Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/hdw0E6vvDES6Zj0WwpIHWP-ctWA.roa
File: hdw0E6vvDES6Zj0WwpIHWP-ctWA.roa (raw, json)
Hash identifier: HMpYU0jKWSVZPBrQBXLkg0lX3JkrapC3M759QYdGnL0=
Subject key identifier: 85:DC:34:13:AB:EF:0C:44:BA:66:3D:16:C2:92:07:58:FF:9C:B5:60
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 16FE
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/hdw0E6vvDES6Zj0WwpIHWP-ctWA.roa
Signing time: Fri 06 Jun 2025 17:39:27 +0000
ROA not before: Fri 06 Jun 2025 17:39:27 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5886 (0x16fe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 6 17:39:27 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=85DC3413ABEF0C44BA663D16C2920758FF9CB560
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:4d:32:76:66:77:a0:29:6f:14:b0:4e:2b:15:
02:5a:40:66:e0:d8:11:94:c1:cc:a7:b9:c0:17:a2:
34:a7:38:dc:f9:65:1d:a6:88:b7:31:5d:ab:09:f0:
dc:46:0e:fe:13:9b:9e:dd:97:1b:ab:7e:2d:c7:1a:
1b:c8:b6:dd:ff:1d:6d:ad:62:e0:fa:6a:f7:06:23:
76:a9:9a:94:a4:b2:28:32:d4:3d:06:36:18:25:32:
a9:b8:75:32:3e:ff:89:10:fe:a5:4a:d5:2d:a2:95:
af:09:79:a7:c9:71:53:dc:49:37:d4:0e:45:18:32:
68:aa:e0:28:14:5b:69:fc:ed:d7:04:d7:ff:7b:a5:
59:f9:09:a5:6b:3a:2e:07:21:95:fb:13:a4:49:6b:
9a:89:7c:2b:9e:6d:4b:c1:1e:62:8e:12:16:49:b6:
91:37:17:2d:51:3c:03:24:a7:62:0b:c7:7a:3b:95:
42:69:85:70:d6:76:8e:93:ba:c2:80:43:00:09:71:
05:17:fd:37:94:fb:ab:aa:f0:a9:e6:fb:23:1a:dd:
41:58:26:08:56:ff:a1:81:d3:6a:51:58:05:1c:48:
bd:fc:df:d5:de:de:c5:cb:61:71:aa:c4:fc:dd:0a:
1a:c3:15:cb:6c:d5:8d:10:14:77:cd:09:ab:a9:5b:
4e:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:DC:34:13:AB:EF:0C:44:BA:66:3D:16:C2:92:07:58:FF:9C:B5:60
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/hdw0E6vvDES6Zj0WwpIHWP-ctWA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
13:f7:e0:4c:5d:7e:81:c7:37:67:79:97:af:20:b1:95:b6:f9:
16:c3:2b:c4:35:86:b8:0c:9a:53:41:83:3d:5a:e3:f9:60:81:
a7:30:3b:0b:57:47:fb:ec:86:bc:25:77:6d:03:44:7a:42:56:
c7:ae:d1:f4:80:a2:1a:8d:ff:bc:f4:5b:0a:be:bc:28:51:5b:
a9:02:8b:15:d0:c3:89:20:81:ba:c6:9e:26:3d:56:2e:0e:54:
01:83:3f:bf:ab:36:df:40:61:33:85:87:50:90:e2:45:ff:ad:
fe:88:23:00:96:e8:39:66:2d:ad:28:b8:6a:2f:cc:5a:ef:a9:
35:5c:72:bf:a1:94:f6:6a:74:d9:61:d3:fd:42:5b:2a:5e:41:
6d:cd:77:80:9b:19:72:b1:24:2a:ec:0a:45:61:c6:7a:e5:03:
5d:75:ed:e0:8e:aa:4b:67:76:f8:71:e3:c3:b3:02:ca:33:dd:
ee:42:fd:78:12:85:73:e4:7e:da:8a:35:2e:92:af:2d:c4:d0:
f6:5d:9e:f3:26:42:70:6f:e2:8f:97:f7:d3:3f:1a:a8:8d:55:
46:8c:8b:df:59:2b:27:f4:f1:bc:cd:07:5f:2a:dc:0c:14:b1:
95:89:c6:1e:f9:15:73:e5:84:e3:70:ff:53:83:f5:6e:6c:72:
5c:4e:63:2d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFv4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDYx
NzM5MjdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDg1REMzNDEzQUJFRjBD
NDRCQTY2M0QxNkMyOTIwNzU4RkY5Q0I1NjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCgTTJ2ZnegKW8UsE4rFQJaQGbg2BGUwcynucAXojSnONz5ZR2m
iLcxXasJ8NxGDv4Tm57dlxurfi3HGhvItt3/HW2tYuD6avcGI3apmpSksigy1D0G
NhglMqm4dTI+/4kQ/qVK1S2ila8JeafJcVPcSTfUDkUYMmiq4CgUW2n87dcE1/97
pVn5CaVrOi4HIZX7E6RJa5qJfCuebUvBHmKOEhZJtpE3Fy1RPAMkp2ILx3o7lUJp
hXDWdo6TusKAQwAJcQUX/TeU+6uq8Knm+yMa3UFYJghW/6GB02pRWAUcSL3839Xe
3sXLYXGqxPzdChrDFcts1Y0QFHfNCaupW06HAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUhdw0E6vvDES6Zj0WwpIHWP+ctWAwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9oZHcwRTZ2dkRFUzZaajBX
d3BJSFdQLWN0V0Eucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBABP34ExdfoHHN2d5l68gsZW2+RbDK8Q1hrgM
mlNBgz1a4/lggacwOwtXR/vshrwld20DRHpCVseu0fSAohqN/7z0Wwq+vChRW6kC
ixXQw4kggbrGniY9Vi4OVAGDP7+rNt9AYTOFh1CQ4kX/rf6IIwCW6DlmLa0ouGov
zFrvqTVccr+hlPZqdNlh0/1CWypeQW3Nd4CbGXKxJCrsCkVhxnrlA1117eCOqktn
dvhx48OzAsoz3e5C/XgShXPkftqKNS6Sry3E0PZdnvMmQnBv4o+X99M/GqiNVUaM
i99ZKyf08bzNB18q3AwUsZWJxh75FXPlhONw/1OD9W5sclxOYy0=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:52:58 2025 by rpki-client