Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/lFvMSw6XZMZIBoa1tdiEEsCV7bE.roa
File: lFvMSw6XZMZIBoa1tdiEEsCV7bE.roa (raw, json)
Hash identifier: MrYHMsVN7D+0oOWs7yispOP3q51BOFzEhtnsBx4lOZs=
Subject key identifier: 94:5B:CC:4B:0E:97:64:C6:48:06:86:B5:B5:D8:84:12:C0:95:ED:B1
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 2279
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/lFvMSw6XZMZIBoa1tdiEEsCV7bE.roa
Signing time: Sun 22 Jun 2025 12:41:49 +0000
ROA not before: Sun 22 Jun 2025 12:41:49 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 27.103.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8825 (0x2279)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 22 12:41:49 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=945BCC4B0E9764C6480686B5B5D88412C095EDB1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:47:0e:2d:9f:85:13:46:26:2b:c7:5a:3b:1a:
1d:34:46:4d:49:b8:ef:28:cc:2c:b6:3d:29:f8:1b:
4d:b9:04:f9:9d:bd:58:9d:43:bb:62:82:44:6f:f3:
f4:f5:e0:27:e5:67:98:d8:1b:c1:bc:6e:09:64:81:
be:b8:84:d9:a1:00:1c:fd:65:77:a6:8a:a5:e6:bd:
12:b2:7f:99:3d:7c:42:33:e0:a3:2f:5d:12:90:e3:
8c:4d:9b:db:51:8b:86:bd:0a:81:5c:b4:09:6a:95:
37:0d:52:d5:c6:e9:85:b0:fd:1a:86:3b:ad:59:c9:
7e:48:70:41:6a:c3:dd:3e:fa:9f:2a:16:55:2b:d5:
10:dc:fd:93:d8:49:23:5e:7a:8f:41:b1:05:9f:6b:
59:64:ab:0f:8f:bf:f1:f7:2b:32:84:ce:d9:ff:b4:
06:9c:63:11:55:60:c5:5c:9d:8f:af:9c:21:fe:a9:
02:68:bb:f5:a4:ac:02:52:51:92:84:e4:e7:ab:4e:
1f:aa:18:48:42:c8:4c:37:4a:6c:b3:46:83:a6:c7:
8f:4c:33:dd:36:50:52:64:43:a1:44:3b:2e:19:74:
58:63:fb:e6:f7:5a:e0:40:eb:07:b3:a7:f1:f1:ac:
03:11:b9:9a:e4:d6:4a:d3:b2:28:19:95:0e:4a:aa:
28:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:5B:CC:4B:0E:97:64:C6:48:06:86:B5:B5:D8:84:12:C0:95:ED:B1
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/lFvMSw6XZMZIBoa1tdiEEsCV7bE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
27.103.0.0/16
Signature Algorithm: sha256WithRSAEncryption
aa:38:41:8c:10:5c:52:f3:01:3b:c1:a2:f2:cd:37:bb:ac:6f:
f4:30:20:03:a1:48:9d:5b:5d:24:75:16:da:50:35:c3:4e:2f:
75:19:d5:47:81:76:a8:d8:3b:0e:b3:b7:44:ee:0e:8f:f1:39:
af:3e:03:60:10:85:70:cd:24:9a:f4:96:22:2b:a4:19:d2:48:
cc:a6:34:ad:2e:79:30:bd:f8:f6:7a:4c:15:5d:96:44:33:48:
8f:3a:ad:a1:90:c5:97:d2:7b:5f:2c:01:15:56:17:ae:97:76:
97:e0:3c:c6:c1:7c:65:d1:4f:13:57:68:9d:41:50:0d:13:b4:
86:da:ba:0e:0c:d9:42:cf:69:10:20:e3:b4:9c:fd:bc:0f:41:
c9:89:bd:64:03:52:5c:8e:9a:1d:c9:57:15:d0:90:b7:fd:0e:
fa:7d:4c:5b:47:fd:15:c9:03:95:7f:15:76:26:b8:fd:13:85:
d8:d9:70:1b:ed:db:6f:cd:a0:3d:f5:e5:0e:19:d1:6c:90:44:
1b:b0:c1:88:84:08:61:0e:81:75:d6:25:2f:7b:c9:95:63:93:
4c:28:3b:4b:ce:be:4b:8d:00:d4:4d:e0:0b:55:0d:02:cb:66:
59:f9:b3:59:4d:6e:9a:19:11:42:11:61:c6:1b:b0:2d:ec:d5:
24:aa:1f:29
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICInkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjIx
MjQxNDlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDk0NUJDQzRCMEU5NzY0
QzY0ODA2ODZCNUI1RDg4NDEyQzA5NUVEQjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCRw4tn4UTRiYrx1o7Gh00Rk1JuO8ozCy2PSn4G025BPmdvVid
Q7tigkRv8/T14CflZ5jYG8G8bglkgb64hNmhABz9ZXemiqXmvRKyf5k9fEIz4KMv
XRKQ44xNm9tRi4a9CoFctAlqlTcNUtXG6YWw/RqGO61ZyX5IcEFqw90++p8qFlUr
1RDc/ZPYSSNeeo9BsQWfa1lkqw+Pv/H3KzKEztn/tAacYxFVYMVcnY+vnCH+qQJo
u/WkrAJSUZKE5OerTh+qGEhCyEw3SmyzRoOmx49MM902UFJkQ6FEOy4ZdFhj++b3
WuBA6wezp/HxrAMRuZrk1krTsigZlQ5Kqij5AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUlFvMSw6XZMZIBoa1tdiEEsCV7bEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9sRnZNU3c2WFpNWklCb2Ex
dGRpRUVzQ1Y3YkUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
G2cwDQYJKoZIhvcNAQELBQADggEBAKo4QYwQXFLzATvBovLNN7usb/QwIAOhSJ1b
XSR1FtpQNcNOL3UZ1UeBdqjYOw6zt0TuDo/xOa8+A2AQhXDNJJr0liIrpBnSSMym
NK0ueTC9+PZ6TBVdlkQzSI86raGQxZfSe18sARVWF66XdpfgPMbBfGXRTxNXaJ1B
UA0TtIbaug4M2ULPaRAg47Sc/bwPQcmJvWQDUlyOmh3JVxXQkLf9Dvp9TFtH/RXJ
A5V/FXYmuP0ThdjZcBvt22/NoD315Q4Z0WyQRBuwwYiECGEOgXXWJS97yZVjk0wo
O0vOvkuNANRN4AtVDQLLZln5s1lNbpoZEUIRYcYbsC3s1SSqHyk=
-----END CERTIFICATE-----
Generated at Sun Jul 20 20:47:08 2025 by rpki-client