Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/NQ82950UDaAiWXGWlt_S145FdZk.roa
File: NQ82950UDaAiWXGWlt_S145FdZk.roa (raw, json)
Hash identifier: TyRtapkT1d/622queYTwo8qXsCvQVd4rV33bv84971A=
Subject key identifier: 35:0F:36:F7:9D:14:0D:A0:22:59:71:96:96:DF:D2:D7:8E:45:75:99
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 154E
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/NQ82950UDaAiWXGWlt_S145FdZk.roa
Signing time: Wed 04 Jun 2025 11:39:20 +0000
ROA not before: Wed 04 Jun 2025 11:39:20 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5454 (0x154e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 4 11:39:20 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=350F36F79D140DA02259719696DFD2D78E457599
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:dd:9e:f2:ab:e4:ba:76:82:36:5e:3a:26:80:
6c:bc:2d:f6:bd:13:f3:d9:81:70:6e:c2:f0:9d:44:
f8:03:78:0a:a7:20:42:20:bb:9c:68:af:95:d2:31:
8d:c0:d3:5d:4c:a8:e7:2f:4b:ea:b9:f2:50:d7:bb:
b6:ec:c6:4c:66:a3:b6:09:5c:91:b2:4c:ac:70:a1:
2b:d8:4f:de:c5:f4:66:bd:3c:f0:a0:4e:5a:53:6c:
8c:05:ca:a8:f7:4a:a2:a0:4f:4a:06:3c:f0:c4:c3:
eb:96:14:59:9c:3c:a5:e2:3c:08:30:19:23:41:da:
11:e8:aa:ed:a0:24:d8:9c:fa:0e:ed:85:8b:95:6e:
69:85:9c:91:4a:22:85:b1:0d:31:2e:de:d8:8d:e1:
5b:e1:08:7c:5a:bf:20:83:49:21:b3:68:40:2a:71:
e8:70:f0:d5:ea:df:06:32:7d:07:21:21:a9:1a:cc:
f4:fa:4e:86:19:ac:27:40:7c:3d:60:86:bf:a0:62:
d4:25:e4:90:ba:56:50:01:fb:7d:ad:53:d7:97:25:
21:d4:c4:27:8e:49:e9:2d:5f:67:6d:ee:16:2d:6b:
71:a3:cb:bb:e9:c1:60:bb:af:59:8a:c3:ff:6a:7e:
71:b9:68:d2:92:73:00:25:96:b6:7f:fe:0d:4f:c6:
ed:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:0F:36:F7:9D:14:0D:A0:22:59:71:96:96:DF:D2:D7:8E:45:75:99
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/NQ82950UDaAiWXGWlt_S145FdZk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
1f:2d:89:b0:7a:22:c9:98:26:97:ed:33:02:e3:7f:fb:89:47:
17:16:93:f6:d4:21:e8:f9:b8:c8:9a:bf:15:42:73:25:3c:01:
04:3e:b6:a8:e1:1e:05:e1:6c:11:49:ea:6a:0d:30:0a:0d:86:
ea:aa:99:6f:48:47:e2:c4:d4:23:15:25:ce:5f:80:ed:19:51:
ca:a6:90:66:2f:d6:a2:87:4f:85:3e:b6:1e:ff:35:5f:45:51:
8a:f9:e6:d1:3c:01:1f:2f:c9:96:ae:76:38:f3:79:fb:de:cc:
f4:ef:5c:ce:e5:d1:87:55:87:6d:d4:00:0b:8f:ce:67:e2:eb:
f4:fa:93:46:8b:a8:e7:c8:b9:ce:78:8a:b5:be:1f:6c:9c:2c:
97:bd:70:35:c4:f2:d1:5c:ce:19:82:35:0b:95:2c:6e:4f:58:
af:b2:44:75:22:70:38:52:73:9c:10:7e:63:90:0a:ef:ec:2b:
f1:ba:6a:df:46:d7:de:a1:e5:dd:62:44:e7:3f:3e:70:2e:75:
60:5e:1e:d0:6c:16:40:b3:86:cb:f3:1d:d4:d7:62:ca:2c:1a:
2c:cd:68:0f:ca:6f:ef:47:2a:96:a7:f8:83:fa:ec:d3:da:6d:
29:ff:d5:86:fb:8b:36:4c:23:80:76:ed:57:47:d0:29:1e:d5:
92:65:d0:57
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFU4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDQx
MTM5MjBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDM1MEYzNkY3OUQxNDBE
QTAyMjU5NzE5Njk2REZEMkQ3OEU0NTc1OTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDK3Z7yq+S6doI2XjomgGy8Lfa9E/PZgXBuwvCdRPgDeAqnIEIg
u5xor5XSMY3A011MqOcvS+q58lDXu7bsxkxmo7YJXJGyTKxwoSvYT97F9Ga9PPCg
TlpTbIwFyqj3SqKgT0oGPPDEw+uWFFmcPKXiPAgwGSNB2hHoqu2gJNic+g7thYuV
bmmFnJFKIoWxDTEu3tiN4VvhCHxavyCDSSGzaEAqcehw8NXq3wYyfQchIakazPT6
ToYZrCdAfD1ghr+gYtQl5JC6VlAB+32tU9eXJSHUxCeOSektX2dt7hYta3Gjy7vp
wWC7r1mKw/9qfnG5aNKScwAllrZ//g1Pxu2rAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUNQ82950UDaAiWXGWlt/S145FdZkwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9OUTgyOTUwVURhQWlXWEdX
bHRfUzE0NUZkWmsucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAB8tibB6IsmYJpftMwLjf/uJRxcWk/bUIej5
uMiavxVCcyU8AQQ+tqjhHgXhbBFJ6moNMAoNhuqqmW9IR+LE1CMVJc5fgO0ZUcqm
kGYv1qKHT4U+th7/NV9FUYr55tE8AR8vyZaudjjzefvezPTvXM7l0YdVh23UAAuP
zmfi6/T6k0aLqOfIuc54irW+H2ycLJe9cDXE8tFczhmCNQuVLG5PWK+yRHUicDhS
c5wQfmOQCu/sK/G6at9G196h5d1iROc/PnAudWBeHtBsFkCzhsvzHdTXYsosGizN
aA/Kb+9HKpan+IP67NPabSn/1Yb7izZMI4B27VdH0Cke1ZJl0Fc=
-----END CERTIFICATE-----
Generated at Sat Jun 21 22:46:22 2025 by rpki-client