Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/YT2qqH0wm3NTEBBj0p706hDfCS0.roa
File: YT2qqH0wm3NTEBBj0p706hDfCS0.roa (raw, json)
Hash identifier: XjlC4pPz0DpC1IkPgLPY/gAJkhtbrx/e6rABF1gZ5CE=
Subject key identifier: 61:3D:AA:A8:7D:30:9B:73:53:10:10:63:D2:9E:F4:EA:10:DF:09:2D
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 160A
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/YT2qqH0wm3NTEBBj0p706hDfCS0.roa
Signing time: Thu 05 Jun 2025 11:09:23 +0000
ROA not before: Thu 05 Jun 2025 11:09:23 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5642 (0x160a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 5 11:09:23 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=613DAAA87D309B7353101063D29EF4EA10DF092D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:2e:5b:20:47:16:09:81:48:74:d8:d5:5a:e9:
fd:74:80:bd:ef:ac:10:d3:1b:9f:03:6b:6b:bc:a0:
82:f1:0b:70:54:43:18:ea:cc:b0:2f:04:ff:be:43:
39:8b:0b:ac:64:09:a7:e0:da:c8:1e:d9:e1:27:7f:
b5:53:e9:0e:2a:7d:39:47:84:e5:b8:18:4e:61:1d:
06:de:e6:5e:37:73:65:96:5f:ae:50:60:79:05:98:
12:08:fb:55:86:7f:00:b7:9b:09:15:20:03:9c:3d:
ad:27:59:4d:c0:7b:3a:1d:7e:29:87:5f:07:8f:62:
5d:c4:0f:d8:97:8f:80:72:ba:30:d6:38:ac:94:54:
5c:5b:2c:89:ea:7c:84:d9:1e:e2:d9:43:f5:93:b2:
fc:3f:9a:37:38:f3:23:60:2d:b5:69:3a:35:a5:f0:
e3:41:3f:58:90:fe:6e:26:1d:c1:3a:c4:10:86:d2:
3f:8b:f7:89:d0:1b:72:19:54:26:dc:04:95:27:30:
9e:d9:d8:f6:fc:1e:51:1c:fd:d2:49:fd:67:3c:4c:
40:3a:f2:6c:e5:7d:8a:69:e4:d3:b5:a3:35:0a:72:
04:96:12:92:8d:55:6d:d2:6a:89:59:75:b6:68:55:
f2:a8:17:b2:ff:09:7d:b4:62:79:9e:91:b3:bf:26:
bf:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:3D:AA:A8:7D:30:9B:73:53:10:10:63:D2:9E:F4:EA:10:DF:09:2D
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/YT2qqH0wm3NTEBBj0p706hDfCS0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a6:59:12:b8:52:74:04:e9:9e:cc:8e:a8:92:b3:bd:74:be:40:
18:e9:1e:ab:96:ad:b2:42:2d:c5:b9:de:63:3d:ed:91:01:16:
ad:e8:2e:59:eb:6a:58:39:0c:4e:48:2f:f2:0a:4a:9a:c3:0e:
8e:80:5c:c6:d3:25:32:07:72:98:6f:11:8e:2a:96:c4:a9:13:
37:3a:56:2e:f7:c2:ce:c9:ac:47:65:58:f2:6e:f4:55:06:83:
df:5a:17:2d:f7:90:1b:4c:a8:9b:9c:c1:13:61:16:e8:38:67:
13:34:79:64:fd:51:f6:a2:bb:62:97:e2:5a:5c:fe:80:d1:8c:
e3:08:95:4b:bc:b2:2b:80:ed:e6:2e:a7:f0:d6:e7:be:4b:eb:
ce:91:85:69:71:71:6e:dc:8f:48:9e:0c:f4:36:8c:00:b7:ef:
4f:e4:29:21:dd:4e:05:cf:ba:a0:5c:d8:bd:99:cc:14:72:a8:
53:56:b2:47:23:bf:b8:77:3b:a3:ab:d1:d0:cb:58:d9:2c:93:
c1:08:98:57:bf:0c:90:1c:96:64:37:cc:5a:40:01:c5:03:7f:
ad:51:6a:7b:07:05:3f:83:dc:81:c6:ff:05:0f:3b:4c:3b:1a:
29:10:45:1c:bf:7d:68:1d:ed:ea:b1:87:17:89:db:f8:c1:1f:
e9:44:32:b0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFgowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDUx
MTA5MjNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDYxM0RBQUE4N0QzMDlC
NzM1MzEwMTA2M0QyOUVGNEVBMTBERjA5MkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDTLlsgRxYJgUh02NVa6f10gL3vrBDTG58Da2u8oILxC3BUQxjq
zLAvBP++QzmLC6xkCafg2sge2eEnf7VT6Q4qfTlHhOW4GE5hHQbe5l43c2WWX65Q
YHkFmBII+1WGfwC3mwkVIAOcPa0nWU3AezodfimHXwePYl3ED9iXj4ByujDWOKyU
VFxbLInqfITZHuLZQ/WTsvw/mjc48yNgLbVpOjWl8ONBP1iQ/m4mHcE6xBCG0j+L
94nQG3IZVCbcBJUnMJ7Z2Pb8HlEc/dJJ/Wc8TEA68mzlfYpp5NO1ozUKcgSWEpKN
VW3SaolZdbZoVfKoF7L/CX20YnmekbO/Jr9fAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUYT2qqH0wm3NTEBBj0p706hDfCS0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9ZVDJxcUgwd20zTlRFQkJq
MHA3MDZoRGZDUzAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAKZZErhSdATpnsyOqJKzvXS+QBjpHquWrbJC
LcW53mM97ZEBFq3oLlnralg5DE5IL/IKSprDDo6AXMbTJTIHcphvEY4qlsSpEzc6
Vi73ws7JrEdlWPJu9FUGg99aFy33kBtMqJucwRNhFug4ZxM0eWT9Ufaiu2KX4lpc
/oDRjOMIlUu8siuA7eYup/DW575L686RhWlxcW7cj0ieDPQ2jAC370/kKSHdTgXP
uqBc2L2ZzBRyqFNWskcjv7h3O6Or0dDLWNksk8EImFe/DJAclmQ3zFpAAcUDf61R
ansHBT+D3IHG/wUPO0w7GikQRRy/fWgd7eqxhxeJ2/jBH+lEMrA=
-----END CERTIFICATE-----
Generated at Sun Jun 22 02:19:47 2025 by rpki-client