Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/if5NKnou1VHEts9_J13ewMRXDVc.roa
File:                     if5NKnou1VHEts9_J13ewMRXDVc.roa (raw, json)
Hash identifier:          iua0OmTOKiTYb2pjkOPhoF/6pqDlLofwhF/rgeuRZ1Y=
Subject key identifier:   89:FE:4D:2A:7A:2E:D5:51:C4:B6:CF:7F:27:5D:DE:C0:C4:57:0D:57
Certificate issuer:       /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial:       2006
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/if5NKnou1VHEts9_J13ewMRXDVc.roa
Signing time:             Wed 18 Jun 2025 20:58:59 +0000
ROA not before:           Wed 18 Jun 2025 20:58:59 +0000
ROA not after:            Thu 09 Apr 2026 06:33:21 +0000
asID:                     9391
IP address blocks:        119.16.0.0/16 maxlen: 16
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8198 (0x2006)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
        Validity
            Not Before: Jun 18 20:58:59 2025 GMT
            Not After : Apr  9 06:33:21 2026 GMT
        Subject: CN=89FE4D2A7A2ED551C4B6CF7F275DDEC0C4570D57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:48:77:1c:a9:b0:da:ea:34:7b:7a:99:f9:92:
                    8b:d0:b5:66:87:59:b0:dd:bc:fe:c1:0c:1b:ad:6a:
                    86:61:35:41:9e:40:3d:f3:10:5b:0a:cd:78:75:77:
                    2d:1c:d0:91:c9:17:b9:62:c3:eb:2e:b4:03:f9:55:
                    b0:2c:9f:2d:f2:d5:9f:db:77:d4:49:4e:a8:22:87:
                    29:3b:9b:9c:9b:b0:c7:b2:8a:02:e2:20:fc:71:fb:
                    33:9b:04:70:de:a5:a0:ce:6e:54:25:69:4e:ca:e5:
                    54:ed:68:71:a3:e5:23:a2:50:1e:09:be:a8:d3:0c:
                    1a:51:c5:02:d3:8d:26:fe:02:df:7c:94:11:66:d4:
                    a9:03:c2:79:3d:ff:ca:57:8e:21:10:89:01:72:a0:
                    18:9c:55:4c:84:c0:5d:24:30:d4:e5:93:05:04:be:
                    a3:43:f3:77:5a:d7:1f:c0:34:e2:85:09:7f:6f:81:
                    97:e6:e6:46:4c:ec:12:f8:e8:98:8c:ba:dd:50:dc:
                    91:22:2b:55:b5:3a:b9:d2:32:a1:b5:0e:9a:a2:b5:
                    1a:aa:be:b9:91:f8:06:c8:f4:2d:1b:af:4e:43:54:
                    f5:69:e5:d8:2b:c6:39:12:14:84:e4:76:0b:89:09:
                    d7:02:43:77:84:23:e7:57:6d:84:5c:d1:85:86:3a:
                    95:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:FE:4D:2A:7A:2E:D5:51:C4:B6:CF:7F:27:5D:DE:C0:C4:57:0D:57
            X509v3 Authority Key Identifier:
                keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/if5NKnou1VHEts9_J13ewMRXDVc.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.16.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8c:d1:33:eb:87:e1:40:b9:e6:63:25:dd:1a:f3:bb:b6:63:f9:
         5f:32:d3:d5:2b:b4:30:4f:0d:1b:46:71:be:24:ee:fc:3a:4b:
         cc:f0:40:21:18:74:23:c4:5c:ed:b6:8d:f8:99:5e:8c:94:92:
         79:93:75:ec:bd:f0:e3:48:29:b9:65:27:22:0d:04:a6:f7:4d:
         67:eb:2b:c9:d2:65:b9:8b:3b:ec:09:89:d1:da:7c:e0:d4:1c:
         02:d7:b2:fd:7b:3d:5e:e8:f2:5f:cd:2c:5f:3e:86:28:3f:1d:
         77:9c:c0:b3:c8:c7:eb:c0:ed:f6:ad:78:c4:64:58:29:f9:49:
         30:be:77:f3:1d:fe:f4:2a:03:82:fd:98:56:8d:11:fa:c9:c8:
         8d:bc:4c:29:30:3e:c6:74:6f:98:0c:df:41:17:10:a2:dc:9a:
         7f:ca:19:97:7c:55:98:02:26:ed:63:1a:a3:32:94:42:90:cf:
         ae:0e:4b:f0:64:55:29:25:67:3c:b1:3a:2b:a2:65:42:75:60:
         d9:ed:e3:28:9f:1b:40:e6:64:f5:94:34:0b:55:d9:61:bc:ac:
         87:f4:23:1b:fe:f0:04:53:99:c2:26:5e:b6:65:16:31:e8:87:
         7d:21:b3:1e:c4:ee:82:c3:f8:34:52:9c:3e:85:4f:18:5b:c7:
         f0:f6:8a:12
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIAYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTgy
MDU4NTlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDg5RkU0RDJBN0EyRUQ1
NTFDNEI2Q0Y3RjI3NURERUMwQzQ1NzBENTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwSHccqbDa6jR7epn5kovQtWaHWbDdvP7BDButaoZhNUGeQD3z
EFsKzXh1dy0c0JHJF7liw+sutAP5VbAsny3y1Z/bd9RJTqgihyk7m5ybsMeyigLi
IPxx+zObBHDepaDOblQlaU7K5VTtaHGj5SOiUB4JvqjTDBpRxQLTjSb+At98lBFm
1KkDwnk9/8pXjiEQiQFyoBicVUyEwF0kMNTlkwUEvqND83da1x/ANOKFCX9vgZfm
5kZM7BL46JiMut1Q3JEiK1W1OrnSMqG1DpqitRqqvrmR+AbI9C0br05DVPVp5dgr
xjkSFITkdguJCdcCQ3eEI+dXbYRc0YWGOpWnAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUif5NKnou1VHEts9/J13ewMRXDVcwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9pZjVOS25vdTFWSEV0czlf
SjEzZXdNUlhEVmMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAIzRM+uH4UC55mMl3Rrzu7Zj+V8y09UrtDBP
DRtGcb4k7vw6S8zwQCEYdCPEXO22jfiZXoyUknmTdey98ONIKbllJyINBKb3TWfr
K8nSZbmLO+wJidHafODUHALXsv17PV7o8l/NLF8+hig/HXecwLPIx+vA7fateMRk
WCn5STC+d/Md/vQqA4L9mFaNEfrJyI28TCkwPsZ0b5gM30EXEKLcmn/KGZd8VZgC
Ju1jGqMylEKQz64OS/BkVSklZzyxOiuiZUJ1YNnt4yifG0DmZPWUNAtV2WG8rIf0
Ixv+8ARTmcImXrZlFjHoh30hsx7E7oLD+DRSnD6FTxhbx/D2ihI=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:39 2025 by rpki-client