Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/cnJfzLh9iupcBaM491W6Sh7OCj0.roa
File: cnJfzLh9iupcBaM491W6Sh7OCj0.roa (raw, json)
Hash identifier: jjB+crv3Zuxe45al6lqZuy10M2aNU+dyRATA+ZVlotI=
Subject key identifier: 72:72:5F:CC:B8:7D:8A:EA:5C:05:A3:38:F7:55:BA:4A:1E:CE:0A:3D
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1D16
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/cnJfzLh9iupcBaM491W6Sh7OCj0.roa
Signing time: Sat 14 Jun 2025 20:39:57 +0000
ROA not before: Sat 14 Jun 2025 20:39:57 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7446 (0x1d16)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 14 20:39:57 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=72725FCCB87D8AEA5C05A338F755BA4A1ECE0A3D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:a5:74:1a:a7:f5:eb:6a:f4:c4:b2:43:d9:b3:
b6:54:82:57:5a:8d:b8:b2:6d:6e:2b:fb:ee:2f:90:
1c:71:79:1f:09:94:7e:55:c3:70:30:54:55:49:3b:
29:44:18:70:82:f3:9b:35:60:2b:5c:19:1a:a1:8b:
79:a0:2e:cd:ed:ef:98:1a:10:92:a7:a5:86:29:42:
ee:a8:a1:b5:6d:ec:9d:0e:90:ea:f1:dc:3f:04:97:
fd:ec:e9:75:a0:6a:af:07:31:15:20:63:e0:86:cd:
cc:04:12:08:37:de:b3:95:8e:e5:9a:5b:04:01:e0:
5e:24:3a:6c:ec:d5:6c:38:30:32:91:44:50:e5:a9:
94:6c:f1:d1:df:1f:f0:e3:e0:72:2e:5f:51:d7:c7:
44:cb:fb:7c:45:21:91:a9:91:f7:2a:4c:20:a7:6a:
e8:49:60:ff:ba:b2:35:18:61:26:a4:01:63:70:9b:
0e:9f:22:ed:30:a0:00:2f:c8:55:31:3e:22:1e:20:
0b:33:7f:7e:b3:b8:35:db:16:45:99:cd:95:c4:e9:
f0:94:a0:7a:9f:68:eb:b4:b2:57:2a:87:b8:29:4a:
86:b1:bd:db:01:a5:8a:8b:a8:50:53:f4:c7:a1:0d:
a1:86:7e:2b:97:31:7f:32:79:39:50:17:8c:e7:82:
58:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:72:5F:CC:B8:7D:8A:EA:5C:05:A3:38:F7:55:BA:4A:1E:CE:0A:3D
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/cnJfzLh9iupcBaM491W6Sh7OCj0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
88:de:6c:bf:36:24:66:7c:cc:87:63:78:23:97:4e:db:f7:85:
07:ff:1e:c7:ce:68:a8:02:fd:63:ba:c9:ed:ad:25:c7:00:de:
5b:1b:d3:96:ef:c3:b8:22:5a:7a:c0:51:b7:42:74:04:e8:58:
6b:73:64:fe:c1:a1:f3:f3:b3:bf:5f:76:2e:4a:ba:48:27:13:
6c:69:93:0e:ad:62:e6:e6:7e:8b:29:fc:2f:ea:22:6e:94:52:
c1:18:f6:9e:9e:d7:bc:c4:93:d4:c1:6c:11:b8:e2:60:29:75:
c7:36:9f:80:40:04:28:f4:87:e2:4d:1c:52:76:f2:4f:f6:c7:
2a:d0:fd:ff:ca:bc:77:56:4b:50:50:1d:d9:9c:7c:56:b4:4f:
b0:3e:e9:f9:7e:38:7d:f0:82:65:24:cf:da:25:37:08:1e:bd:
2d:fd:dd:b6:46:53:4a:4b:42:09:3c:3b:80:2b:5f:82:b3:74:
53:a6:bd:8a:24:b5:37:62:96:5e:90:d5:86:6a:24:13:a0:17:
32:c7:14:93:07:ca:4f:ef:b2:a9:b5:03:d1:0e:d4:7b:d5:f2:
13:07:a5:84:28:cc:de:92:e7:0f:c2:f0:fe:7e:4f:19:a2:ec:
bc:15:ba:e4:47:64:c7:e9:c2:84:cd:cf:66:71:16:73:b5:7b:
7f:77:ef:2d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHRYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTQy
MDM5NTdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDcyNzI1RkNDQjg3RDhB
RUE1QzA1QTMzOEY3NTVCQTRBMUVDRTBBM0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDepXQap/XravTEskPZs7ZUgldajbiybW4r++4vkBxxeR8JlH5V
w3AwVFVJOylEGHCC85s1YCtcGRqhi3mgLs3t75gaEJKnpYYpQu6oobVt7J0OkOrx
3D8El/3s6XWgaq8HMRUgY+CGzcwEEgg33rOVjuWaWwQB4F4kOmzs1Ww4MDKRRFDl
qZRs8dHfH/Dj4HIuX1HXx0TL+3xFIZGpkfcqTCCnauhJYP+6sjUYYSakAWNwmw6f
Iu0woAAvyFUxPiIeIAszf36zuDXbFkWZzZXE6fCUoHqfaOu0slcqh7gpSoaxvdsB
pYqLqFBT9MehDaGGfiuXMX8yeTlQF4zngliBAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUcnJfzLh9iupcBaM491W6Sh7OCj0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9jbkpmekxoOWl1cGNCYU00
OTFXNlNoN09DajAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAIjebL82JGZ8zIdjeCOXTtv3hQf/HsfOaKgC
/WO6ye2tJccA3lsb05bvw7giWnrAUbdCdAToWGtzZP7BofPzs79fdi5KukgnE2xp
kw6tYubmfosp/C/qIm6UUsEY9p6e17zEk9TBbBG44mApdcc2n4BABCj0h+JNHFJ2
8k/2xyrQ/f/KvHdWS1BQHdmcfFa0T7A+6fl+OH3wgmUkz9olNwgevS393bZGU0pL
Qgk8O4ArX4KzdFOmvYoktTdill6Q1YZqJBOgFzLHFJMHyk/vsqm1A9EO1HvV8hMH
pYQozN6S5w/C8P5+Txmi7LwVuuRHZMfpwoTNz2ZxFnO1e3937y0=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:55:27 2025 by rpki-client