Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/KkNsjajgeEiS8jXpnwTUzSnIhu0.roa
File: KkNsjajgeEiS8jXpnwTUzSnIhu0.roa (raw, json)
Hash identifier: LI+DZFWimputsO19ubsU0yIXCT3OlnKvCpvaNjo/eyM=
Subject key identifier: 2A:43:6C:8D:A8:E0:78:48:92:F2:35:E9:9F:04:D4:CD:29:C8:86:ED
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1B46
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KkNsjajgeEiS8jXpnwTUzSnIhu0.roa
Signing time: Thu 12 Jun 2025 10:40:02 +0000
ROA not before: Thu 12 Jun 2025 10:40:02 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6982 (0x1b46)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 12 10:40:02 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=2A436C8DA8E0784892F235E99F04D4CD29C886ED
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:81:c8:d1:36:5f:ef:c1:bb:ae:73:22:60:59:
8e:4e:65:64:64:ae:02:e6:10:51:09:d5:c6:51:ef:
6b:21:09:5a:e0:33:2f:78:1a:2e:24:d7:47:01:7c:
0f:88:06:e3:c3:3a:e0:c0:75:52:30:12:55:2d:54:
53:a8:bc:1c:14:2c:39:f3:7b:4a:14:52:40:02:a6:
39:b5:3f:00:d8:45:a5:8b:a9:56:fc:4a:98:74:8b:
d2:db:ef:8e:ab:86:60:91:ce:3a:d8:79:aa:d7:df:
cb:71:5c:f1:c3:72:51:af:2b:dc:fb:c2:35:e5:83:
58:cc:30:c2:a0:be:ec:36:95:03:f5:d4:f5:33:87:
80:9f:db:ac:38:0a:93:b6:b1:34:d8:5f:bc:53:1f:
2a:9b:41:ed:67:02:95:97:e9:4e:04:a6:30:ed:59:
22:9a:4c:9d:91:33:a0:11:fa:00:5b:24:17:1f:90:
07:e3:4f:2a:00:8d:b2:2a:62:a6:b7:c9:23:bc:6f:
17:5a:55:3c:1f:d8:fe:a5:be:1d:3f:72:90:c3:cb:
bc:a4:bf:a1:14:51:78:d1:7b:15:07:bd:29:83:ee:
23:ed:3d:bc:4f:88:14:05:bf:15:cb:1a:d6:87:d8:
95:d4:3e:64:9b:7f:35:66:8e:d1:10:90:f6:70:db:
e2:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:43:6C:8D:A8:E0:78:48:92:F2:35:E9:9F:04:D4:CD:29:C8:86:ED
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/KkNsjajgeEiS8jXpnwTUzSnIhu0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
57:90:55:de:b9:0a:06:f0:35:d2:53:a3:e9:36:bc:8e:cf:d6:
e0:9d:a5:a6:0f:68:8d:02:f4:88:21:ab:1a:62:d7:f3:5f:bc:
cd:8a:09:9b:a8:53:1d:3a:c3:2d:e3:c0:d8:fb:25:10:e5:ef:
88:fd:df:2a:2c:9c:3b:71:ef:3b:fa:56:8e:a9:3f:46:c7:b9:
a8:f7:8a:4f:82:68:c9:58:f2:46:c2:55:7f:65:6b:70:a4:c0:
bb:ec:ef:44:07:16:23:af:a9:4d:45:91:42:76:4a:0e:09:3b:
86:62:bc:d8:62:ae:29:4e:cd:fb:44:d3:fe:50:56:aa:91:55:
3a:ad:29:fd:29:c4:46:4d:27:eb:04:f1:37:4b:0c:9b:33:33:
dd:7a:ab:a2:ee:0f:ef:e6:57:89:e9:ef:50:9d:20:75:24:a8:
ec:df:10:3c:7a:d7:c7:a4:4f:ee:d2:97:e8:8f:12:ed:76:96:
2a:77:e3:61:de:d8:87:9a:72:e5:7b:75:bf:a3:87:53:86:71:
1d:dd:9e:2f:8d:ea:a6:07:e6:79:59:7c:b5:28:e1:06:05:e7:
37:a1:dc:8c:b7:5c:d0:27:18:c6:4d:3b:19:a8:77:0e:e0:7a:
57:9a:13:e9:71:71:cd:b7:29:d2:1c:7d:83:16:0e:31:39:30:
70:cb:44:71
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICG0YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTIx
MDQwMDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDJBNDM2QzhEQThFMDc4
NDg5MkYyMzVFOTlGMDRENENEMjlDODg2RUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYgcjRNl/vwbuucyJgWY5OZWRkrgLmEFEJ1cZR72shCVrgMy94
Gi4k10cBfA+IBuPDOuDAdVIwElUtVFOovBwULDnze0oUUkACpjm1PwDYRaWLqVb8
Sph0i9Lb746rhmCRzjrYearX38txXPHDclGvK9z7wjXlg1jMMMKgvuw2lQP11PUz
h4Cf26w4CpO2sTTYX7xTHyqbQe1nApWX6U4EpjDtWSKaTJ2RM6AR+gBbJBcfkAfj
TyoAjbIqYqa3ySO8bxdaVTwf2P6lvh0/cpDDy7ykv6EUUXjRexUHvSmD7iPtPbxP
iBQFvxXLGtaH2JXUPmSbfzVmjtEQkPZw2+KfAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUKkNsjajgeEiS8jXpnwTUzSnIhu0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9La05zamFqZ2VFaVM4alhw
bndUVXpTbklodTAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAFeQVd65CgbwNdJTo+k2vI7P1uCdpaYPaI0C
9Ighqxpi1/NfvM2KCZuoUx06wy3jwNj7JRDl74j93yosnDtx7zv6Vo6pP0bHuaj3
ik+CaMlY8kbCVX9la3CkwLvs70QHFiOvqU1FkUJ2Sg4JO4ZivNhirilOzftE0/5Q
VqqRVTqtKf0pxEZNJ+sE8TdLDJszM916q6LuD+/mV4np71CdIHUkqOzfEDx618ek
T+7Sl+iPEu12lip342He2IeacuV7db+jh1OGcR3dni+N6qYH5nlZfLUo4QYF5zeh
3Iy3XNAnGMZNOxmodw7geleaE+lxcc23KdIcfYMWDjE5MHDLRHE=
-----END CERTIFICATE-----
Generated at Sun Jun 22 00:37:57 2025 by rpki-client