Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/tSHEP4qFPVd5pClZ2rE9VQkGAfQ.roa
File: tSHEP4qFPVd5pClZ2rE9VQkGAfQ.roa (raw, json)
Hash identifier: 7H0o0P94z2/xFS4aoEneJsfNzH9lkdlrkjA25VLT/34=
Subject key identifier: B5:21:C4:3F:8A:85:3D:57:79:A4:29:59:DA:B1:3D:55:09:06:01:F4
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0AE9
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/tSHEP4qFPVd5pClZ2rE9VQkGAfQ.roa
Signing time: Wed 21 May 2025 15:08:34 +0000
ROA not before: Wed 21 May 2025 15:08:34 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 27.103.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2793 (0xae9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 21 15:08:34 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=B521C43F8A853D5779A42959DAB13D55090601F4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:28:f6:8e:7f:dc:ef:b6:66:1f:54:b6:e1:50:
94:03:5c:52:5b:a6:ea:49:ec:bb:d4:8e:e0:f6:c6:
b6:18:97:d1:8f:f5:55:ba:a1:4c:a3:53:55:f8:05:
c7:60:ae:ad:4b:d9:1d:13:17:c9:24:26:12:00:b2:
b7:35:68:1d:30:73:0a:c0:0e:2d:04:e7:f2:01:44:
41:c4:4b:30:48:b9:d8:2e:b7:02:1f:33:c1:9f:76:
d3:4c:b9:d8:a4:fa:e6:e3:e2:6b:e6:d4:87:e7:23:
1a:6f:0d:54:e2:28:16:d6:89:14:e4:4e:2c:35:34:
30:02:f5:86:f4:27:8f:4d:67:fa:cc:02:74:10:6f:
41:5a:b1:ef:81:65:37:aa:f9:ae:60:2e:58:d2:22:
75:4f:f9:93:59:83:a6:ca:73:74:28:6f:bf:0f:98:
2f:18:07:3c:1b:8e:4e:d1:7c:b2:48:ed:fc:29:2d:
aa:d7:27:d4:43:d1:28:f3:76:a4:90:8d:49:e8:85:
fb:94:46:c7:b7:6d:c1:1f:7a:52:5d:96:0f:40:e3:
48:e4:8b:1f:e7:49:6e:95:88:f9:9f:7a:d5:d9:c0:
89:32:c6:d6:cb:48:63:c5:6a:2b:cd:19:d8:66:c6:
da:86:9a:c3:27:66:08:72:e9:78:5c:86:4d:f2:78:
8f:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:21:C4:3F:8A:85:3D:57:79:A4:29:59:DA:B1:3D:55:09:06:01:F4
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/tSHEP4qFPVd5pClZ2rE9VQkGAfQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
27.103.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a8:32:74:e8:e9:1c:31:b7:c4:e7:79:85:51:20:16:cc:d7:63:
e0:39:8f:8e:0c:82:25:9b:ec:6d:3e:ed:1a:48:88:22:33:92:
8c:1f:d2:ee:45:e3:c0:a3:bc:e4:4a:4a:b6:b8:9a:ce:f3:24:
99:99:38:ac:27:dd:82:d8:c8:47:75:1f:d2:14:5b:86:ba:02:
b7:b2:41:1a:fc:8b:9a:e8:0f:79:a9:44:89:d5:5b:ab:d1:45:
57:83:48:1f:45:85:c8:8e:48:e4:8f:34:c2:a1:20:5d:29:7c:
d6:dc:c5:5f:65:6d:69:75:01:4b:27:0b:eb:f7:8a:b9:df:c2:
4c:bb:3d:74:98:ac:54:28:b9:40:21:83:b4:f8:fa:2e:2d:d4:
27:5e:b7:b7:48:b2:00:2a:77:e8:2c:fc:dc:65:2d:21:aa:f9:
4e:2f:bd:54:38:63:0e:98:49:7f:00:1b:76:43:c0:42:f8:21:
67:6a:29:51:67:f7:8d:35:24:70:f2:1a:5a:41:3f:2c:ef:9e:
61:57:d1:24:89:6e:f1:f3:b4:fa:0e:d9:1d:27:26:c8:1d:5b:
19:9c:21:99:ea:76:79:2c:14:ae:e8:29:63:a5:6d:20:61:7b:
eb:a5:c5:06:e4:2f:82:c2:b1:bc:02:c6:ba:1e:11:86:6e:f8:
a9:b4:4e:18
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICCukwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjEx
NTA4MzRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEI1MjFDNDNGOEE4NTNE
NTc3OUE0Mjk1OURBQjEzRDU1MDkwNjAxRjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCmKPaOf9zvtmYfVLbhUJQDXFJbpupJ7LvUjuD2xrYYl9GP9VW6
oUyjU1X4Bcdgrq1L2R0TF8kkJhIAsrc1aB0wcwrADi0E5/IBREHESzBIudgutwIf
M8GfdtNMudik+ubj4mvm1IfnIxpvDVTiKBbWiRTkTiw1NDAC9Yb0J49NZ/rMAnQQ
b0Fase+BZTeq+a5gLljSInVP+ZNZg6bKc3Qob78PmC8YBzwbjk7RfLJI7fwpLarX
J9RD0SjzdqSQjUnohfuURse3bcEfelJdlg9A40jkix/nSW6ViPmfetXZwIkyxtbL
SGPFaivNGdhmxtqGmsMnZghy6Xhchk3yeI/bAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUtSHEP4qFPVd5pClZ2rE9VQkGAfQwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni90U0hFUDRxRlBWZDVwQ2xa
MnJFOVZRa0dBZlEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
G2cwDQYJKoZIhvcNAQELBQADggEBAKgydOjpHDG3xOd5hVEgFszXY+A5j44MgiWb
7G0+7RpIiCIzkowf0u5F48CjvORKSra4ms7zJJmZOKwn3YLYyEd1H9IUW4a6Arey
QRr8i5roD3mpRInVW6vRRVeDSB9FhciOSOSPNMKhIF0pfNbcxV9lbWl1AUsnC+v3
irnfwky7PXSYrFQouUAhg7T4+i4t1Cdet7dIsgAqd+gs/NxlLSGq+U4vvVQ4Yw6Y
SX8AG3ZDwEL4IWdqKVFn9401JHDyGlpBPyzvnmFX0SSJbvHztPoO2R0nJsgdWxmc
IZnqdnksFK7oKWOlbSBhe+ulxQbkL4LCsbwCxroeEYZu+Km0Thg=
-----END CERTIFICATE-----
Generated at Thu Jun 5 20:32:56 2025 by rpki-client