Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/AfCvdZyVmIzggoeFo3E2CjDialI.roa
File: AfCvdZyVmIzggoeFo3E2CjDialI.roa (raw, json)
Hash identifier: TtCM0H0q+3njPdFo+Zq9dMDTMpeIsA4m8w3OeJvwB6k=
Subject key identifier: 01:F0:AF:75:9C:95:98:8C:E0:82:87:85:A3:71:36:0A:30:E2:6A:52
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1C62
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/AfCvdZyVmIzggoeFo3E2CjDialI.roa
Signing time: Fri 13 Jun 2025 22:09:56 +0000
ROA not before: Fri 13 Jun 2025 22:09:56 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7266 (0x1c62)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 13 22:09:56 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=01F0AF759C95988CE0828785A371360A30E26A52
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:58:4d:ff:4d:39:f1:e4:54:24:54:a0:31:eb:
bb:f1:7e:ca:09:ad:cf:52:a2:a8:59:83:74:66:7b:
43:e8:7c:9b:81:c5:07:9c:0d:80:19:57:55:65:0d:
01:36:9b:76:d5:d9:a0:de:de:90:9c:06:32:fa:94:
59:db:77:65:bb:32:e3:10:0c:eb:11:99:ef:a5:71:
ab:9b:fb:55:05:af:2f:6a:62:ee:7f:ef:ee:9e:e3:
58:33:27:10:0f:b5:bf:7c:fa:83:6f:dd:34:7e:79:
8d:8a:ca:fd:75:72:6f:b3:f2:22:85:3f:56:43:f8:
9b:fb:9f:c9:fb:53:c2:8f:36:ba:1a:02:85:c6:77:
18:32:60:c1:2e:fb:dd:a3:25:f7:5c:69:ef:4b:fa:
39:eb:1f:c0:3a:b9:52:9d:05:ac:e2:d4:6c:1f:4d:
7d:7d:bf:04:4e:7f:17:04:52:ff:26:19:79:5c:d0:
8c:b1:e0:08:53:3d:2c:bf:d9:cc:65:a0:7f:88:97:
3d:af:2f:ae:3b:f0:02:0a:20:de:23:84:af:9a:f2:
d1:9f:fd:57:35:13:f5:48:e8:ca:76:f4:14:53:c4:
37:c1:62:52:76:25:c3:d9:c0:57:a8:c7:e1:76:2d:
d6:c4:de:38:20:03:e4:8b:7d:57:60:bd:dd:8f:94:
ca:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:F0:AF:75:9C:95:98:8C:E0:82:87:85:A3:71:36:0A:30:E2:6A:52
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/AfCvdZyVmIzggoeFo3E2CjDialI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
29:33:d3:ec:6c:27:62:f4:9f:2b:80:d2:b0:cd:bd:55:91:2a:
6b:46:57:a2:71:cc:49:5d:b4:47:eb:1a:c7:12:70:14:dc:6a:
99:09:14:1f:5e:e1:29:27:09:36:ce:6a:13:a5:70:1c:f3:cb:
5a:f4:5f:4a:80:f5:e0:d8:54:c6:60:ef:8f:39:39:6b:34:fc:
e6:62:05:f9:4a:53:8e:bf:a6:45:6b:a6:46:0b:3e:e5:52:4e:
e2:30:14:a0:3c:9d:92:c2:00:ed:de:fa:d2:47:bb:6d:63:ea:
b2:53:8a:d7:8f:b9:66:15:23:dd:83:62:01:72:a2:f4:2a:14:
3d:58:eb:a2:b4:85:b0:71:de:c5:d6:7f:05:9f:58:ec:a4:8b:
27:dc:01:77:1b:ed:6b:6e:35:96:1d:b8:73:b2:f2:c4:cb:07:
de:bd:e7:15:ec:df:56:ee:0f:40:25:13:80:e7:8b:c0:bd:4f:
9b:d6:af:af:bb:c4:be:c1:1b:fe:3f:9a:1b:ab:9e:ea:18:e6:
e6:4b:73:6b:63:69:2f:a0:4e:5c:2d:3b:49:39:4c:f2:a6:84:
c0:fd:7c:15:a1:d7:4c:eb:51:3c:e9:71:80:87:9c:0d:f2:05:
fa:2f:f6:12:f4:5f:35:4f:6d:4a:7b:77:d9:33:50:17:89:38:
e5:23:d3:69
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHGIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTMy
MjA5NTZaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDAxRjBBRjc1OUM5NTk4
OENFMDgyODc4NUEzNzEzNjBBMzBFMjZBNTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCuWE3/TTnx5FQkVKAx67vxfsoJrc9SoqhZg3Rme0PofJuBxQec
DYAZV1VlDQE2m3bV2aDe3pCcBjL6lFnbd2W7MuMQDOsRme+lcaub+1UFry9qYu5/
7+6e41gzJxAPtb98+oNv3TR+eY2Kyv11cm+z8iKFP1ZD+Jv7n8n7U8KPNroaAoXG
dxgyYMEu+92jJfdcae9L+jnrH8A6uVKdBazi1GwfTX19vwROfxcEUv8mGXlc0Iyx
4AhTPSy/2cxloH+Ilz2vL6478AIKIN4jhK+a8tGf/Vc1E/VI6Mp29BRTxDfBYlJ2
JcPZwFeox+F2LdbE3jggA+SLfVdgvd2PlMr1AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUAfCvdZyVmIzggoeFo3E2CjDialIwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9BZkN2ZFp5Vm1Jemdnb2VG
bzNFMkNqRGlhbEkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBACkz0+xsJ2L0nyuA0rDNvVWRKmtGV6JxzEld
tEfrGscScBTcapkJFB9e4SknCTbOahOlcBzzy1r0X0qA9eDYVMZg7485OWs0/OZi
BflKU46/pkVrpkYLPuVSTuIwFKA8nZLCAO3e+tJHu21j6rJTitePuWYVI92DYgFy
ovQqFD1Y66K0hbBx3sXWfwWfWOykiyfcAXcb7WtuNZYduHOy8sTLB9695xXs31bu
D0AlE4Dni8C9T5vWr6+7xL7BG/4/mhurnuoY5uZLc2tjaS+gTlwtO0k5TPKmhMD9
fBWh10zrUTzpcYCHnA3yBfov9hL0XzVPbUp7d9kzUBeJOOUj02k=
-----END CERTIFICATE-----
Generated at Sat Jun 21 12:04:55 2025 by rpki-client