Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/KQmJ4Kp2qtI5b-G-nMHOOHIVXVA.roa
File: KQmJ4Kp2qtI5b-G-nMHOOHIVXVA.roa (raw, json)
Hash identifier: mGZBuAu4izPYRzh9vRPpSZlMA9wu12mAulDZL00IrvU=
Subject key identifier: 29:09:89:E0:AA:76:AA:D2:39:6F:E1:BE:9C:C1:CE:38:72:15:5D:50
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1306
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KQmJ4Kp2qtI5b-G-nMHOOHIVXVA.roa
Signing time: Sun 01 Jun 2025 10:39:11 +0000
ROA not before: Sun 01 Jun 2025 10:39:11 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4870 (0x1306)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 1 10:39:11 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=290989E0AA76AAD2396FE1BE9CC1CE3872155D50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:d3:18:4f:ff:10:ec:64:03:09:86:c4:3e:8b:
d1:80:81:bf:4a:32:aa:69:01:2e:aa:ab:ba:60:7f:
e6:b6:39:35:39:44:f6:50:38:8d:6a:ea:85:a8:58:
45:5e:5d:cc:e6:d5:dd:2a:bd:82:63:9f:43:ef:70:
58:dd:31:e4:25:98:09:ac:9e:b2:6a:d9:f7:cc:f9:
bd:61:b3:31:46:e9:d8:da:2f:13:c6:51:b3:c8:8a:
c0:34:72:4f:ce:b9:8e:2f:50:48:ba:c4:20:26:c3:
bf:59:67:fb:f2:d6:c0:8b:91:d3:ee:af:aa:08:47:
5b:9c:66:d5:fe:74:0f:e5:81:ae:62:c3:b5:73:42:
c7:8e:b9:5f:75:bb:e6:56:71:54:ca:68:aa:db:85:
b9:e8:69:87:4a:8e:62:3b:37:db:c6:d2:52:f2:7d:
ff:9b:b5:e5:f4:2a:2f:a7:2c:d3:08:99:7b:02:22:
02:74:55:37:f7:27:44:d6:e7:43:59:1e:8a:0d:ef:
09:46:2a:9b:ce:31:36:37:ed:37:08:41:96:ac:69:
bc:79:a3:7f:9d:42:df:c2:32:c1:0b:aa:b5:82:d0:
a4:8e:20:9f:dd:aa:42:3a:d6:6b:98:92:af:74:25:
11:a8:f2:4c:e0:0c:41:59:53:ec:42:f7:17:f9:e8:
a8:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:09:89:E0:AA:76:AA:D2:39:6F:E1:BE:9C:C1:CE:38:72:15:5D:50
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KQmJ4Kp2qtI5b-G-nMHOOHIVXVA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
04:73:a0:e0:79:9b:82:97:c1:00:c8:4e:7e:eb:5f:e6:e7:87:
a4:0c:80:7d:26:ca:8e:de:84:06:c2:a1:1b:bf:6f:c5:05:5b:
8d:c5:b9:f8:97:72:be:3b:a0:a1:2b:b4:5f:a9:05:eb:4c:a7:
1a:55:85:f6:70:30:30:07:f2:37:98:3f:d7:bb:de:a1:ff:c5:
c6:21:1e:fe:79:2c:8c:12:3d:42:b5:f6:74:37:44:fe:0e:d8:
46:45:3e:bf:36:62:63:2d:55:74:af:1d:31:81:a9:11:b5:c8:
d9:3d:b1:dc:96:87:2f:f8:80:45:75:e4:3e:a6:a8:08:05:39:
94:86:0b:53:64:94:ca:42:fe:52:7c:3a:9c:68:2b:f2:7d:ed:
10:02:39:dc:52:02:64:45:24:58:39:c2:3b:ee:b7:82:39:1f:
8f:28:ac:68:54:10:56:c3:46:9f:24:09:13:76:e8:4f:df:50:
fe:fe:d8:23:22:d3:23:f3:be:a9:8e:98:e2:20:01:36:73:22:
d2:18:99:7c:07:54:c1:6c:e1:c3:55:98:a2:d3:40:ca:87:e9:
98:99:ca:0a:60:97:bb:0a:18:54:5d:4b:9a:9a:6c:dc:f4:3e:
35:68:b0:74:d9:c3:29:5e:10:c3:7e:18:b6:81:6f:79:82:19:
29:ad:44:c2
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICEwYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDEx
MDM5MTFaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDI5MDk4OUUwQUE3NkFB
RDIzOTZGRTFCRTlDQzFDRTM4NzIxNTVENTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCk0xhP/xDsZAMJhsQ+i9GAgb9KMqppAS6qq7pgf+a2OTU5RPZQ
OI1q6oWoWEVeXczm1d0qvYJjn0PvcFjdMeQlmAmsnrJq2ffM+b1hszFG6djaLxPG
UbPIisA0ck/OuY4vUEi6xCAmw79ZZ/vy1sCLkdPur6oIR1ucZtX+dA/lga5iw7Vz
QseOuV91u+ZWcVTKaKrbhbnoaYdKjmI7N9vG0lLyff+bteX0Ki+nLNMImXsCIgJ0
VTf3J0TW50NZHooN7wlGKpvOMTY37TcIQZasabx5o3+dQt/CMsELqrWC0KSOIJ/d
qkI61muYkq90JRGo8kzgDEFZU+xC9xf56KgNAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUKQmJ4Kp2qtI5b+G+nMHOOHIVXVAwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9LUW1KNEtwMnF0STViLUct
bk1IT09ISVZYVkEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAARzoOB5m4KXwQDITn7rX+bnh6QMgH0myo7e
hAbCoRu/b8UFW43FufiXcr47oKErtF+pBetMpxpVhfZwMDAH8jeYP9e73qH/xcYh
Hv55LIwSPUK19nQ3RP4O2EZFPr82YmMtVXSvHTGBqRG1yNk9sdyWhy/4gEV15D6m
qAgFOZSGC1NklMpC/lJ8OpxoK/J97RACOdxSAmRFJFg5wjvut4I5H48orGhUEFbD
Rp8kCRN26E/fUP7+2CMi0yPzvqmOmOIgATZzItIYmXwHVMFs4cNVmKLTQMqH6ZiZ
ygpgl7sKGFRdS5qabNz0PjVosHTZwyleEMN+GLaBb3mCGSmtRMI=
-----END CERTIFICATE-----
Generated at Sun Jun 22 12:09:48 2025 by rpki-client