Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/VA3ozsSyQu9yJ1_3AZ2z0KpBqrE.roa
File: VA3ozsSyQu9yJ1_3AZ2z0KpBqrE.roa (raw, json)
Hash identifier: FHqXvM9lrjghC9/tyVPMF2QCwbVi8uayvbUcsx15tNI=
Subject key identifier: 54:0D:E8:CE:C4:B2:42:EF:72:27:5F:F7:01:9D:B3:D0:AA:41:AA:B1
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1A2E
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/VA3ozsSyQu9yJ1_3AZ2z0KpBqrE.roa
Signing time: Tue 10 Jun 2025 23:39:50 +0000
ROA not before: Tue 10 Jun 2025 23:39:50 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6702 (0x1a2e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 10 23:39:50 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=540DE8CEC4B242EF72275FF7019DB3D0AA41AAB1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:4c:35:3c:8c:6a:1d:0a:7d:ea:ac:e6:2f:9c:
74:8b:b2:f3:28:d9:e2:34:91:af:84:84:f1:82:00:
68:5f:95:f6:90:ca:ec:26:f3:f6:f3:6a:89:e3:6e:
4c:cc:a3:0e:1f:f9:ea:be:a7:18:af:84:8e:a7:19:
11:eb:c1:75:d4:12:62:41:29:00:d5:84:16:cf:11:
d4:57:01:b6:9b:95:64:b2:2b:7a:8e:72:a3:95:26:
34:bb:53:a1:60:2b:f6:f6:8c:5c:ed:6d:60:a0:d8:
fe:65:d2:cf:db:80:15:c7:ab:ac:2b:fd:98:5b:81:
3a:e6:1b:f8:00:79:2c:7d:d6:e2:23:b8:ca:b4:df:
23:76:79:04:97:dd:ba:52:ed:f8:b8:1e:36:5f:3f:
a6:68:6a:d5:9c:6d:ef:b3:5b:d2:d0:28:75:01:c3:
bd:6a:12:f5:b1:de:8a:bd:3b:28:fb:5c:e3:37:1e:
91:da:e2:a8:7e:86:c0:e8:bd:b0:27:04:63:f9:e7:
bd:48:8c:44:a6:7e:2d:96:72:5a:88:b1:b7:68:b3:
d8:ec:4d:bb:ab:ec:94:62:67:7e:80:2b:58:3c:60:
1d:c3:bf:59:9a:27:b3:65:5c:25:ea:81:ac:a3:50:
80:50:e8:a3:5e:e6:c3:20:1a:8d:9c:af:e2:5a:a6:
d2:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:0D:E8:CE:C4:B2:42:EF:72:27:5F:F7:01:9D:B3:D0:AA:41:AA:B1
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/VA3ozsSyQu9yJ1_3AZ2z0KpBqrE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
aa:02:fb:eb:e3:b0:40:2c:b1:84:89:13:78:d2:cd:91:31:76:
3e:7f:18:29:e0:71:a1:cc:e4:6a:6e:8d:26:4a:31:f7:98:b0:
15:ee:93:b3:72:8e:a4:74:f6:92:13:80:d6:14:ff:42:8a:76:
db:c5:1c:31:db:dd:7b:11:1d:cc:c4:3c:81:d7:a8:6a:05:6c:
f9:40:ff:c4:63:12:e9:0a:64:c4:38:bc:b4:d8:71:6a:f4:45:
97:0b:cf:09:54:9e:af:f9:ab:3a:91:ae:4e:f4:8d:d0:0f:84:
0a:20:cf:a6:d7:79:2a:82:4f:b8:b9:46:27:a7:46:08:01:3e:
84:57:25:96:09:00:fd:1d:0a:65:0a:ab:66:80:df:1d:9a:71:
b6:f7:83:b3:80:d5:d6:d1:ca:55:b3:cf:53:21:e4:30:7a:94:
e0:34:5b:d3:37:85:82:d3:b2:65:2c:61:e3:30:f6:1a:bc:41:
0c:8a:fe:c2:55:cf:de:6c:61:de:70:9a:0a:e9:79:d3:07:c7:
62:a2:2c:f2:47:aa:80:67:04:83:04:b1:96:ab:85:b0:54:41:
43:75:77:8f:5c:b2:ff:ca:af:dd:ce:66:10:fc:c6:28:79:58:
67:30:64:10:60:07:3b:63:28:de:8a:ce:a2:d9:a6:49:50:65:
ae:b3:88:0c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGi4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTAy
MzM5NTBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDU0MERFOENFQzRCMjQy
RUY3MjI3NUZGNzAxOURCM0QwQUE0MUFBQjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDeTDU8jGodCn3qrOYvnHSLsvMo2eI0ka+EhPGCAGhflfaQyuwm
8/bzaonjbkzMow4f+eq+pxivhI6nGRHrwXXUEmJBKQDVhBbPEdRXAbablWSyK3qO
cqOVJjS7U6FgK/b2jFztbWCg2P5l0s/bgBXHq6wr/ZhbgTrmG/gAeSx91uIjuMq0
3yN2eQSX3bpS7fi4HjZfP6ZoatWcbe+zW9LQKHUBw71qEvWx3oq9Oyj7XOM3HpHa
4qh+hsDovbAnBGP5571IjESmfi2WclqIsbdos9jsTbur7JRiZ36AK1g8YB3Dv1ma
J7NlXCXqgayjUIBQ6KNe5sMgGo2cr+JaptLlAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUVA3ozsSyQu9yJ1/3AZ2z0KpBqrEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9WQTNvenNTeVF1OXlKMV8z
QVoyejBLcEJxckUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAKoC++vjsEAssYSJE3jSzZExdj5/GCngcaHM
5GpujSZKMfeYsBXuk7NyjqR09pITgNYU/0KKdtvFHDHb3XsRHczEPIHXqGoFbPlA
/8RjEukKZMQ4vLTYcWr0RZcLzwlUnq/5qzqRrk70jdAPhAogz6bXeSqCT7i5Rien
RggBPoRXJZYJAP0dCmUKq2aA3x2acbb3g7OA1dbRylWzz1Mh5DB6lOA0W9M3hYLT
smUsYeMw9hq8QQyK/sJVz95sYd5wmgrpedMHx2KiLPJHqoBnBIMEsZarhbBUQUN1
d49csv/Kr93OZhD8xih5WGcwZBBgBztjKN6KzqLZpklQZa6ziAw=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:19:48 2025 by rpki-client