Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/tknEIjkN2q3BsUsw8-C1IJIsyLk.roa
File: tknEIjkN2q3BsUsw8-C1IJIsyLk.roa (raw, json)
Hash identifier: 00PfVNG5+hqt6u5fHzR0h4kGbWu916gTgFuyqPr+VLU=
Subject key identifier: B6:49:C4:22:39:0D:DA:AD:C1:B1:4B:30:F3:E0:B5:20:92:2C:C8:B9
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 145A
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/tknEIjkN2q3BsUsw8-C1IJIsyLk.roa
Signing time: Tue 03 Jun 2025 05:09:24 +0000
ROA not before: Tue 03 Jun 2025 05:09:24 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 119.16.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5210 (0x145a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 3 05:09:24 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=B649C422390DDAADC1B14B30F3E0B520922CC8B9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:8a:37:ff:f6:d0:87:df:14:4b:e7:02:48:c7:
fa:a4:b1:e1:ad:70:36:3e:87:32:19:0a:d5:ba:45:
7a:1f:3d:aa:fb:8b:ae:65:c3:5b:62:4f:30:bd:6f:
0d:18:81:47:9a:32:b4:f7:03:1f:ec:fb:ab:5c:84:
00:6c:c3:1b:08:59:e4:aa:2d:7e:86:4e:44:3c:9a:
b2:d9:9a:29:08:08:48:93:8f:ae:44:9b:5b:28:10:
39:24:71:8e:f8:3b:4f:0e:79:ef:87:ae:58:04:3a:
db:6d:a4:97:f1:f2:c0:a4:3f:6b:1f:71:73:07:5d:
d5:fd:3e:ba:5b:e6:fc:fb:6a:2f:34:5b:e6:0e:f8:
ff:08:7d:58:99:48:10:5e:55:47:c2:85:36:8f:61:
ec:1b:5f:b5:ce:8a:14:b6:2b:1f:44:95:aa:d3:66:
a1:7f:f1:fc:ef:78:ba:97:4a:fa:7a:8d:b5:43:4f:
86:a0:79:d7:eb:23:86:11:ca:c1:66:06:42:6d:ab:
65:6b:dd:0a:f7:68:3b:be:e6:a4:a4:45:c4:8d:8f:
17:3e:d9:36:33:aa:81:d4:6f:9b:8d:e6:6b:40:b7:
b7:2a:e2:9b:79:11:a5:c6:27:d3:62:3f:38:df:86:
25:af:8b:9b:e2:0f:d7:58:c1:c7:cf:27:7a:76:82:
45:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:49:C4:22:39:0D:DA:AD:C1:B1:4B:30:F3:E0:B5:20:92:2C:C8:B9
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/tknEIjkN2q3BsUsw8-C1IJIsyLk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
119.16.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8f:27:5a:1c:26:b5:a6:5d:fa:d3:09:09:2e:a1:88:1f:58:26:
f2:ad:74:4a:69:f4:da:8c:41:c6:ce:f3:2b:45:5e:47:b3:2e:
ba:e5:c1:38:d1:01:f0:88:06:59:7b:64:dd:f0:00:e6:25:b9:
84:e6:15:81:9f:d7:6a:32:6e:8f:26:be:f1:44:41:dc:db:5c:
5e:13:05:c9:05:82:f5:fd:44:14:ba:77:d3:ce:48:31:c5:54:
3d:d1:c1:49:bb:81:d8:68:ee:25:62:0f:a1:72:79:ce:5c:99:
71:fa:bd:93:de:bb:df:04:26:06:ae:08:be:e8:50:8b:81:48:
31:43:23:38:34:b8:1b:5a:13:d2:72:77:9a:7f:1f:32:06:0f:
90:06:94:a1:3c:16:d3:1d:83:73:e3:d8:e7:f3:cf:3d:fd:a0:
1a:cf:27:96:b9:2c:84:a6:99:e0:09:69:14:72:71:30:73:6e:
d2:43:bc:09:ac:03:de:c5:07:b2:4d:a5:b5:47:5b:56:cc:67:
91:85:0d:48:56:87:48:26:a4:22:20:38:8d:18:3e:69:b0:d2:
4f:83:5b:9a:29:6f:0a:a6:2f:9a:49:8f:4e:7f:88:f5:d3:b1:
ef:8c:47:23:28:46:91:ae:54:44:05:cb:ff:a4:25:77:90:21:
49:0f:c1:9f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFFowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDMw
NTA5MjRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEI2NDlDNDIyMzkwRERB
QURDMUIxNEIzMEYzRTBCNTIwOTIyQ0M4QjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCijf/9tCH3xRL5wJIx/qkseGtcDY+hzIZCtW6RXofPar7i65l
w1tiTzC9bw0YgUeaMrT3Ax/s+6tchABswxsIWeSqLX6GTkQ8mrLZmikICEiTj65E
m1soEDkkcY74O08Oee+HrlgEOtttpJfx8sCkP2sfcXMHXdX9Prpb5vz7ai80W+YO
+P8IfViZSBBeVUfChTaPYewbX7XOihS2Kx9ElarTZqF/8fzveLqXSvp6jbVDT4ag
edfrI4YRysFmBkJtq2Vr3Qr3aDu+5qSkRcSNjxc+2TYzqoHUb5uN5mtAt7cq4pt5
EaXGJ9NiPzjfhiWvi5viD9dYwcfPJ3p2gkVFAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUtknEIjkN2q3BsUsw8+C1IJIsyLkwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni90a25FSWprTjJxM0JzVXN3
OC1DMUlKSXN5TGsucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAI8nWhwmtaZd+tMJCS6hiB9YJvKtdEpp9NqM
QcbO8ytFXkezLrrlwTjRAfCIBll7ZN3wAOYluYTmFYGf12oybo8mvvFEQdzbXF4T
BckFgvX9RBS6d9POSDHFVD3RwUm7gdho7iViD6Fyec5cmXH6vZPeu98EJgauCL7o
UIuBSDFDIzg0uBtaE9Jyd5p/HzIGD5AGlKE8FtMdg3Pj2Ofzzz39oBrPJ5a5LISm
meAJaRRycTBzbtJDvAmsA97FB7JNpbVHW1bMZ5GFDUhWh0gmpCIgOI0YPmmw0k+D
W5opbwqmL5pJj05/iPXTse+MRyMoRpGuVEQFy/+kJXeQIUkPwZ8=
-----END CERTIFICATE-----
Generated at Sun Jun 22 07:00:01 2025 by rpki-client