Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/IG_AU1ls_Ieg7NabH2TFlIX7ts0.roa
File:                     IG_AU1ls_Ieg7NabH2TFlIX7ts0.roa (raw, json)
Hash identifier:          GAXhbAbMSPJIoQAqPKi2uYWkAFaRzHOo+B4oim7K540=
Subject key identifier:   20:6F:C0:53:59:6C:FC:87:A0:EC:D6:9B:1F:64:C5:94:85:FB:B6:CD
Certificate issuer:       /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial:       1746
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/IG_AU1ls_Ieg7NabH2TFlIX7ts0.roa
Signing time:             Sat 07 Jun 2025 02:40:17 +0000
ROA not before:           Sat 07 Jun 2025 02:40:17 +0000
ROA not after:            Thu 09 Apr 2026 06:33:21 +0000
asID:                     9391
IP address blocks:        119.16.0.0/16 maxlen: 16
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5958 (0x1746)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
        Validity
            Not Before: Jun  7 02:40:17 2025 GMT
            Not After : Apr  9 06:33:21 2026 GMT
        Subject: CN=206FC053596CFC87A0ECD69B1F64C59485FBB6CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f4:d3:eb:50:15:fe:ff:68:c7:ba:98:b2:84:
                    58:e8:b2:9a:18:3c:93:d2:be:8a:a1:7a:79:ab:78:
                    45:02:6f:21:ce:ea:98:bc:da:85:3a:36:2a:92:fa:
                    ef:c4:cc:6e:ad:5c:0e:bb:65:9f:a6:d6:a5:07:2d:
                    12:a3:7c:aa:84:8a:89:e1:92:2c:7c:56:64:7e:5f:
                    e2:3c:4e:b7:f9:60:b0:f5:77:5b:fb:43:f0:bf:4b:
                    0a:25:93:01:76:5b:ff:a6:8a:aa:8e:b8:50:65:c5:
                    d5:5e:fb:33:a7:24:07:28:a2:e0:3c:f5:d0:39:df:
                    6e:c8:cd:06:49:e6:46:09:c9:f3:f3:43:c8:a0:31:
                    aa:63:4b:db:4c:90:11:da:92:f7:08:0c:30:da:57:
                    41:5c:57:64:05:83:e8:02:07:98:37:fe:8d:5b:93:
                    d7:26:c4:3e:f7:a3:69:cb:38:96:af:1a:78:87:7a:
                    88:5e:d6:45:fa:00:3b:5e:74:99:5f:81:71:c6:4b:
                    d9:33:c4:b7:1c:ee:04:14:4d:07:53:db:a5:17:6b:
                    25:57:b8:0c:fe:a0:71:2f:0f:17:ff:52:8d:13:4d:
                    84:9b:90:69:76:f0:c7:f6:f4:c5:a8:b6:89:ac:91:
                    f5:bb:de:f8:8a:8e:b1:69:c3:30:63:3f:45:99:e6:
                    c6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:6F:C0:53:59:6C:FC:87:A0:EC:D6:9B:1F:64:C5:94:85:FB:B6:CD
            X509v3 Authority Key Identifier:
                keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/IG_AU1ls_Ieg7NabH2TFlIX7ts0.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.16.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         30:9a:c5:7b:2b:7f:8b:28:78:f4:26:9f:f4:a6:cb:17:37:63:
         d1:b8:eb:ad:11:c8:80:42:eb:ba:9e:fa:cf:24:25:97:e0:3d:
         67:a0:f5:19:68:a5:47:dd:02:c8:cc:69:d7:a3:91:15:48:fe:
         4a:b2:66:58:1b:e9:bb:85:b9:bf:fc:4d:93:88:42:23:c5:5b:
         ed:53:5a:da:0a:eb:a4:a6:e7:32:28:68:c2:35:d1:a9:57:3b:
         27:bb:36:70:93:54:eb:db:13:cd:94:1a:00:0a:8a:94:51:61:
         4e:22:a5:f6:69:90:db:62:29:a9:b8:4e:fa:46:a9:99:7e:e7:
         0e:1f:02:a6:22:3d:c1:94:26:ea:22:dd:53:cf:d4:6d:ca:92:
         3b:9d:2c:2d:47:15:d7:07:6f:11:d3:5d:2f:fc:50:e1:41:eb:
         ee:74:00:21:43:0f:6c:f6:3e:14:ae:b7:69:4d:8b:de:d4:0b:
         7e:06:e7:3f:ca:d5:74:e7:60:ba:68:2b:66:d2:2f:22:13:2a:
         48:c5:8c:42:6d:41:46:28:12:19:05:ea:17:a4:9d:03:3e:ac:
         66:a4:3f:41:7a:9c:31:53:29:da:b7:fe:f6:a9:9a:49:63:5f:
         3d:b7:04:02:0e:ba:cb:7a:a1:e0:5f:85:90:3d:75:a9:0f:2c:
         90:38:68:4e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICF0YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDcw
MjQwMTdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDIwNkZDMDUzNTk2Q0ZD
ODdBMEVDRDY5QjFGNjRDNTk0ODVGQkI2Q0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC19NPrUBX+/2jHupiyhFjospoYPJPSvoqhenmreEUCbyHO6pi8
2oU6NiqS+u/EzG6tXA67ZZ+m1qUHLRKjfKqEionhkix8VmR+X+I8Trf5YLD1d1v7
Q/C/SwolkwF2W/+miqqOuFBlxdVe+zOnJAcoouA89dA5327IzQZJ5kYJyfPzQ8ig
MapjS9tMkBHakvcIDDDaV0FcV2QFg+gCB5g3/o1bk9cmxD73o2nLOJavGniHeohe
1kX6ADtedJlfgXHGS9kzxLcc7gQUTQdT26UXayVXuAz+oHEvDxf/Uo0TTYSbkGl2
8Mf29MWotomskfW73viKjrFpwzBjP0WZ5saxAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUIG/AU1ls/Ieg7NabH2TFlIX7ts0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9JR19BVTFsc19JZWc3TmFi
SDJURmxJWDd0czAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBADCaxXsrf4soePQmn/Smyxc3Y9G4660RyIBC
67qe+s8kJZfgPWeg9RlopUfdAsjMadejkRVI/kqyZlgb6buFub/8TZOIQiPFW+1T
WtoK66Sm5zIoaMI10alXOye7NnCTVOvbE82UGgAKipRRYU4ipfZpkNtiKam4TvpG
qZl+5w4fAqYiPcGUJuoi3VPP1G3KkjudLC1HFdcHbxHTXS/8UOFB6+50ACFDD2z2
PhSut2lNi97UC34G5z/K1XTnYLpoK2bSLyITKkjFjEJtQUYoEhkF6heknQM+rGak
P0F6nDFTKdq3/vapmkljXz23BAIOust6oeBfhZA9dakPLJA4aE4=
-----END CERTIFICATE-----
Generated at Tue Jun 10 06:46:08 2025 by rpki-client