Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/Ye_XwR6xb7tzHEoN5chm7o7QBwE.roa
File: Ye_XwR6xb7tzHEoN5chm7o7QBwE.roa (raw, json)
Hash identifier: HH4niqwRrGhkAqftJ4YbxqkOtZ9JErHUaqc8war+qr8=
Subject key identifier: 61:EF:D7:C1:1E:B1:6F:BB:73:1C:4A:0D:E5:C8:66:EE:8E:D0:07:01
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1CB2
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Ye_XwR6xb7tzHEoN5chm7o7QBwE.roa
Signing time: Sat 14 Jun 2025 08:18:58 +0000
ROA not before: Sat 14 Jun 2025 08:18:58 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7346 (0x1cb2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 14 08:18:58 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=61EFD7C11EB16FBB731C4A0DE5C866EE8ED00701
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:58:e3:2f:78:06:ac:d8:90:8b:22:a2:06:ea:
31:44:dc:4b:07:e9:c5:58:dd:f9:6a:be:3a:41:12:
a2:af:68:30:e1:d3:a1:83:d8:bb:90:b7:12:91:c9:
19:42:e2:a5:a1:3d:82:1a:c7:79:6b:42:d7:ff:0b:
04:8c:92:04:e3:74:08:79:71:46:94:2c:85:70:a2:
15:fb:ef:00:2a:40:68:cb:ed:0f:03:94:6f:07:51:
50:e6:12:ef:63:9d:04:4c:dc:99:63:8c:74:d7:a6:
aa:4c:27:23:a4:fe:dd:2f:e7:97:8e:8a:2c:16:3a:
77:d5:cf:66:81:01:1d:45:5c:b8:cc:24:ae:10:c9:
d0:e0:3f:77:2b:3d:4c:12:b5:5d:1d:ce:d1:2f:8d:
33:64:a4:7f:f4:74:af:82:00:64:89:5b:dd:8e:f3:
bf:1d:da:1f:43:df:32:e8:cb:70:ba:77:57:67:03:
88:93:d5:d3:37:c8:d9:4a:99:5b:35:a4:b7:82:46:
31:09:1c:41:66:81:43:5b:a0:2b:c6:64:b4:c8:bf:
c4:3c:4d:e9:90:c5:c8:76:02:48:2b:a6:5d:31:37:
7c:b6:44:c9:da:c8:92:83:fb:48:5b:97:36:3a:1f:
ab:7f:55:92:86:5b:54:0f:d5:03:bb:d1:5b:96:97:
63:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:EF:D7:C1:1E:B1:6F:BB:73:1C:4A:0D:E5:C8:66:EE:8E:D0:07:01
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Ye_XwR6xb7tzHEoN5chm7o7QBwE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2b:25:2d:bf:b4:bc:f0:86:51:e6:d8:12:0f:49:da:16:b9:a1:
a7:e9:01:17:31:57:c5:1b:92:48:07:ba:8a:d6:27:d0:d6:bf:
ff:96:bb:73:e2:1c:b3:c7:0c:8f:91:6e:3c:59:7b:7d:a7:16:
39:e1:e4:62:6b:c7:e0:a1:a4:1d:2b:c6:63:12:dd:09:5d:ef:
a7:b3:32:6d:d4:5b:ea:af:1f:ff:87:a1:09:29:1c:c4:fa:34:
7d:fc:f9:d7:4f:5d:31:aa:3e:f8:f4:75:7f:83:dc:62:b7:aa:
ba:4c:f3:18:a8:b1:14:aa:4a:47:93:09:6d:99:eb:6d:b3:c4:
51:12:27:0f:39:52:7b:e5:33:56:21:1f:ae:7b:09:a5:56:5d:
69:0e:5d:9a:f5:5c:90:ff:b6:43:84:c2:43:54:5b:63:58:40:
35:ba:13:b0:46:e1:00:04:0e:34:9e:6a:41:d9:68:6d:51:f2:
dd:7c:c3:61:11:2c:88:3c:b8:06:db:e1:1b:32:4b:95:bf:44:
fe:d6:fa:71:9f:32:1e:c9:cc:8f:52:75:fd:d6:d4:ae:22:07:
1d:2f:b6:21:27:11:fb:62:0a:5b:a4:e7:fa:41:0f:4a:dc:9d:
dd:42:3c:e1:42:a5:fa:b1:c0:7d:76:1e:e7:98:f6:67:a4:fa:
e0:02:71:38
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHLIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTQw
ODE4NThaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDYxRUZEN0MxMUVCMTZG
QkI3MzFDNEEwREU1Qzg2NkVFOEVEMDA3MDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDnWOMveAas2JCLIqIG6jFE3EsH6cVY3flqvjpBEqKvaDDh06GD
2LuQtxKRyRlC4qWhPYIax3lrQtf/CwSMkgTjdAh5cUaULIVwohX77wAqQGjL7Q8D
lG8HUVDmEu9jnQRM3JljjHTXpqpMJyOk/t0v55eOiiwWOnfVz2aBAR1FXLjMJK4Q
ydDgP3crPUwStV0dztEvjTNkpH/0dK+CAGSJW92O878d2h9D3zLoy3C6d1dnA4iT
1dM3yNlKmVs1pLeCRjEJHEFmgUNboCvGZLTIv8Q8TemQxch2Akgrpl0xN3y2RMna
yJKD+0hblzY6H6t/VZKGW1QP1QO70VuWl2OJAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUYe/XwR6xb7tzHEoN5chm7o7QBwEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9ZZV9Yd1I2eGI3dHpIRW9O
NWNobTdvN1FCd0Uucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBACslLb+0vPCGUebYEg9J2ha5oafpARcxV8Ub
kkgHuorWJ9DWv/+Wu3PiHLPHDI+RbjxZe32nFjnh5GJrx+ChpB0rxmMS3Qld76ez
Mm3UW+qvH/+HoQkpHMT6NH38+ddPXTGqPvj0dX+D3GK3qrpM8xiosRSqSkeTCW2Z
622zxFESJw85UnvlM1YhH657CaVWXWkOXZr1XJD/tkOEwkNUW2NYQDW6E7BG4QAE
DjSeakHZaG1R8t18w2ERLIg8uAbb4RsyS5W/RP7W+nGfMh7JzI9Sdf3W1K4iBx0v
tiEnEftiCluk5/pBD0rcnd1CPOFCpfqxwH12HueY9mek+uACcTg=
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:58:57 2025 by rpki-client