Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/ZCvZjZpuArDMljwM3g74c3Mlap0.roa
File: ZCvZjZpuArDMljwM3g74c3Mlap0.roa (raw, json)
Hash identifier: +/fM/A3NB9JNNTfWg3jsscBSj4RuiHfWECj2k31hj2o=
Subject key identifier: 64:2B:D9:8D:9A:6E:02:B0:CC:96:3C:0C:DE:0E:F8:73:73:25:6A:9D
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1A52
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ZCvZjZpuArDMljwM3g74c3Mlap0.roa
Signing time: Wed 11 Jun 2025 04:09:49 +0000
ROA not before: Wed 11 Jun 2025 04:09:49 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6738 (0x1a52)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 11 04:09:49 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=642BD98D9A6E02B0CC963C0CDE0EF87373256A9D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:52:4e:93:8a:6c:bd:aa:27:d4:e8:40:a4:05:
d0:bc:8a:52:24:de:4f:c1:34:6e:74:fe:48:19:b2:
5f:1a:86:d4:ea:b9:e2:34:86:2e:67:be:a9:b5:3b:
49:26:64:5b:f0:b6:5a:1f:77:79:02:27:2c:b6:20:
01:57:1c:c2:61:b6:53:3d:7c:f5:4f:aa:ff:f9:83:
26:45:89:d7:a1:3f:5f:77:d6:5e:f3:2c:61:0e:fc:
c9:49:19:62:86:d9:e2:de:93:fa:bc:73:63:b4:4b:
10:be:b5:77:8b:6f:b1:73:7f:3d:fa:5d:19:c2:57:
f9:71:14:d5:54:c8:59:d3:50:6f:80:8f:0d:f7:6e:
10:c9:28:6b:a3:61:5a:bc:7f:77:3a:5c:ca:fc:87:
80:28:1d:78:a4:a0:57:d3:65:ba:7d:9f:94:c2:9c:
30:8e:22:e2:9f:80:76:48:40:55:66:01:bb:37:df:
4e:66:47:8e:37:69:e5:b2:f5:74:34:52:2e:a4:a3:
09:94:e8:ec:3f:4a:47:53:ad:2e:3c:ab:2d:ea:19:
7a:4f:00:b5:8d:ab:b2:0c:d5:21:1e:3e:c4:24:6b:
e3:b7:87:e5:a9:b5:00:76:33:d8:5c:9f:be:ff:42:
9a:c5:13:85:55:17:58:7a:96:fb:e0:a7:91:0a:e9:
d2:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:2B:D9:8D:9A:6E:02:B0:CC:96:3C:0C:DE:0E:F8:73:73:25:6A:9D
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/ZCvZjZpuArDMljwM3g74c3Mlap0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a9:44:30:94:b2:57:68:ea:9a:ca:92:01:0b:2b:f0:83:24:4c:
4f:7e:43:3f:96:5a:44:02:16:f6:eb:81:3d:3b:c2:f7:3c:74:
20:8f:d2:95:45:b3:1b:3f:c0:41:53:f6:01:ad:13:d3:d8:16:
33:b4:9d:f4:61:21:bf:7b:78:59:c5:6b:1d:69:df:8d:af:03:
0e:85:0e:b2:05:7d:35:c4:db:0d:ab:5f:6d:27:8d:87:75:4d:
2e:d4:b7:d7:b8:be:ba:43:2d:b4:97:ea:50:5e:48:a2:d8:c5:
74:17:02:e7:d5:f4:cc:29:f7:ed:0b:aa:fd:39:dd:0b:e2:21:
55:b3:08:19:ff:84:ee:5f:2c:39:78:28:02:ad:4b:6f:6b:a1:
04:2c:33:df:45:07:8d:ec:6f:5c:b3:00:d4:76:a0:b5:0c:6d:
f5:9c:09:a5:5f:fe:ab:08:bc:93:0f:3a:84:b2:95:91:02:90:
19:10:8f:6b:4f:87:c9:4d:30:f8:85:41:05:f9:90:3b:25:1e:
34:84:2f:5a:c9:dc:63:01:4f:58:dd:36:11:ff:5e:8a:79:0a:
0f:34:97:72:94:97:34:c2:b5:b9:44:6f:9c:d5:55:0c:c2:6c:
97:43:84:61:07:63:a2:e2:1f:5f:f0:ba:02:78:63:8e:d4:8b:
e2:9c:7a:b4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGlIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTEw
NDA5NDlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDY0MkJEOThEOUE2RTAy
QjBDQzk2M0MwQ0RFMEVGODczNzMyNTZBOUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCfUk6Timy9qifU6ECkBdC8ilIk3k/BNG50/kgZsl8ahtTqueI0
hi5nvqm1O0kmZFvwtlofd3kCJyy2IAFXHMJhtlM9fPVPqv/5gyZFidehP1931l7z
LGEO/MlJGWKG2eLek/q8c2O0SxC+tXeLb7Fzfz36XRnCV/lxFNVUyFnTUG+Ajw33
bhDJKGujYVq8f3c6XMr8h4AoHXikoFfTZbp9n5TCnDCOIuKfgHZIQFVmAbs3305m
R443aeWy9XQ0Ui6kowmU6Ow/SkdTrS48qy3qGXpPALWNq7IM1SEePsQka+O3h+Wp
tQB2M9hcn77/QprFE4VVF1h6lvvgp5EK6dKbAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUZCvZjZpuArDMljwM3g74c3Mlap0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9aQ3ZaalpwdUFyRE1sandN
M2c3NGMzTWxhcDAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAKlEMJSyV2jqmsqSAQsr8IMkTE9+Qz+WWkQC
FvbrgT07wvc8dCCP0pVFsxs/wEFT9gGtE9PYFjO0nfRhIb97eFnFax1p342vAw6F
DrIFfTXE2w2rX20njYd1TS7Ut9e4vrpDLbSX6lBeSKLYxXQXAufV9Mwp9+0Lqv05
3QviIVWzCBn/hO5fLDl4KAKtS29roQQsM99FB43sb1yzANR2oLUMbfWcCaVf/qsI
vJMPOoSylZECkBkQj2tPh8lNMPiFQQX5kDslHjSEL1rJ3GMBT1jdNhH/Xop5Cg80
l3KUlzTCtblEb5zVVQzCbJdDhGEHY6LiH1/wugJ4Y47Ui+KcerQ=
-----END CERTIFICATE-----
Generated at Sat Jun 21 03:07:14 2025 by rpki-client