Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/Dfxixzei9sxCphvaNwIMzV3bWcY.roa
File: Dfxixzei9sxCphvaNwIMzV3bWcY.roa (raw, json)
Hash identifier: JJrNGD8GLrkx5gIiSUrsTtFnZEp9ToFAS3DM8hToU80=
Subject key identifier: 0D:FC:62:C7:37:A2:F6:CC:42:A6:1B:DA:37:02:0C:CD:5D:DB:59:C6
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2115
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Dfxixzei9sxCphvaNwIMzV3bWcY.roa
Signing time: Fri 20 Jun 2025 16:11:42 +0000
ROA not before: Fri 20 Jun 2025 16:11:42 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 27.103.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8469 (0x2115)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 20 16:11:42 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=0DFC62C737A2F6CC42A61BDA37020CCD5DDB59C6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:cd:2d:ee:cb:62:08:b3:10:fb:c5:4a:67:78:
dd:13:4b:c8:ff:29:99:87:f8:16:bd:2d:50:35:43:
2c:ea:f1:22:9a:58:8c:32:0b:46:e0:c5:18:20:45:
da:30:59:69:10:41:6b:ec:a6:03:02:48:08:63:ce:
36:b2:61:c8:64:2f:53:9a:25:7e:68:98:e3:c4:94:
8b:ec:8f:01:14:fe:36:69:84:0a:a7:be:01:22:96:
5e:00:62:25:96:ac:42:ff:16:7d:fe:b1:60:3f:08:
bc:4f:51:81:7a:a7:47:d7:4f:b2:45:3a:d3:fa:b0:
0b:06:bf:79:72:4a:fe:df:6f:b7:1c:d0:55:67:cd:
64:09:72:d6:8c:1f:ce:6e:ed:2d:14:7c:0c:3e:d2:
9e:7d:04:d0:c1:44:62:a2:27:4c:34:eb:ce:8e:50:
8f:d4:12:f7:ad:93:d1:33:57:d8:f7:e8:38:e7:d7:
dc:b4:e9:61:9f:ae:2a:5f:be:42:45:4e:ed:20:a9:
0f:01:ed:ae:ac:12:4e:ab:1f:ea:68:53:b0:1e:63:
e0:cb:6e:c0:b8:17:f3:d5:de:a4:17:52:ef:25:35:
01:47:04:4f:61:0e:22:a8:08:ca:96:b4:c0:d7:77:
ba:f6:33:43:a9:4f:34:a3:bf:4f:78:df:8d:f0:54:
5c:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:FC:62:C7:37:A2:F6:CC:42:A6:1B:DA:37:02:0C:CD:5D:DB:59:C6
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Dfxixzei9sxCphvaNwIMzV3bWcY.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
27.103.0.0/16
Signature Algorithm: sha256WithRSAEncryption
44:bb:21:76:e2:c5:93:50:d0:c0:f0:48:9f:46:84:46:8e:05:
58:ba:ae:ae:df:53:6f:89:5f:60:bd:17:13:cf:4b:75:e2:9e:
59:98:4e:7a:a2:02:73:f5:49:c7:47:e6:c1:82:f7:45:e5:99:
12:07:8a:39:3e:7e:62:b2:29:e4:75:ac:39:35:1a:73:50:0e:
6d:96:b2:e9:04:32:86:6e:5c:c4:b4:f8:bd:cd:dd:2b:18:f8:
55:b0:55:97:0e:df:9f:d8:31:85:a7:b1:cf:72:09:57:e0:1c:
92:3a:d5:e2:02:e4:81:a0:02:4e:fb:29:22:ec:90:5b:18:10:
ba:f6:6a:bd:c5:ec:48:c1:27:37:02:68:93:e5:c2:a8:5f:96:
b1:ab:3f:22:8e:53:ae:49:8e:31:15:6f:1e:8a:73:e2:43:94:
c9:3d:b4:e9:4a:6a:66:e3:15:10:10:5e:90:68:76:11:7b:91:
c0:9e:48:80:2e:d7:55:ed:00:f7:d7:63:35:df:d4:60:28:d4:
f8:14:17:bf:ab:ff:b0:a9:70:9a:25:b5:ea:cc:fa:93:8c:2e:
2c:e0:6b:ae:03:c6:db:05:fa:b3:78:31:c3:8c:5a:bf:2d:08:
14:da:a4:88:2f:7b:2c:4e:79:69:ab:d1:26:f5:8c:20:70:7b:
11:f7:c1:09
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIRUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjAx
NjExNDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDBERkM2MkM3MzdBMkY2
Q0M0MkE2MUJEQTM3MDIwQ0NENUREQjU5QzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQClzS3uy2IIsxD7xUpneN0TS8j/KZmH+Ba9LVA1Qyzq8SKaWIwy
C0bgxRggRdowWWkQQWvspgMCSAhjzjayYchkL1OaJX5omOPElIvsjwEU/jZphAqn
vgEill4AYiWWrEL/Fn3+sWA/CLxPUYF6p0fXT7JFOtP6sAsGv3lySv7fb7cc0FVn
zWQJctaMH85u7S0UfAw+0p59BNDBRGKiJ0w0686OUI/UEvetk9EzV9j36Djn19y0
6WGfripfvkJFTu0gqQ8B7a6sEk6rH+poU7AeY+DLbsC4F/PV3qQXUu8lNQFHBE9h
DiKoCMqWtMDXd7r2M0OpTzSjv094343wVFy/AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUDfxixzei9sxCphvaNwIMzV3bWcYwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9EZnhpeHplaTlzeENwaHZh
TndJTXpWM2JXY1kucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
G2cwDQYJKoZIhvcNAQELBQADggEBAES7IXbixZNQ0MDwSJ9GhEaOBVi6rq7fU2+J
X2C9FxPPS3XinlmYTnqiAnP1ScdH5sGC90XlmRIHijk+fmKyKeR1rDk1GnNQDm2W
sukEMoZuXMS0+L3N3SsY+FWwVZcO35/YMYWnsc9yCVfgHJI61eIC5IGgAk77KSLs
kFsYELr2ar3F7EjBJzcCaJPlwqhflrGrPyKOU65JjjEVbx6Kc+JDlMk9tOlKambj
FRAQXpBodhF7kcCeSIAu11XtAPfXYzXf1GAo1PgUF7+r/7CpcJolterM+pOMLizg
a64DxtsF+rN4McOMWr8tCBTapIgveyxOeWmr0Sb1jCBwexH3wQk=
-----END CERTIFICATE-----
Generated at Sun Jul 20 13:23:08 2025 by rpki-client