Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/oKbuzU_jBoQZOTcLf_LNptGcv2Y.roa
File:                     oKbuzU_jBoQZOTcLf_LNptGcv2Y.roa (raw, json)
Hash identifier:          uZ86shLhFWJj93IlMntJlOrTKypBNkXjdn2/XSMWQd4=
Subject key identifier:   A0:A6:EE:CD:4F:E3:06:84:19:39:37:0B:7F:F2:CD:A6:D1:9C:BF:66
Certificate issuer:       /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial:       2141
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/oKbuzU_jBoQZOTcLf_LNptGcv2Y.roa
Signing time:             Fri 20 Jun 2025 21:41:42 +0000
ROA not before:           Fri 20 Jun 2025 21:41:42 +0000
ROA not after:            Thu 09 Apr 2026 06:33:21 +0000
asID:                     9391
IP address blocks:        27.103.0.0/16 maxlen: 16
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8513 (0x2141)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
        Validity
            Not Before: Jun 20 21:41:42 2025 GMT
            Not After : Apr  9 06:33:21 2026 GMT
        Subject: CN=A0A6EECD4FE306841939370B7FF2CDA6D19CBF66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:92:34:d1:bd:4c:58:9e:18:77:29:c9:bd:88:
                    0d:e4:cb:75:96:5c:5b:6c:3d:bf:6c:df:38:2d:49:
                    f9:91:92:2a:80:71:7e:be:6f:3d:61:00:7e:75:89:
                    e4:7a:3e:09:10:44:44:a2:1e:52:d4:b8:bf:4a:0c:
                    43:45:4f:d1:62:89:bf:92:ca:ef:1c:00:ff:98:ca:
                    43:f7:13:70:fb:e8:b7:d0:1f:ee:59:26:88:9f:95:
                    09:8e:01:3a:ab:11:ae:45:25:a7:30:b6:9d:9f:21:
                    b8:b6:0d:4f:5e:99:73:e6:94:d5:1c:3d:35:53:77:
                    9e:37:58:f0:1d:40:bb:74:2e:89:1d:8e:b8:07:77:
                    ec:57:c1:87:a6:5f:ba:4b:5c:a8:d2:13:23:e1:a3:
                    1d:da:e6:69:42:b4:f7:7d:84:62:e9:7f:68:55:df:
                    2d:91:a1:a7:70:66:c6:47:1b:eb:e1:2e:64:99:b2:
                    7e:36:11:06:42:ab:77:8f:21:44:eb:d3:87:7e:13:
                    1c:7e:52:ce:a1:1c:66:eb:53:c4:53:dd:b8:99:21:
                    07:f4:37:56:a7:c5:b4:2e:99:07:71:67:56:a8:c8:
                    f7:e2:86:82:4b:07:8e:e8:65:b9:c9:d1:34:19:12:
                    25:61:20:4e:2c:20:41:d6:fa:d8:d9:67:12:33:b7:
                    f4:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:A6:EE:CD:4F:E3:06:84:19:39:37:0B:7F:F2:CD:A6:D1:9C:BF:66
            X509v3 Authority Key Identifier:
                keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/oKbuzU_jBoQZOTcLf_LNptGcv2Y.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.103.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         79:0a:db:2a:32:53:de:b8:28:4d:f9:9e:ab:b4:eb:a2:34:3b:
         cc:0a:ab:46:b5:ab:07:fa:ea:52:82:26:50:65:b7:9e:1a:b8:
         e5:66:0b:54:f4:61:3e:09:7a:38:68:81:92:38:59:68:af:38:
         85:31:c1:78:c9:b3:fd:d5:cd:0b:86:49:e0:79:49:f2:22:8d:
         a6:44:10:f1:fb:c3:0d:58:ac:87:2d:e2:67:8d:e1:f3:ab:bc:
         39:4d:75:98:25:7e:a9:20:8c:6d:81:b3:ba:76:90:6a:53:2e:
         5b:42:de:13:ee:a2:ab:e1:15:12:37:0e:0d:5d:ed:f4:5b:77:
         d6:5c:12:e4:5f:a8:b9:ed:12:c6:26:b9:bb:66:0b:8e:fd:3b:
         79:6d:1e:6a:e5:ba:e6:1c:e4:ad:6f:a9:00:6c:59:4e:75:0a:
         34:ce:fe:97:85:c5:d8:39:b5:a5:ac:59:37:b7:81:e2:71:b4:
         aa:65:9e:b9:6f:96:8f:37:ca:73:e2:a5:55:a7:fc:3e:85:ae:
         92:ad:dc:85:0f:cc:cc:f7:44:a0:bc:98:d6:ea:41:ed:e9:59:
         87:01:6d:e7:dd:59:31:95:95:6f:db:60:ef:0a:44:55:e1:1a:
         da:89:97:d5:0f:fe:61:0e:92:e6:de:1e:16:17:c9:6e:81:90:
         51:a5:ca:a5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICIUEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MjAy
MTQxNDJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEEwQTZFRUNENEZFMzA2
ODQxOTM5MzcwQjdGRjJDREE2RDE5Q0JGNjYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCjkjTRvUxYnhh3Kcm9iA3ky3WWXFtsPb9s3zgtSfmRkiqAcX6+
bz1hAH51ieR6PgkQRESiHlLUuL9KDENFT9Fiib+Syu8cAP+YykP3E3D76LfQH+5Z
JoiflQmOATqrEa5FJacwtp2fIbi2DU9emXPmlNUcPTVTd543WPAdQLt0LokdjrgH
d+xXwYemX7pLXKjSEyPhox3a5mlCtPd9hGLpf2hV3y2RoadwZsZHG+vhLmSZsn42
EQZCq3ePIUTr04d+Exx+Us6hHGbrU8RT3biZIQf0N1anxbQumQdxZ1aoyPfihoJL
B47oZbnJ0TQZEiVhIE4sIEHW+tjZZxIzt/QRAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUoKbuzU/jBoQZOTcLf/LNptGcv2YwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9vS2J1elVfakJvUVpPVGNM
Zl9MTnB0R2N2Mlkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
G2cwDQYJKoZIhvcNAQELBQADggEBAHkK2yoyU964KE35nqu066I0O8wKq0a1qwf6
6lKCJlBlt54auOVmC1T0YT4JejhogZI4WWivOIUxwXjJs/3VzQuGSeB5SfIijaZE
EPH7ww1YrIct4meN4fOrvDlNdZglfqkgjG2Bs7p2kGpTLltC3hPuoqvhFRI3Dg1d
7fRbd9ZcEuRfqLntEsYmubtmC479O3ltHmrluuYc5K1vqQBsWU51CjTO/peFxdg5
taWsWTe3geJxtKplnrlvlo83ynPipVWn/D6FrpKt3IUPzMz3RKC8mNbqQe3pWYcB
befdWTGVlW/bYO8KRFXhGtqJl9UP/mEOkubeHhYXyW6BkFGlyqU=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:45 2025 by rpki-client