Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/M6wahj0HzuLCGv-gGHFTxrpQ3u8.roa
File:                     M6wahj0HzuLCGv-gGHFTxrpQ3u8.roa (raw, json)
Hash identifier:          0QIx6hlTCeO5R1fvBKVT7ZssRd1APtDJ5McYlYyqt94=
Subject key identifier:   33:AC:1A:86:3D:07:CE:E2:C2:1A:FF:A0:18:71:53:C6:BA:50:DE:EF
Certificate issuer:       /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial:       1E3D
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/M6wahj0HzuLCGv-gGHFTxrpQ3u8.roa
Signing time:             Mon 16 Jun 2025 09:40:00 +0000
ROA not before:           Mon 16 Jun 2025 09:40:00 +0000
ROA not after:            Thu 09 Apr 2026 06:33:21 +0000
asID:                     9391
IP address blocks:        27.103.0.0/16 maxlen: 16
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7741 (0x1e3d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
        Validity
            Not Before: Jun 16 09:40:00 2025 GMT
            Not After : Apr  9 06:33:21 2026 GMT
        Subject: CN=33AC1A863D07CEE2C21AFFA0187153C6BA50DEEF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3c:cd:bb:e8:64:c6:4c:67:68:81:e8:74:a6:
                    2d:d3:6f:73:b8:09:40:dc:d6:18:40:78:02:b4:8f:
                    e1:45:8a:e8:a6:0a:0e:05:7e:6e:55:a3:18:a6:0d:
                    00:e8:4b:90:57:7a:f9:2d:5a:7f:97:26:3c:68:aa:
                    f6:6f:46:b2:c2:77:6d:f4:c1:5e:c2:0f:91:d2:e8:
                    61:1a:1a:24:25:65:a2:82:72:50:17:10:58:8d:0e:
                    7c:95:c5:6c:e8:4b:b4:ec:a3:bd:16:19:bb:2c:2a:
                    8d:43:28:69:69:be:a3:30:d3:37:5f:51:42:f3:ca:
                    fa:77:53:73:ce:73:c3:bd:9a:4b:f4:13:da:1a:f1:
                    ab:94:e6:3a:5a:80:d0:3e:6b:09:cb:5e:20:19:8d:
                    4b:f5:94:4f:b8:2f:b7:b6:46:16:c9:fb:bb:3a:5e:
                    b4:fb:70:bd:ca:60:4b:92:e4:96:5f:1d:ec:15:24:
                    9c:d3:3e:3e:bf:dd:41:8e:0e:e5:10:91:0d:14:93:
                    78:39:27:15:ad:3b:68:2a:e1:40:7f:43:7f:1c:ca:
                    71:fc:66:5e:d9:c3:2d:e9:53:b8:28:00:b9:cc:c2:
                    cd:9d:e7:78:21:2a:4c:40:7c:29:c7:51:3d:84:cf:
                    df:e3:c2:17:40:ac:9a:da:df:b2:c7:e6:70:76:8b:
                    f8:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:AC:1A:86:3D:07:CE:E2:C2:1A:FF:A0:18:71:53:C6:BA:50:DE:EF
            X509v3 Authority Key Identifier:
                keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/M6wahj0HzuLCGv-gGHFTxrpQ3u8.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.103.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         27:a8:80:a9:49:f5:7a:b4:4c:a5:66:1c:27:af:ad:f0:72:c9:
         6b:d4:db:8a:08:b1:68:42:c4:55:b7:88:0f:8d:f4:97:28:8a:
         2e:f8:32:7c:5e:45:39:f7:5e:9b:98:93:d9:7d:28:df:9f:59:
         b0:b3:81:6b:d1:fe:7d:0e:27:ce:70:da:30:4e:d2:6e:7d:a9:
         3c:e9:25:6f:31:51:76:b6:85:e9:35:69:b4:e6:7e:d5:e7:b5:
         3b:26:45:3d:60:25:1f:e4:a9:07:ad:92:98:a3:ce:a0:ad:e5:
         fe:4a:9f:ab:6c:77:e4:43:1c:d4:91:6e:af:25:4d:3c:fd:1d:
         22:b6:f6:90:82:72:4a:56:1d:69:a1:e0:b5:ea:a0:0e:64:ab:
         65:91:82:d2:c2:c5:27:0b:0d:ba:2f:12:9e:ee:db:9d:ee:04:
         35:91:e4:21:69:c7:72:26:70:d3:53:08:ce:80:4e:28:e7:f6:
         13:03:a4:16:7b:b5:cc:30:9c:94:9f:f1:de:8e:79:af:0d:9c:
         b4:45:8c:2f:06:dd:96:a7:cf:31:76:17:a7:94:e0:3a:50:54:
         fe:65:dc:9f:d4:78:7f:9e:02:35:19:8e:86:be:7b:d1:a0:a0:
         a9:4b:51:0b:20:06:4a:48:3d:55:d3:58:69:d7:8a:7e:17:0a:
         ef:55:f0:2f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHj0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTYw
OTQwMDBaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDMzQUMxQTg2M0QwN0NF
RTJDMjFBRkZBMDE4NzE1M0M2QkE1MERFRUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9PM276GTGTGdogeh0pi3Tb3O4CUDc1hhAeAK0j+FFiuimCg4F
fm5VoximDQDoS5BXevktWn+XJjxoqvZvRrLCd230wV7CD5HS6GEaGiQlZaKCclAX
EFiNDnyVxWzoS7Tso70WGbssKo1DKGlpvqMw0zdfUULzyvp3U3POc8O9mkv0E9oa
8auU5jpagNA+awnLXiAZjUv1lE+4L7e2RhbJ+7s6XrT7cL3KYEuS5JZfHewVJJzT
Pj6/3UGODuUQkQ0Uk3g5JxWtO2gq4UB/Q38cynH8Zl7Zwy3pU7goALnMws2d53gh
KkxAfCnHUT2Ez9/jwhdArJra37LH5nB2i/j3AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUM6wahj0HzuLCGv+gGHFTxrpQ3u8wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9NNndhaGowSHp1TENHdi1n
R0hGVHhycFEzdTgucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
G2cwDQYJKoZIhvcNAQELBQADggEBACeogKlJ9Xq0TKVmHCevrfByyWvU24oIsWhC
xFW3iA+N9Jcoii74MnxeRTn3XpuYk9l9KN+fWbCzgWvR/n0OJ85w2jBO0m59qTzp
JW8xUXa2hek1abTmftXntTsmRT1gJR/kqQetkpijzqCt5f5Kn6tsd+RDHNSRbq8l
TTz9HSK29pCCckpWHWmh4LXqoA5kq2WRgtLCxScLDbovEp7u253uBDWR5CFpx3Im
cNNTCM6ATijn9hMDpBZ7tcwwnJSf8d6Oea8NnLRFjC8G3ZanzzF2F6eU4DpQVP5l
3J/UeH+eAjUZjoa+e9GgoKlLUQsgBkpIPVXTWGnXin4XCu9V8C8=
-----END CERTIFICATE-----
Generated at Mon Jul 21 03:35:47 2025 by rpki-client