Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/K3XH03L14i7eMQeEURoEyvSY6fs.roa
File: K3XH03L14i7eMQeEURoEyvSY6fs.roa (raw, json)
Hash identifier: wny/fIvYRSNHv1wOHeoBrF7hgoHVpq8lCP9Z9qs50Y0=
Subject key identifier: 2B:75:C7:D3:72:F5:E2:2E:DE:31:07:84:51:1A:04:CA:F4:98:E9:FB
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 18DA
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/K3XH03L14i7eMQeEURoEyvSY6fs.roa
Signing time: Mon 09 Jun 2025 05:09:37 +0000
ROA not before: Mon 09 Jun 2025 05:09:37 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6362 (0x18da)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 9 05:09:37 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=2B75C7D372F5E22EDE310784511A04CAF498E9FB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:50:95:65:7a:34:09:af:d3:4a:08:0d:31:2b:
11:90:6e:c3:26:9c:99:4b:7c:12:bb:fd:17:82:c1:
39:e0:03:7c:60:e8:40:c3:f4:a8:c3:9d:1a:c0:35:
49:83:8d:0e:e0:29:4b:2c:32:8f:ae:e1:72:3e:72:
26:fd:5f:d0:d9:57:05:b7:44:a6:85:7a:e1:71:0e:
5b:e8:f0:d9:99:ef:8f:25:c0:1b:0b:63:a9:3f:e7:
6d:eb:1b:40:59:7f:30:55:ce:9e:7d:28:6d:9d:38:
72:7a:e7:0d:49:c7:40:56:02:8f:72:c2:c0:9f:44:
87:55:97:f6:d8:5a:cb:c3:e8:17:e0:f6:ff:db:f5:
81:2b:8f:d9:0e:5b:d0:d9:04:53:08:c2:53:08:3e:
3c:9c:43:d9:8e:4b:79:96:a9:3f:ac:04:08:d9:5c:
af:62:e8:9c:47:10:b9:2d:5f:79:3e:ac:4f:b3:26:
89:8a:66:8e:c8:76:9b:d3:3f:44:b8:65:d8:eb:6b:
94:2b:55:dc:10:3f:d2:19:a0:b5:3d:59:65:c8:18:
b6:d2:d8:a0:dc:f4:38:09:9c:ad:45:ea:97:89:d0:
29:4d:6d:b3:13:7d:23:1d:a1:fb:d2:45:ae:d6:3c:
91:41:6a:8c:c4:6e:8e:88:46:17:f6:7f:a5:47:04:
7b:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:75:C7:D3:72:F5:E2:2E:DE:31:07:84:51:1A:04:CA:F4:98:E9:FB
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/K3XH03L14i7eMQeEURoEyvSY6fs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
15:18:75:eb:f6:c1:08:16:ce:ad:92:32:7c:89:8b:fc:7d:22:
be:51:32:00:cd:12:fa:be:36:2e:d0:79:98:2a:79:23:6c:ae:
23:33:e7:3a:cf:42:e9:35:0c:71:6a:05:4e:ee:3f:83:c5:95:
30:06:65:09:a1:01:5a:b7:6b:fc:2a:1b:db:98:27:1a:7f:97:
bd:0d:15:a4:7b:9c:f8:37:1d:07:2e:af:38:41:2a:a7:03:b4:
f1:c2:1c:6e:9d:fd:30:03:bd:17:d1:f1:d1:51:c7:bd:c1:79:
9e:f4:3e:ab:fd:57:43:82:db:1c:e0:e6:ab:c3:b2:ee:a2:6b:
98:91:da:f0:a0:ca:f0:3d:65:b3:4e:5a:d4:30:2f:c8:56:e8:
d8:a7:64:03:a7:e1:5a:d7:d4:8a:54:74:78:fd:f6:06:e7:4b:
74:b2:00:c8:e1:39:7b:55:db:f0:55:d6:33:08:d0:dc:ea:05:
2d:b4:8a:c8:c2:74:ab:49:2a:9c:83:51:9d:28:82:5e:e2:14:
e1:92:0b:9e:c8:f0:5e:14:60:c7:46:6b:b1:b3:cb:30:e6:32:
fe:3f:54:14:10:32:6f:83:78:a0:76:26:86:2d:27:81:90:1d:
fa:d0:54:23:3e:b8:26:59:d6:48:ba:a9:48:fd:85:82:20:a0:
10:1e:35:13
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGNowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDkw
NTA5MzdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDJCNzVDN0QzNzJGNUUy
MkVERTMxMDc4NDUxMUEwNENBRjQ5OEU5RkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtUJVlejQJr9NKCA0xKxGQbsMmnJlLfBK7/ReCwTngA3xg6EDD
9KjDnRrANUmDjQ7gKUssMo+u4XI+cib9X9DZVwW3RKaFeuFxDlvo8NmZ748lwBsL
Y6k/523rG0BZfzBVzp59KG2dOHJ65w1Jx0BWAo9ywsCfRIdVl/bYWsvD6Bfg9v/b
9YErj9kOW9DZBFMIwlMIPjycQ9mOS3mWqT+sBAjZXK9i6JxHELktX3k+rE+zJomK
Zo7IdpvTP0S4Zdjra5QrVdwQP9IZoLU9WWXIGLbS2KDc9DgJnK1F6peJ0ClNbbMT
fSMdofvSRa7WPJFBaozEbo6IRhf2f6VHBHubAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUK3XH03L14i7eMQeEURoEyvSY6fswHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9LM1hIMDNMMTRpN2VNUWVF
VVJvRXl2U1k2ZnMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBABUYdev2wQgWzq2SMnyJi/x9Ir5RMgDNEvq+
Ni7QeZgqeSNsriMz5zrPQuk1DHFqBU7uP4PFlTAGZQmhAVq3a/wqG9uYJxp/l70N
FaR7nPg3HQcurzhBKqcDtPHCHG6d/TADvRfR8dFRx73BeZ70Pqv9V0OC2xzg5qvD
su6ia5iR2vCgyvA9ZbNOWtQwL8hW6NinZAOn4VrX1IpUdHj99gbnS3SyAMjhOXtV
2/BV1jMI0NzqBS20isjCdKtJKpyDUZ0ogl7iFOGSC57I8F4UYMdGa7GzyzDmMv4/
VBQQMm+DeKB2JoYtJ4GQHfrQVCM+uCZZ1ki6qUj9hYIgoBAeNRM=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:56:52 2025 by rpki-client