Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/CTBvhNhr-t3d0DR9yI1NAc2Mvlw.roa
File: CTBvhNhr-t3d0DR9yI1NAc2Mvlw.roa (raw, json)
Hash identifier: d73TTYOl1RgE+GtqXEWkUbV57boXsMHvVlvsXyu6oH8=
Subject key identifier: 09:30:6F:84:D8:6B:FA:DD:DD:D0:34:7D:C8:8D:4D:01:CD:8C:BE:5C
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1B86
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/CTBvhNhr-t3d0DR9yI1NAc2Mvlw.roa
Signing time: Thu 12 Jun 2025 18:39:52 +0000
ROA not before: Thu 12 Jun 2025 18:39:52 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7046 (0x1b86)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 12 18:39:52 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=09306F84D86BFADDDDD0347DC88D4D01CD8CBE5C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:65:ce:19:82:e3:4f:46:ef:a1:00:fc:27:f0:
b2:82:c5:c8:b6:d6:5d:82:ef:96:70:b7:19:2f:c4:
81:e9:5e:23:95:57:b9:14:e5:db:c9:bc:e5:8a:6a:
c6:e4:c9:a1:a7:e6:f6:0c:6e:d7:5f:37:24:25:37:
63:b7:16:6f:de:d3:ac:bd:5f:06:28:b8:f4:79:08:
19:6d:3b:9c:25:a2:44:b6:63:f0:02:e7:84:33:4d:
a5:9d:11:09:f6:6f:1e:6f:c0:c4:63:c0:b4:f4:74:
f2:44:0e:2c:bc:a1:df:02:a3:33:62:c7:88:7c:4d:
e2:13:c0:da:0c:92:17:86:7e:fd:f0:c5:7f:98:e0:
56:5c:11:12:6e:9e:76:f0:35:c9:7e:4c:32:54:3c:
a1:3e:d2:12:78:e4:0d:53:52:10:07:b8:80:b4:51:
59:fa:e8:7b:03:a6:b2:00:b6:32:d0:6d:77:d5:1e:
43:0c:87:36:f1:90:19:75:1b:74:f3:2b:3a:27:59:
a5:88:8b:77:6f:02:5f:3b:43:95:4b:ec:18:64:c5:
e1:40:b2:b6:4f:3e:47:76:be:de:23:5f:cf:fe:1c:
4f:1e:2a:23:58:e8:30:c5:a8:88:9d:43:37:a8:5d:
a9:78:0c:31:69:42:21:b4:50:df:22:1b:8f:e3:94:
86:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:30:6F:84:D8:6B:FA:DD:DD:D0:34:7D:C8:8D:4D:01:CD:8C:BE:5C
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/CTBvhNhr-t3d0DR9yI1NAc2Mvlw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
ad:8d:5f:93:82:59:c5:9f:52:56:5d:26:f0:dc:11:08:bb:e7:
63:e0:d5:5d:92:00:c1:7c:7d:f6:f9:01:3a:27:01:76:05:3c:
66:79:8a:16:3f:99:c4:81:0d:03:82:16:8b:4f:5f:a2:88:08:
8d:1a:10:6b:5d:37:32:57:df:d4:3e:35:69:86:a5:db:88:9f:
42:a3:b6:5f:ef:2e:8e:bb:46:af:cd:44:bd:26:a3:cf:fa:b6:
65:92:ab:79:7d:42:17:05:c2:91:a3:57:66:7b:cd:c0:ad:2a:
c8:2f:28:de:61:ad:51:88:6b:93:54:fb:93:da:8e:48:81:73:
80:79:b8:82:c0:15:ca:6c:8d:ef:53:3e:54:13:a2:4c:ff:5b:
74:d8:f1:9f:45:54:cd:2b:f1:aa:f9:b6:bf:ec:8d:52:1b:16:
e1:a3:47:91:1b:39:30:7d:69:61:83:44:93:c0:cf:51:72:17:
26:a5:e4:95:df:c4:23:5b:e3:dd:0c:37:fa:a8:b7:2a:31:36:
70:ed:80:6a:6c:f0:a9:10:d3:7b:56:d3:80:f9:7f:cb:e6:d1:
4c:5b:dd:57:85:b3:5f:7e:1a:61:b7:1c:58:72:fd:01:95:07:
f0:68:11:b4:85:4a:d9:4a:e0:fd:c1:f6:53:fd:6e:cf:42:68:
a7:dc:36:50
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICG4YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTIx
ODM5NTJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDA5MzA2Rjg0RDg2QkZB
REREREQwMzQ3REM4OEQ0RDAxQ0Q4Q0JFNUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVZc4ZguNPRu+hAPwn8LKCxci21l2C75ZwtxkvxIHpXiOVV7kU
5dvJvOWKasbkyaGn5vYMbtdfNyQlN2O3Fm/e06y9XwYouPR5CBltO5wlokS2Y/AC
54QzTaWdEQn2bx5vwMRjwLT0dPJEDiy8od8CozNix4h8TeITwNoMkheGfv3wxX+Y
4FZcERJunnbwNcl+TDJUPKE+0hJ45A1TUhAHuIC0UVn66HsDprIAtjLQbXfVHkMM
hzbxkBl1G3TzKzonWaWIi3dvAl87Q5VL7BhkxeFAsrZPPkd2vt4jX8/+HE8eKiNY
6DDFqIidQzeoXal4DDFpQiG0UN8iG4/jlIaXAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUCTBvhNhr+t3d0DR9yI1NAc2MvlwwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9DVEJ2aE5oci10M2QwRFI5
eUkxTkFjMk12bHcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAK2NX5OCWcWfUlZdJvDcEQi752Pg1V2SAMF8
ffb5ATonAXYFPGZ5ihY/mcSBDQOCFotPX6KICI0aEGtdNzJX39Q+NWmGpduIn0Kj
tl/vLo67Rq/NRL0mo8/6tmWSq3l9QhcFwpGjV2Z7zcCtKsgvKN5hrVGIa5NU+5Pa
jkiBc4B5uILAFcpsje9TPlQTokz/W3TY8Z9FVM0r8ar5tr/sjVIbFuGjR5EbOTB9
aWGDRJPAz1FyFyal5JXfxCNb490MN/qotyoxNnDtgGps8KkQ03tW04D5f8vm0Uxb
3VeFs19+GmG3HFhy/QGVB/BoEbSFStlK4P3B9lP9bs9CaKfcNlA=
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:11:47 2025 by rpki-client