1:7d:cd:25:d5:6b:
09:51:fc:e4:56:5c:ec:44:d3:ca:43:e5:cb:a7:9a:
da:2d:68:8e:16:59:13:50:e2:70:66:32:64:f4:38:
50:8d:82:18:70:2f:f4:ba:2c:c8:1b:18:5f:3a:ad:
d5:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:34:D4:FB:1C:3D:EE:DA:F0:49:36:A9:5C:F6:77:28:9B:BF:54:B5
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/3DTU-xw97trwSTapXPZ3KJu_VLU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
27:21:10:ae:ab:3d:6f:b9:24:d9:3b:45:c8:4a:ed:fe:a6:a2:
69:bf:92:2e:08:09:78:5b:a2:67:ab:4c:e1:6c:79:37:43:81:
86:e7:57:48:9a:77:99:60:95:f5:6c:61:86:35:c5:f6:c1:b4:
48:93:fb:28:c4:5f:fa:76:04:33:b7:30:ab:48:c6:d7:e5:de:
2d:9a:54:9c:26:2f:06:43:14:d3:01:59:96:3f:f7:e2:75:69:
6c:b1:0d:07:6b:97:00:90:74:a9:7a:fe:64:ba:df:47:76:82:
65:ce:34:5b:44:08:79:89:15:e7:2c:cb:22:ce:47:8b:09:61:
65:6e:11:73:1e:7e:84:36:b2:d6:e4:39:57:52:df:b2:ce:f1:
80:0b:bf:dc:5d:25:d7:44:2e:d0:f4:cb:f0:d4:48:10:01:2b:
f6:0d:89:77:43:80:3d:33:99:0b:1b:2e:0d:b5:68:1a:08:36:
a9:3b:4b:39:aa:ef:4b:f2:b1:18:91:de:2d:0e:dd:1b:13:d2:
8c:f7:4f:95:ba:69:fd:24:91:d5:df:f3:15:5f:d0:d7:7d:62:
ef:e5:8d:94:56:c6:61:f6:6f:a2:ff:36:75:71:28:25:42:7a:
5e:5a:a7:7e:d2:13:15:95:c7:dc:bc:c0:97:34:4d:a6:5f:19:
25:d5:66:0b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHFYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTMy
MDM5NTRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKERDMzRENEZCMUMzREVF
REFGMDQ5MzZBOTVDRjY3NzI4OUJCRjU0QjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCTyrK2uOgwQH+fib2uqLAj7DvDi/YJSZY1MxNuvxcmEgQoJqD8
Kk8Pn5Jeaz6Bob5KoFBSKDfUe3wgLiGF1lKbT88+pqnfKK0SXYSqRG97yr9Ud+O7
hmLa1BqQ03lmWggW16C8C40nRxsPregdBkaknxZCqzrB6zMhDlsFXQ8gwlV+Omlx
NU7/4VNRvKOd+g0RaUCcCYfSOJ3Bf1uy/sRcxbpcWvGcbdj5pYnnpZqsYJxJ1pO6
miR7DE4UDsOb7QqRQkJnCw2mFiqj27F9zSXVawlR/ORWXOxE08pD5cunmtotaI4W
WRNQ4nBmMmT0OFCNghhwL/S6LMgbGF86rdWHAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU3DTU+xw97trwSTapXPZ3KJu/VLUwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni8zRFRVLXh3OTd0cndTVGFw
WFBaM0tKdV9WTFUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBACchEK6rPW+5JNk7RchK7f6momm/ki4ICXhb
omerTOFseTdDgYbnV0iad5lglfVsYYY1xfbBtEiT+yjEX/p2BDO3MKtIxtfl3i2a
VJwmLwZDFNMBWZY/9+J1aWyxDQdrlwCQdKl6/mS630d2gmXONFtECHmJFecsyyLO
R4sJYWVuEXMefoQ2stbkOVdS37LO8YALv9xdJddELtD0y/DUSBABK/YNiXdDgD0z
mQsbLg21aBoINqk7Szmq70vysRiR3i0O3RsT0oz3T5W6af0kkdXf8xVf0Nd9Yu/l
jZRWxmH2b6L/NnVxKCVCel5ap37SExWVx9y8wJc0TaZfGSXVZgs=
-----END CERTIFICATE-----
Generated at Sat Jun 21 03:04:44 2025 by rpki-client