Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/Z3D-IjS6WgtEdxcfYiUX65Ds9b0.roa
File: Z3D-IjS6WgtEdxcfYiUX65Ds9b0.roa (raw, json)
Hash identifier: 9UwNON5y/V+xXizVFGVjHaxW3QB94yC9/dEUPx3xhQk=
Subject key identifier: 67:70:FE:22:34:BA:5A:0B:44:77:17:1F:62:25:17:EB:90:EC:F5:BD
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 157E
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Z3D-IjS6WgtEdxcfYiUX65Ds9b0.roa
Signing time: Wed 04 Jun 2025 17:39:23 +0000
ROA not before: Wed 04 Jun 2025 17:39:23 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5502 (0x157e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 4 17:39:23 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=6770FE2234BA5A0B4477171F622517EB90ECF5BD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:2d:04:ad:1b:fb:5f:1d:15:b1:c3:82:87:af:
61:99:fb:56:34:2f:02:e8:93:e2:30:55:a1:9b:56:
86:f6:a0:38:7e:4e:32:0a:1f:c0:d3:13:4b:0f:d0:
b6:64:34:de:6b:85:5f:10:f7:26:57:0a:f6:7e:53:
ca:24:8d:47:34:e5:d4:b5:27:88:76:65:ae:1e:e1:
85:e2:12:01:f7:d4:8e:77:95:09:87:91:b3:ff:8e:
0d:11:b9:2c:58:b3:00:5b:25:56:36:ff:e5:d2:9f:
0d:88:4b:53:c9:ba:a1:39:cd:64:45:16:f9:91:f0:
d1:cf:4f:a1:31:53:df:e7:e5:7b:fb:9b:df:ff:43:
be:e2:e1:23:b0:db:95:c5:a3:58:58:a9:73:dc:6a:
60:e3:60:30:85:09:bb:72:6e:3d:a6:8f:f0:3f:9b:
87:7a:41:f4:c3:05:c5:b0:2e:d1:70:3a:be:bb:c6:
cd:9e:07:02:fb:ef:d7:e5:49:88:7b:f0:b5:9c:32:
ad:32:d2:0a:7a:90:00:2c:2a:26:71:34:27:9c:2c:
63:29:a0:09:4a:53:d6:f8:0e:55:07:91:fc:28:3f:
ec:0a:93:f4:f8:7c:bd:7c:b3:7c:e6:8a:b7:a1:87:
d7:4c:7c:76:90:c4:d4:df:4c:5f:ea:d0:12:0a:cf:
39:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:70:FE:22:34:BA:5A:0B:44:77:17:1F:62:25:17:EB:90:EC:F5:BD
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Z3D-IjS6WgtEdxcfYiUX65Ds9b0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
ab:a8:0e:66:df:e1:f7:f1:1e:aa:c5:d2:5e:56:bb:0c:5d:86:
0d:8e:bf:4d:5f:30:db:bc:53:4b:49:ac:4b:dd:31:95:ed:e8:
28:69:21:ae:20:0e:03:f5:e6:34:85:35:9a:a9:26:76:a3:85:
fe:7e:c7:eb:f8:f2:88:37:f7:d5:5d:15:97:1d:f7:26:d4:94:
ed:d7:ae:88:86:7b:56:9d:75:ac:3b:39:d6:89:20:84:73:fb:
4e:59:33:e4:f7:5f:32:95:59:4c:78:e2:52:eb:e8:4d:75:6b:
c3:fe:23:ff:7d:f1:84:36:3f:4d:ac:41:a1:f3:04:3d:7d:c5:
94:7a:1b:8e:19:fb:b6:b4:6c:87:60:54:ba:a5:91:82:cb:e9:
7f:a7:b0:85:97:a7:90:cc:bc:cb:42:f3:0e:58:87:66:82:3a:
b3:ce:3d:9e:4e:bc:50:e7:29:4c:71:59:74:a8:c8:9e:e6:7b:
9e:fa:ea:5f:bc:73:30:f0:df:b3:88:f1:ea:4e:8b:8c:19:29:
9d:53:32:4a:63:21:dc:2a:6a:10:ff:32:d7:87:55:9f:58:35:
7b:82:d6:16:10:19:d1:25:c3:87:11:80:d8:b5:51:3b:0e:a2:
78:45:1d:75:bb:2b:e4:4d:3e:57:36:f6:a4:70:fb:fe:35:54:
9c:8c:3f:cc
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFX4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDQx
NzM5MjNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDY3NzBGRTIyMzRCQTVB
MEI0NDc3MTcxRjYyMjUxN0VCOTBFQ0Y1QkQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvLQStG/tfHRWxw4KHr2GZ+1Y0LwLok+IwVaGbVob2oDh+TjIK
H8DTE0sP0LZkNN5rhV8Q9yZXCvZ+U8okjUc05dS1J4h2Za4e4YXiEgH31I53lQmH
kbP/jg0RuSxYswBbJVY2/+XSnw2IS1PJuqE5zWRFFvmR8NHPT6ExU9/n5Xv7m9//
Q77i4SOw25XFo1hYqXPcamDjYDCFCbtybj2mj/A/m4d6QfTDBcWwLtFwOr67xs2e
BwL779flSYh78LWcMq0y0gp6kAAsKiZxNCecLGMpoAlKU9b4DlUHkfwoP+wKk/T4
fL18s3zmirehh9dMfHaQxNTfTF/q0BIKzzljAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUZ3D+IjS6WgtEdxcfYiUX65Ds9b0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9aM0QtSWpTNldndEVkeGNm
WWlVWDY1RHM5YjAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAKuoDmbf4ffxHqrF0l5Wuwxdhg2Ov01fMNu8
U0tJrEvdMZXt6ChpIa4gDgP15jSFNZqpJnajhf5+x+v48og399VdFZcd9ybUlO3X
roiGe1addaw7OdaJIIRz+05ZM+T3XzKVWUx44lLr6E11a8P+I/998YQ2P02sQaHz
BD19xZR6G44Z+7a0bIdgVLqlkYLL6X+nsIWXp5DMvMtC8w5Yh2aCOrPOPZ5OvFDn
KUxxWXSoyJ7me5766l+8czDw37OI8epOi4wZKZ1TMkpjIdwqahD/MteHVZ9YNXuC
1hYQGdElw4cRgNi1UTsOonhFHXW7K+RNPlc29qRw+/41VJyMP8w=
-----END CERTIFICATE-----
Generated at Fri Jun 20 08:23:31 2025 by rpki-client