Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/loe8cCzrolvKRxfu6UGvnNSj9dA.roa
File: loe8cCzrolvKRxfu6UGvnNSj9dA.roa (raw, json)
Hash identifier: KCL/Fdx3hySOtOaPD8vpaXeene/3p9eEEPUspgvdahQ=
Subject key identifier: 96:87:BC:70:2C:EB:A2:5B:CA:47:17:EE:E9:41:AF:9C:D4:A3:F5:D0
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 165E
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/loe8cCzrolvKRxfu6UGvnNSj9dA.roa
Signing time: Thu 05 Jun 2025 21:40:14 +0000
ROA not before: Thu 05 Jun 2025 21:40:14 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5726 (0x165e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 5 21:40:14 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=9687BC702CEBA25BCA4717EEE941AF9CD4A3F5D0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:8e:0a:0b:a9:38:cf:85:2f:cc:10:e2:d0:3d:
89:91:59:82:05:bb:8f:11:79:be:f4:fa:b2:8f:8c:
84:f8:19:7f:3d:9a:28:89:fb:16:aa:6c:97:b4:4e:
02:e5:08:30:8d:34:e6:61:7e:17:ed:93:65:bc:fa:
fc:eb:c9:cd:dc:2c:1c:9d:c3:4a:a3:c1:c3:3b:84:
7b:03:0c:6e:90:61:97:63:13:4c:17:a9:22:67:eb:
2c:bd:16:18:f2:91:89:39:4d:3f:c3:b6:dc:14:08:
9a:e9:04:6b:69:86:34:3c:4d:8f:74:5e:08:f6:ef:
c6:9a:ee:cd:48:0d:91:44:6c:44:b5:dd:c5:48:fc:
79:3f:3c:d5:e6:ac:80:30:32:12:cb:8a:cc:e6:28:
ac:fa:9f:0a:23:10:09:19:8f:19:c4:7c:ff:c1:b7:
c9:df:a1:6f:fe:c5:4b:c3:b2:09:ef:3d:78:45:6c:
42:5f:25:78:36:b9:a9:92:44:22:3b:8f:bd:18:86:
dc:f6:7d:4d:d2:f7:64:c0:9f:2b:f2:4f:5d:21:f8:
d5:7b:a7:b5:72:d7:30:fe:08:de:7b:56:c2:e7:c7:
ad:13:04:7b:b9:83:a0:30:94:7d:c6:d3:44:a0:27:
7b:b4:ec:c3:53:22:88:46:6a:00:fc:3b:66:3d:d2:
16:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:87:BC:70:2C:EB:A2:5B:CA:47:17:EE:E9:41:AF:9C:D4:A3:F5:D0
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/loe8cCzrolvKRxfu6UGvnNSj9dA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
0b:ca:bf:87:91:9d:72:6d:30:0b:db:80:b0:1f:dd:e0:47:36:
b9:f4:8e:43:e7:bb:fe:d4:fc:d0:01:cb:32:e4:e4:b5:05:cb:
de:e3:ef:c9:18:3e:89:e3:0b:d9:44:0d:99:21:05:a6:81:95:
07:e0:c2:6a:01:f5:6f:f1:7a:03:56:13:b1:a6:f7:89:e2:e2:
03:24:9e:88:e6:59:5b:94:41:f3:61:5e:26:bb:12:ab:a8:75:
9b:db:7a:dd:0c:12:7b:cb:f2:b3:56:9e:db:37:b6:97:04:9c:
81:54:e8:21:57:3e:10:5a:47:53:3a:61:8d:a7:24:23:11:ed:
f7:15:55:05:fe:80:86:08:11:0b:ca:20:17:6c:ca:ac:22:cf:
ae:23:04:df:6d:33:56:be:94:e5:79:9a:5d:21:f6:2c:da:a4:
8b:09:dd:2d:db:fb:3d:fd:a8:bc:cb:f5:e4:67:0d:63:98:05:
a7:8c:02:cf:10:d8:75:7a:60:ba:8d:94:07:d6:87:58:1f:22:
48:e3:28:f3:da:97:c2:4b:fc:fd:d3:84:39:c7:f1:69:fb:2d:
10:7c:9b:2f:1d:1e:16:4e:97:12:f5:32:61:76:3d:0a:df:e9:
f0:7c:7c:a7:18:e8:c2:3f:04:36:40:d1:47:4e:fb:65:d6:a2:
da:68:a2:24
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFl4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDUy
MTQwMTRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDk2ODdCQzcwMkNFQkEy
NUJDQTQ3MTdFRUU5NDFBRjlDRDRBM0Y1RDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDzjgoLqTjPhS/MEOLQPYmRWYIFu48Reb70+rKPjIT4GX89miiJ
+xaqbJe0TgLlCDCNNOZhfhftk2W8+vzryc3cLBydw0qjwcM7hHsDDG6QYZdjE0wX
qSJn6yy9FhjykYk5TT/DttwUCJrpBGtphjQ8TY90Xgj278aa7s1IDZFEbES13cVI
/Hk/PNXmrIAwMhLLiszmKKz6nwojEAkZjxnEfP/Bt8nfoW/+xUvDsgnvPXhFbEJf
JXg2uamSRCI7j70Yhtz2fU3S92TAnyvyT10h+NV7p7Vy1zD+CN57VsLnx60TBHu5
g6AwlH3G00SgJ3u07MNTIohGagD8O2Y90hbxAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUloe8cCzrolvKRxfu6UGvnNSj9dAwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9sb2U4Y0N6cm9sdktSeGZ1
NlVHdm5OU2o5ZEEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAAvKv4eRnXJtMAvbgLAf3eBHNrn0jkPnu/7U
/NAByzLk5LUFy97j78kYPonjC9lEDZkhBaaBlQfgwmoB9W/xegNWE7Gm94ni4gMk
nojmWVuUQfNhXia7EquodZvbet0MEnvL8rNWnts3tpcEnIFU6CFXPhBaR1M6YY2n
JCMR7fcVVQX+gIYIEQvKIBdsyqwiz64jBN9tM1a+lOV5ml0h9izapIsJ3S3b+z39
qLzL9eRnDWOYBaeMAs8Q2HV6YLqNlAfWh1gfIkjjKPPal8JL/P3ThDnH8Wn7LRB8
my8dHhZOlxL1MmF2PQrf6fB8fKcY6MI/BDZA0UdO+2XWotpooiQ=
-----END CERTIFICATE-----
Generated at Sun Jun 22 06:59:16 2025 by rpki-client