Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/DHfIE7-jXVI8XHqdbnWP-SgLSrg.roa
File: DHfIE7-jXVI8XHqdbnWP-SgLSrg.roa (raw, json)
Hash identifier: Oo8gblSfHzpgvYXCCNpTOev7oINxX7jLKv0StBWSdng=
Subject key identifier: 0C:77:C8:13:BF:A3:5D:52:3C:5C:7A:9D:6E:75:8F:F9:28:0B:4A:B8
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 17E6
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/DHfIE7-jXVI8XHqdbnWP-SgLSrg.roa
Signing time: Sat 07 Jun 2025 22:39:35 +0000
ROA not before: Sat 07 Jun 2025 22:39:35 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6118 (0x17e6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 7 22:39:35 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=0C77C813BFA35D523C5C7A9D6E758FF9280B4AB8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:09:25:5c:c1:fd:df:50:6d:70:12:33:59:10:
1d:e4:c0:02:85:56:6c:5c:db:6c:7d:2e:bc:ff:b7:
d4:bd:4e:f8:5d:78:47:75:cf:9c:70:4a:fd:6f:58:
4f:d6:8c:d4:22:d7:c5:ae:26:8a:12:44:d6:c9:10:
d1:3c:f5:5d:34:b1:c4:a7:cf:de:64:b7:17:b5:ad:
0d:bf:9c:ff:64:f0:30:c9:e1:d5:76:35:98:f0:80:
01:05:8b:c3:b3:1c:76:ff:38:8f:f3:a2:df:03:11:
a1:10:79:e4:e6:a5:66:28:5d:ff:62:e0:31:f4:ba:
7f:d8:55:c3:c1:65:d4:48:59:aa:ba:29:d1:6c:28:
06:11:b5:c1:69:1b:7d:66:1a:5b:a7:32:36:92:5e:
fd:37:62:82:40:65:96:c8:da:8a:81:69:10:48:44:
28:9d:51:16:5d:28:46:39:9c:13:0a:8e:6c:7b:ee:
60:d2:f3:ff:11:f2:2e:94:17:4f:79:54:06:2c:d2:
6d:20:09:34:c8:12:55:3a:7d:15:6b:0d:29:29:a9:
c2:93:0b:6e:3b:33:32:ba:54:cc:68:d5:0e:9c:2d:
6b:a2:82:b1:ca:ec:8c:b9:ae:03:32:1d:00:ae:35:
eb:9e:a8:19:b5:0c:12:90:95:02:75:36:9b:1c:0c:
e0:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:77:C8:13:BF:A3:5D:52:3C:5C:7A:9D:6E:75:8F:F9:28:0B:4A:B8
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/DHfIE7-jXVI8XHqdbnWP-SgLSrg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
ac:0b:22:12:17:c5:ea:bb:13:8e:36:7a:b7:38:05:2a:ed:c7:
ae:1e:c2:fd:a7:4b:6a:91:0e:cd:0d:a5:9d:af:62:87:7e:66:
0d:cb:48:8d:d2:e8:3b:6a:cc:0a:84:11:d5:d5:ed:4c:16:02:
7d:4c:98:1a:75:21:4e:c6:0c:fa:44:17:fb:c5:a9:d0:5c:e8:
c4:64:8d:ff:0b:a2:26:57:13:f3:3d:33:f5:26:40:0d:5b:70:
12:84:3b:29:07:22:14:7d:77:ed:83:f2:d3:8a:e5:17:e1:5d:
97:12:cf:7b:c7:7e:21:2c:6a:55:07:9a:68:e2:a3:42:a0:8d:
13:1d:11:7c:66:7e:39:7e:ba:1e:cd:68:30:dd:78:8d:e5:50:
d6:aa:a2:7b:b8:db:92:2e:c9:fa:86:f5:27:6e:42:a2:5b:2b:
c2:5b:af:da:04:9f:35:5f:33:01:f0:2f:00:e0:44:52:9b:42:
51:df:b2:01:4d:dc:8c:a8:71:5f:67:ae:c3:b3:c3:d1:15:4f:
ce:f4:7d:52:4f:93:16:eb:6b:73:e0:8e:39:92:14:0b:a9:8d:
c8:99:76:16:58:51:b2:08:0c:39:a5:dd:50:52:fd:79:c5:e0:
d1:40:97:e0:14:14:61:34:47:dd:72:c8:4a:0c:af:cc:de:f7:
ab:d6:f3:b8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICF+YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDcy
MjM5MzVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDBDNzdDODEzQkZBMzVE
NTIzQzVDN0E5RDZFNzU4RkY5MjgwQjRBQjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYCSVcwf3fUG1wEjNZEB3kwAKFVmxc22x9Lrz/t9S9TvhdeEd1
z5xwSv1vWE/WjNQi18WuJooSRNbJENE89V00scSnz95ktxe1rQ2/nP9k8DDJ4dV2
NZjwgAEFi8OzHHb/OI/zot8DEaEQeeTmpWYoXf9i4DH0un/YVcPBZdRIWaq6KdFs
KAYRtcFpG31mGlunMjaSXv03YoJAZZbI2oqBaRBIRCidURZdKEY5nBMKjmx77mDS
8/8R8i6UF095VAYs0m0gCTTIElU6fRVrDSkpqcKTC247MzK6VMxo1Q6cLWuigrHK
7Iy5rgMyHQCuNeueqBm1DBKQlQJ1NpscDOAPAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUDHfIE7+jXVI8XHqdbnWP+SgLSrgwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9ESGZJRTctalhWSThYSHFk
Ym5XUC1TZ0xTcmcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAKwLIhIXxeq7E442erc4BSrtx64ewv2nS2qR
Ds0NpZ2vYod+Zg3LSI3S6DtqzAqEEdXV7UwWAn1MmBp1IU7GDPpEF/vFqdBc6MRk
jf8LoiZXE/M9M/UmQA1bcBKEOykHIhR9d+2D8tOK5RfhXZcSz3vHfiEsalUHmmji
o0KgjRMdEXxmfjl+uh7NaDDdeI3lUNaqonu425IuyfqG9SduQqJbK8Jbr9oEnzVf
MwHwLwDgRFKbQlHfsgFN3IyocV9nrsOzw9EVT870fVJPkxbra3PgjjmSFAupjciZ
dhZYUbIIDDml3VBS/XnF4NFAl+AUFGE0R91yyEoMr8ze96vW87g=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:55:25 2025 by rpki-client