Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/HCnl5GX7e_Pk6ctUloV9wh8J02w.roa
File:                     HCnl5GX7e_Pk6ctUloV9wh8J02w.roa (raw, json)
Hash identifier:          tJBN7WQG0xfGiBI6O125+UQzjAoa71mzanDD+kzp6m4=
Subject key identifier:   1C:29:E5:E4:65:FB:7B:F3:E4:E9:CB:54:96:85:7D:C2:1F:09:D3:6C
Certificate issuer:       /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial:       247E
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/HCnl5GX7e_Pk6ctUloV9wh8J02w.roa
Signing time:             Wed 25 Jun 2025 05:12:02 +0000
ROA not before:           Wed 25 Jun 2025 05:12:02 +0000
ROA not after:            Thu 09 Apr 2026 06:33:21 +0000
asID:                     9391
IP address blocks:        119.16.0.0/16 maxlen: 16
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9342 (0x247e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
        Validity
            Not Before: Jun 25 05:12:02 2025 GMT
            Not After : Apr  9 06:33:21 2026 GMT
        Subject: CN=1C29E5E465FB7BF3E4E9CB5496857DC21F09D36C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:9a:70:dc:0d:c3:23:8a:f4:9d:d7:66:69:35:
                    3a:b6:45:17:ed:cb:49:45:d8:4f:f2:d1:a9:74:67:
                    ff:ce:21:dc:c5:23:14:02:8e:3f:70:49:84:12:58:
                    79:95:bb:3d:1f:38:13:9b:14:c7:0e:76:e4:f5:72:
                    7d:fd:9c:04:ee:a6:6b:86:58:b0:b5:73:56:a3:17:
                    23:f7:1d:9b:54:93:95:33:76:ae:54:36:b3:ee:96:
                    51:49:a9:2e:b4:7b:02:fc:e8:cc:53:7c:15:12:a7:
                    08:c3:f2:77:12:de:98:69:82:1a:8b:d1:37:01:50:
                    b5:65:6d:d2:9d:a8:bd:9b:1f:80:87:4a:4d:59:06:
                    f8:f1:63:e2:50:29:86:0d:4c:3f:44:67:49:e7:a6:
                    42:58:f3:84:c2:d0:1b:39:e4:cb:ef:5f:eb:1a:e1:
                    16:a1:da:a8:6e:79:25:a9:71:5e:46:71:76:55:63:
                    40:c8:2a:b1:82:47:55:dd:a7:ad:8a:08:2d:c0:d6:
                    74:a3:9f:bd:de:88:2f:59:0b:d4:7c:8c:0c:24:96:
                    f2:ec:6e:fb:a6:51:69:8d:d8:ac:3b:57:92:67:a1:
                    d0:f7:b1:d0:2e:1a:75:c3:1b:3b:c9:d8:e9:c4:23:
                    c0:b5:1d:b9:e5:ec:3b:97:1e:7a:33:5f:64:96:f5:
                    7a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:29:E5:E4:65:FB:7B:F3:E4:E9:CB:54:96:85:7D:C2:1F:09:D3:6C
            X509v3 Authority Key Identifier:
                keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/HCnl5GX7e_Pk6ctUloV9wh8J02w.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.16.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a3:94:af:5f:9f:96:fc:2b:4d:b2:b8:f6:36:80:a6:c2:c9:fa:
         e7:4e:0c:94:ff:92:be:e0:3b:85:fe:7a:ec:67:92:7d:37:fb:
         c6:a3:b5:c4:d4:21:99:e6:90:eb:94:e7:b7:47:ef:46:ea:25:
         97:ef:72:e3:cb:d0:6d:96:98:e1:f9:25:74:08:44:08:43:c7:
         80:29:69:ce:21:e4:55:a0:04:cc:be:87:d6:0b:ce:15:30:e7:
         df:68:3b:28:fa:ca:6f:63:28:38:db:3e:90:d5:2d:7e:a3:08:
         ee:79:87:85:4e:fe:17:a0:c5:fc:f2:47:29:f1:de:3b:bc:60:
         6e:d5:fa:74:8f:72:f6:3f:96:7c:7e:0a:46:86:bf:0c:8a:db:
         99:ad:b9:12:ac:61:42:6d:e0:5a:c3:d6:4a:c7:dc:09:45:95:
         c2:f2:68:6b:7b:5e:66:2a:18:40:1d:89:d8:82:5f:25:cf:19:
         14:c8:33:e0:97:29:a2:f9:12:33:48:57:84:e0:08:29:2a:d5:
         81:b4:67:13:d7:ab:7f:6c:3f:bc:1d:26:d9:41:db:38:79:55:
         6e:65:0b:c7:94:18:1a:d2:69:3c:5c:39:d9:7c:6b:ed:e0:c7:
         71:18:05:6d:ab:2c:ac:1d:01:5e:db:8e:0d:bd:8f:6f:d8:4e:
         5c:10:98:5c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICJH4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjUw
NTEyMDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDFDMjlFNUU0NjVGQjdC
RjNFNEU5Q0I1NDk2ODU3REMyMUYwOUQzNkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDmnDcDcMjivSd12ZpNTq2RRfty0lF2E/y0al0Z//OIdzFIxQC
jj9wSYQSWHmVuz0fOBObFMcOduT1cn39nATupmuGWLC1c1ajFyP3HZtUk5Uzdq5U
NrPullFJqS60ewL86MxTfBUSpwjD8ncS3phpghqL0TcBULVlbdKdqL2bH4CHSk1Z
BvjxY+JQKYYNTD9EZ0nnpkJY84TC0Bs55MvvX+sa4Rah2qhueSWpcV5GcXZVY0DI
KrGCR1Xdp62KCC3A1nSjn73eiC9ZC9R8jAwklvLsbvumUWmN2Kw7V5JnodD3sdAu
GnXDGzvJ2OnEI8C1Hbnl7DuXHnozX2SW9Xp/AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUHCnl5GX7e/Pk6ctUloV9wh8J02wwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9IQ25sNUdYN2VfUGs2Y3RV
bG9WOXdoOEowMncucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAKOUr1+flvwrTbK49jaApsLJ+udODJT/kr7g
O4X+euxnkn03+8ajtcTUIZnmkOuU57dH70bqJZfvcuPL0G2WmOH5JXQIRAhDx4Ap
ac4h5FWgBMy+h9YLzhUw599oOyj6ym9jKDjbPpDVLX6jCO55h4VO/hegxfzyRynx
3ju8YG7V+nSPcvY/lnx+CkaGvwyK25mtuRKsYUJt4FrD1krH3AlFlcLyaGt7XmYq
GEAdidiCXyXPGRTIM+CXKaL5EjNIV4TgCCkq1YG0ZxPXq39sP7wdJtlB2zh5VW5l
C8eUGBrSaTxcOdl8a+3gx3EYBW2rLKwdAV7bjg29j2/YTlwQmFw=
-----END CERTIFICATE-----
Generated at Mon Jul 21 03:05:51 2025 by rpki-client