Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/KgkvvaM7MAt6lvzAHA0K8onMvVU.roa
File: KgkvvaM7MAt6lvzAHA0K8onMvVU.roa (raw, json)
Hash identifier: rltlaGMPXc1MbHHWTcCg2B5RT3v0wftk6LUz1PWvJPY=
Subject key identifier: 2A:09:2F:BD:A3:3B:30:0B:7A:96:FC:C0:1C:0D:0A:F2:89:CC:BD:55
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1C9E
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KgkvvaM7MAt6lvzAHA0K8onMvVU.roa
Signing time: Sat 14 Jun 2025 05:39:54 +0000
ROA not before: Sat 14 Jun 2025 05:39:54 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7326 (0x1c9e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 14 05:39:54 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=2A092FBDA33B300B7A96FCC01C0D0AF289CCBD55
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:99:9e:a0:2e:3c:cb:d0:2c:9f:9a:0c:4d:7b:
b2:e9:81:06:ef:bd:bd:dd:0e:c3:4c:e8:5a:b7:39:
21:d4:3d:f7:05:94:0d:8a:af:f2:5c:a2:67:98:d6:
18:2d:64:3e:56:3a:1b:6f:42:90:d7:1c:ba:f2:89:
00:ab:b8:81:2d:72:8b:14:2e:cd:92:60:34:98:c9:
15:6c:46:7b:39:52:45:a9:c8:30:b5:d0:98:45:d1:
ab:a2:8e:e2:1f:e2:61:12:61:ce:da:b5:7d:4e:5e:
f3:8a:56:af:0a:6b:0d:52:b0:12:af:6e:35:15:39:
b6:09:93:21:0c:c6:c7:45:9b:10:c2:63:97:5d:90:
f4:67:48:3b:e4:73:f7:3f:64:91:2f:c2:4c:90:c9:
cb:e5:eb:3c:47:49:ce:38:51:2d:91:fa:01:c0:e9:
a0:65:44:9b:4a:ec:b0:ff:e5:de:bd:b2:6a:6a:49:
a6:8c:06:ba:70:47:d1:ed:c6:0d:d4:1c:9e:31:76:
6f:cf:e1:59:80:4b:34:62:68:93:2b:6e:5b:30:ea:
9d:29:b3:4d:26:db:63:69:7a:78:20:a6:5a:68:82:
03:ff:93:31:35:4e:4d:66:de:0a:b0:1b:37:41:0e:
9f:b4:8b:52:c7:e2:f3:2f:f7:f5:89:c1:c7:87:a0:
67:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:09:2F:BD:A3:3B:30:0B:7A:96:FC:C0:1C:0D:0A:F2:89:CC:BD:55
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KgkvvaM7MAt6lvzAHA0K8onMvVU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5e:fe:9a:b3:57:2d:96:73:41:d6:c0:42:78:12:48:f0:c4:2d:
73:f8:c1:89:19:74:b8:01:e4:de:dd:0a:06:29:25:45:d3:56:
b8:14:91:0a:1a:10:e8:86:c9:b3:9f:86:ee:fd:a1:6a:a8:2c:
3c:53:ab:43:67:9c:df:61:b9:0a:4c:ab:4b:33:e6:ef:8d:7c:
9c:79:0e:5a:d1:a7:9e:8e:58:44:41:32:10:19:56:a6:5b:de:
c3:33:10:30:5a:02:81:0d:ba:e6:93:e5:fc:4d:44:64:6c:c6:
70:7a:43:6f:8e:51:72:72:43:7c:8c:01:45:a8:6b:68:8f:c4:
38:01:eb:46:56:ca:b4:7d:a2:34:71:2d:1a:70:57:07:74:8c:
45:f5:bd:ed:9c:af:05:3e:c1:eb:d6:88:70:c2:ed:be:41:90:
7c:80:67:90:02:10:d8:dd:69:98:a8:6f:ee:4d:06:42:5b:3e:
99:b2:c6:2c:76:1d:6e:7d:05:bc:05:25:84:39:ec:69:e3:36:
3d:09:78:32:c6:9d:4f:3a:76:51:5f:e9:2c:5d:5b:e6:0b:56:
4a:ee:f9:0b:2a:7a:a9:6a:19:f3:b5:1f:b0:09:bb:b9:f6:e1:
52:95:d2:49:7b:1f:5c:d1:7d:8a:a7:8d:7e:db:00:cf:2c:be:
f5:c9:00:25
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHJ4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTQw
NTM5NTRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDJBMDkyRkJEQTMzQjMw
MEI3QTk2RkNDMDFDMEQwQUYyODlDQ0JENTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSmZ6gLjzL0CyfmgxNe7LpgQbvvb3dDsNM6Fq3OSHUPfcFlA2K
r/JcomeY1hgtZD5WOhtvQpDXHLryiQCruIEtcosULs2SYDSYyRVsRns5UkWpyDC1
0JhF0auijuIf4mESYc7atX1OXvOKVq8Kaw1SsBKvbjUVObYJkyEMxsdFmxDCY5dd
kPRnSDvkc/c/ZJEvwkyQycvl6zxHSc44US2R+gHA6aBlRJtK7LD/5d69smpqSaaM
BrpwR9Htxg3UHJ4xdm/P4VmASzRiaJMrblsw6p0ps00m22NpenggplpoggP/kzE1
Tk1m3gqwGzdBDp+0i1LH4vMv9/WJwceHoGf9AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUKgkvvaM7MAt6lvzAHA0K8onMvVUwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9LZ2t2dmFNN01BdDZsdnpB
SEEwSzhvbk12VlUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAF7+mrNXLZZzQdbAQngSSPDELXP4wYkZdLgB
5N7dCgYpJUXTVrgUkQoaEOiGybOfhu79oWqoLDxTq0NnnN9huQpMq0sz5u+NfJx5
DlrRp56OWERBMhAZVqZb3sMzEDBaAoENuuaT5fxNRGRsxnB6Q2+OUXJyQ3yMAUWo
a2iPxDgB60ZWyrR9ojRxLRpwVwd0jEX1ve2crwU+wevWiHDC7b5BkHyAZ5ACENjd
aZiob+5NBkJbPpmyxix2HW59BbwFJYQ57GnjNj0JeDLGnU86dlFf6SxdW+YLVkru
+QsqeqlqGfO1H7AJu7n24VKV0kl7H1zRfYqnjX7bAM8svvXJACU=
-----END CERTIFICATE-----
Generated at Fri Jun 20 10:02:59 2025 by rpki-client