Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/HOI95ATNkNmHkFxXtZc-ypbLfk8.roa
File: HOI95ATNkNmHkFxXtZc-ypbLfk8.roa (raw, json)
Hash identifier: 9dPeNBr0u1iWmuGKRT5F+ksjpyMwkGOyuWUrnMLUvFY=
Subject key identifier: 1C:E2:3D:E4:04:CD:90:D9:87:90:5C:57:B5:97:3E:CA:96:CB:7E:4F
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2271
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/HOI95ATNkNmHkFxXtZc-ypbLfk8.roa
Signing time: Sun 22 Jun 2025 11:41:52 +0000
ROA not before: Sun 22 Jun 2025 11:41:52 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 27.103.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8817 (0x2271)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 22 11:41:52 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=1CE23DE404CD90D987905C57B5973ECA96CB7E4F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:d9:bf:d0:ac:c3:ee:0e:ee:9a:bb:92:58:c5:
fe:ac:3c:ac:4d:72:e5:54:84:0b:37:d2:fd:54:6c:
33:dc:bc:71:59:97:dd:90:2f:17:36:f2:e4:93:c2:
37:b3:cd:f4:0e:87:f9:3c:09:66:f6:2a:65:1e:62:
cb:60:b0:33:61:99:81:16:33:75:ff:de:59:cf:61:
e5:59:00:35:f4:ea:22:45:76:a4:b8:f8:31:6b:af:
52:bf:84:19:51:d2:61:a6:5a:3b:6a:8c:68:fe:42:
be:53:14:ff:32:cc:c4:63:24:b1:73:4d:2d:22:71:
b6:1a:bd:b7:59:9d:69:51:21:f4:04:ab:b7:f5:8c:
3a:f9:62:05:cc:37:c2:2a:1a:00:37:00:d4:54:89:
12:cc:1c:3f:d2:d0:58:dc:96:f1:dd:39:f1:d4:a6:
7f:5e:9b:46:65:ee:01:78:4a:f6:a9:ab:e3:a3:94:
c3:fe:80:fb:2d:e2:ad:3e:ca:f8:6c:8a:96:56:5f:
d7:8d:df:eb:b9:5d:91:16:d6:5b:fb:3c:05:7e:64:
5d:7b:c2:09:9f:93:83:9c:29:f0:f2:f6:33:e0:ea:
41:09:c4:ae:ec:c4:b3:f9:7c:57:d8:c1:3a:e9:d2:
7e:39:20:1d:b0:b3:b7:38:07:ef:40:ad:d5:c3:71:
3b:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:E2:3D:E4:04:CD:90:D9:87:90:5C:57:B5:97:3E:CA:96:CB:7E:4F
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/HOI95ATNkNmHkFxXtZc-ypbLfk8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
27.103.0.0/16
Signature Algorithm: sha256WithRSAEncryption
08:e0:d2:3f:35:3b:27:17:09:7f:c9:a9:9b:26:75:ba:bd:73:
d4:c0:99:4a:5b:b0:05:ce:ff:ad:4e:d8:af:f1:22:3a:b3:f5:
a1:97:f7:17:10:0a:15:c6:d5:19:0e:cd:b2:ff:18:d7:a1:72:
ff:30:c8:ca:ab:85:36:00:b9:74:ea:ed:0d:ee:b6:52:16:3f:
5d:05:85:70:7d:da:5f:f8:7b:e4:65:87:50:65:e9:49:cc:dc:
c7:7d:66:c5:66:4f:a4:3a:a8:69:db:71:8b:60:55:a1:74:d2:
58:d8:ed:cd:b7:e0:1e:80:3e:3c:77:ab:62:3b:26:9e:29:5f:
83:6b:ca:54:52:de:79:ae:7c:b0:a6:78:97:b2:76:1f:1d:c8:
85:23:11:96:69:0b:d4:25:6e:77:64:9d:22:1a:fe:02:11:98:
e4:ac:02:c6:35:2f:b2:03:fc:42:fc:98:2d:64:44:9c:09:5e:
09:73:92:d8:52:12:20:c8:23:cf:89:b1:0d:9c:ce:d0:27:f6:
e5:e4:57:9f:9f:6f:8d:95:be:9c:20:0a:43:20:87:13:5b:68:
7b:5e:73:07:95:28:51:fd:99:77:56:49:a9:03:d3:7b:58:32:
0f:46:3e:67:5d:af:fd:d4:03:92:01:17:04:71:5b:b5:e4:3c:
e1:69:58:7a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICInEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjIx
MTQxNTJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDFDRTIzREU0MDRDRDkw
RDk4NzkwNUM1N0I1OTczRUNBOTZDQjdFNEYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDH2b/QrMPuDu6au5JYxf6sPKxNcuVUhAs30v1UbDPcvHFZl92Q
Lxc28uSTwjezzfQOh/k8CWb2KmUeYstgsDNhmYEWM3X/3lnPYeVZADX06iJFdqS4
+DFrr1K/hBlR0mGmWjtqjGj+Qr5TFP8yzMRjJLFzTS0icbYavbdZnWlRIfQEq7f1
jDr5YgXMN8IqGgA3ANRUiRLMHD/S0FjclvHdOfHUpn9em0Zl7gF4Svapq+OjlMP+
gPst4q0+yvhsipZWX9eN3+u5XZEW1lv7PAV+ZF17wgmfk4OcKfDy9jPg6kEJxK7s
xLP5fFfYwTrp0n45IB2ws7c4B+9ArdXDcTvHAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUHOI95ATNkNmHkFxXtZc+ypbLfk8wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9IT0k5NUFUTmtObUhrRnhY
dFpjLXlwYkxmazgucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
G2cwDQYJKoZIhvcNAQELBQADggEBAAjg0j81OycXCX/JqZsmdbq9c9TAmUpbsAXO
/61O2K/xIjqz9aGX9xcQChXG1RkOzbL/GNehcv8wyMqrhTYAuXTq7Q3utlIWP10F
hXB92l/4e+Rlh1Bl6UnM3Md9ZsVmT6Q6qGnbcYtgVaF00ljY7c234B6APjx3q2I7
Jp4pX4NrylRS3nmufLCmeJeydh8dyIUjEZZpC9QlbndknSIa/gIRmOSsAsY1L7ID
/EL8mC1kRJwJXglzkthSEiDII8+JsQ2cztAn9uXkV5+fb42VvpwgCkMghxNbaHte
cweVKFH9mXdWSakD03tYMg9GPmddr/3UA5IBFwRxW7XkPOFpWHo=
-----END CERTIFICATE-----
Generated at Mon Jul 21 03:03:35 2025 by rpki-client