Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/hdwD9XmiIZH3XgF3vV0o8yh4CV4.roa
File:                     hdwD9XmiIZH3XgF3vV0o8yh4CV4.roa (raw, json)
Hash identifier:          xAmRMlejPj4RiIZ5q9kjwDEk4hQ58y1X4oNsH8ZOS5s=
Subject key identifier:   85:DC:03:F5:79:A2:21:91:F7:5E:01:77:BD:5D:28:F3:28:78:09:5E
Certificate issuer:       /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial:       23CA
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/hdwD9XmiIZH3XgF3vV0o8yh4CV4.roa
Signing time:             Tue 24 Jun 2025 06:41:58 +0000
ROA not before:           Tue 24 Jun 2025 06:41:58 +0000
ROA not after:            Thu 09 Apr 2026 06:33:21 +0000
asID:                     9391
IP address blocks:        119.16.0.0/16 maxlen: 16
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9162 (0x23ca)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
        Validity
            Not Before: Jun 24 06:41:58 2025 GMT
            Not After : Apr  9 06:33:21 2026 GMT
        Subject: CN=85DC03F579A22191F75E0177BD5D28F32878095E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:55:83:41:55:df:e3:c0:bf:4f:c4:4e:71:f0:
                    1b:86:39:2a:66:81:03:94:b1:f6:52:1a:9f:7a:9a:
                    fe:be:b0:5d:ce:27:cb:ee:5e:44:39:ab:04:00:ba:
                    8d:5d:cf:35:11:86:ce:e4:1f:7c:b1:ce:df:67:68:
                    60:07:4b:9b:3d:34:36:24:f5:e4:7d:28:9f:19:9e:
                    28:8b:a7:4d:5b:eb:d3:b8:cf:f8:17:8e:3c:44:eb:
                    d3:94:5a:7c:4a:25:2d:17:1d:ea:61:30:94:a2:44:
                    9c:56:6f:bb:bb:7a:3c:6a:a3:99:5d:e7:67:2a:8b:
                    08:2a:bd:12:de:f7:bf:19:1b:17:67:86:64:c7:3b:
                    bf:69:0a:fa:97:01:04:2d:a7:8d:62:45:4f:19:79:
                    57:fe:a5:27:7d:82:e8:ff:69:c2:ae:bc:13:5c:b6:
                    6d:88:b3:e8:6c:88:01:3b:33:19:22:92:6d:95:73:
                    f5:ce:0b:11:bd:74:fd:6e:98:0a:c7:1c:7a:90:83:
                    2c:bd:fa:24:c0:90:c4:7b:c3:01:06:4d:35:e3:54:
                    b8:c1:32:5a:fb:8f:e7:27:85:84:9b:a4:91:12:bf:
                    09:89:1b:12:22:bb:7a:e9:9f:61:81:bf:7e:b2:a8:
                    cd:d9:dc:7b:33:f6:ff:9d:3c:a7:b8:1a:af:36:71:
                    8b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:DC:03:F5:79:A2:21:91:F7:5E:01:77:BD:5D:28:F3:28:78:09:5E
            X509v3 Authority Key Identifier:
                keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/hdwD9XmiIZH3XgF3vV0o8yh4CV4.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.16.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0a:ca:d4:85:90:fa:8c:bd:1d:85:8c:47:4d:52:61:c4:23:40:
         b9:7a:77:11:94:a7:b0:6c:23:41:1d:3e:c9:7d:d7:4c:cf:e0:
         ea:0f:6c:56:9b:c4:36:06:ff:c3:87:c0:58:29:68:d1:90:e6:
         be:5e:e2:d4:62:be:77:4f:00:94:bb:da:ac:ec:90:93:0e:de:
         0b:78:b0:d7:73:2d:b9:6f:c8:63:47:0f:83:d7:51:f5:f1:ac:
         4d:f8:8a:71:32:ea:bf:d6:2e:76:ac:8a:5a:f8:8b:ac:c2:18:
         d4:35:94:bb:90:ad:cd:13:43:e6:de:43:ca:6d:c2:84:c6:68:
         9e:24:dd:cd:a4:f2:30:d2:d4:50:5a:90:0b:bb:6e:81:44:36:
         45:34:5d:c3:8d:4a:7b:e6:d9:7c:8b:62:35:b7:d3:4a:fa:e7:
         f9:14:9a:82:ba:b4:91:6d:b1:c0:b8:fd:df:9a:8a:0f:bf:ca:
         c7:83:d6:d8:c8:42:5b:fe:b4:64:21:68:0e:26:de:68:85:e0:
         fd:37:2d:03:69:41:41:b4:c7:41:d2:09:58:56:5d:a2:40:aa:
         86:43:30:b9:5a:f9:e8:f0:28:5a:c3:91:2b:a5:da:c1:cc:c2:
         ee:bd:bc:c2:37:21:93:aa:42:f2:89:55:90:79:76:3e:6f:66:
         92:74:b3:bb
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICI8owDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjQw
NjQxNThaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDg1REMwM0Y1NzlBMjIx
OTFGNzVFMDE3N0JENUQyOEYzMjg3ODA5NUUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMVYNBVd/jwL9PxE5x8BuGOSpmgQOUsfZSGp96mv6+sF3OJ8vu
XkQ5qwQAuo1dzzURhs7kH3yxzt9naGAHS5s9NDYk9eR9KJ8ZniiLp01b69O4z/gX
jjxE69OUWnxKJS0XHephMJSiRJxWb7u7ejxqo5ld52cqiwgqvRLe978ZGxdnhmTH
O79pCvqXAQQtp41iRU8ZeVf+pSd9guj/acKuvBNctm2Is+hsiAE7Mxkikm2Vc/XO
CxG9dP1umArHHHqQgyy9+iTAkMR7wwEGTTXjVLjBMlr7j+cnhYSbpJESvwmJGxIi
u3rpn2GBv36yqM3Z3Hsz9v+dPKe4Gq82cYvzAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUhdwD9XmiIZH3XgF3vV0o8yh4CV4wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9oZHdEOVhtaUlaSDNYZ0Yz
dlYwbzh5aDRDVjQucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAArK1IWQ+oy9HYWMR01SYcQjQLl6dxGUp7Bs
I0EdPsl910zP4OoPbFabxDYG/8OHwFgpaNGQ5r5e4tRivndPAJS72qzskJMO3gt4
sNdzLblvyGNHD4PXUfXxrE34inEy6r/WLnasilr4i6zCGNQ1lLuQrc0TQ+beQ8pt
woTGaJ4k3c2k8jDS1FBakAu7boFENkU0XcONSnvm2XyLYjW300r65/kUmoK6tJFt
scC4/d+aig+/yseD1tjIQlv+tGQhaA4m3miF4P03LQNpQUG0x0HSCVhWXaJAqoZD
MLla+ejwKFrDkSul2sHMwu69vMI3IZOqQvKJVZB5dj5vZpJ0s7s=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:44 2025 by rpki-client