Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/xuuFRVhoYWQ9Ov7fanMJI9Zd0-g.roa
File:                     xuuFRVhoYWQ9Ov7fanMJI9Zd0-g.roa (raw, json)
Hash identifier:          jPaJaF8BlKv8eOAtUD6RFvVcbRFxX+st/gEE4iARaHM=
Subject key identifier:   C6:EB:85:45:58:68:61:64:3D:3A:FE:DF:6A:73:09:23:D6:5D:D3:E8
Certificate issuer:       /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial:       13C2
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/xuuFRVhoYWQ9Ov7fanMJI9Zd0-g.roa
Signing time:             Mon 02 Jun 2025 10:09:53 +0000
ROA not before:           Mon 02 Jun 2025 10:09:53 +0000
ROA not after:            Thu 09 Apr 2026 06:33:21 +0000
asID:                     9391
IP address blocks:        119.16.0.0/16 maxlen: 16
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5058 (0x13c2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
        Validity
            Not Before: Jun  2 10:09:53 2025 GMT
            Not After : Apr  9 06:33:21 2026 GMT
        Subject: CN=C6EB8545586861643D3AFEDF6A730923D65DD3E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f0:dc:3f:c6:ec:fc:97:da:c3:7c:26:12:47:
                    e6:32:21:79:66:b2:df:cb:8d:90:2c:bd:0b:af:9f:
                    c7:ca:bf:3c:ec:83:75:11:3a:a3:ce:34:02:a3:ad:
                    7e:0b:9b:eb:17:ee:2d:03:f9:37:3e:e2:9c:cd:cf:
                    2a:f5:39:78:ad:f8:da:6f:d4:2e:97:99:7b:98:db:
                    d0:17:25:55:1a:04:7d:2a:b7:87:fb:ec:e0:f0:de:
                    0e:11:5c:ca:81:7c:30:75:b6:28:d9:72:3a:92:5f:
                    0d:2c:a1:85:29:28:a1:d0:74:5a:74:d5:c9:bb:2d:
                    fb:14:79:6c:c2:b9:6a:08:26:22:d0:d0:8f:42:dc:
                    13:1c:31:55:ab:e4:2a:11:1e:36:2a:1e:85:4a:11:
                    f1:b2:62:b4:85:6d:fe:4f:4b:11:c1:29:42:6a:06:
                    79:01:7d:05:45:40:17:69:a4:fa:64:16:10:bb:fa:
                    53:2b:4e:b3:87:20:5c:6f:c2:7d:47:cf:9a:be:47:
                    bf:ca:b7:42:c5:f1:20:c6:98:87:3f:4a:4f:a5:96:
                    ba:0f:77:a9:32:0e:1e:1f:12:0d:fd:81:3f:88:88:
                    1c:66:64:4a:55:7c:3d:62:db:c7:e1:91:30:a8:d3:
                    bd:b2:72:38:39:df:87:4e:47:e3:4d:5d:37:7a:9a:
                    12:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:EB:85:45:58:68:61:64:3D:3A:FE:DF:6A:73:09:23:D6:5D:D3:E8
            X509v3 Authority Key Identifier:
                keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/xuuFRVhoYWQ9Ov7fanMJI9Zd0-g.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.16.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         77:d7:5e:5c:fb:93:25:2c:d8:a1:4b:97:57:5a:96:8f:0c:d7:
         75:93:68:69:3e:25:7e:1a:fa:90:9f:f2:02:b8:35:dd:cf:6e:
         53:22:8e:db:c8:1d:08:44:f0:04:13:ce:55:b4:24:b2:ef:e1:
         50:a1:e0:8f:62:3b:00:0a:5e:9b:34:44:a4:af:b2:a2:86:b0:
         6c:e7:e3:19:ef:11:01:f2:cf:7d:1a:69:04:0b:07:cc:97:92:
         1e:e7:40:63:af:c6:0e:47:ee:2c:7c:a5:a1:75:0b:c3:45:2b:
         51:8e:22:79:7c:f2:b4:d5:f8:e3:f7:93:0c:76:f0:df:5c:4f:
         79:77:48:0b:b0:90:11:05:da:7a:3e:01:eb:a9:74:22:72:9e:
         c8:59:62:0a:87:62:40:11:73:bf:bf:0a:ac:da:bf:23:25:3a:
         2a:1d:70:ef:e4:e8:1c:fc:20:0b:29:89:2d:47:b7:a8:e4:5d:
         9c:a9:e5:66:d4:1b:9a:20:a0:37:df:a6:e3:a7:e6:9b:2d:94:
         88:14:15:24:41:c4:27:f4:90:a9:d6:1a:4f:16:a9:a1:6e:d0:
         9c:18:90:78:97:a4:92:15:60:6d:bc:69:12:a1:d6:36:5a:ad:
         aa:f0:44:bf:4d:6e:cf:d3:4c:61:c4:a0:f0:da:d2:65:03:b7:
         6f:c7:d0:6f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICE8IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDIx
MDA5NTNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEM2RUI4NTQ1NTg2ODYx
NjQzRDNBRkVERjZBNzMwOTIzRDY1REQzRTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDA8Nw/xuz8l9rDfCYSR+YyIXlmst/LjZAsvQuvn8fKvzzsg3UR
OqPONAKjrX4Lm+sX7i0D+Tc+4pzNzyr1OXit+Npv1C6XmXuY29AXJVUaBH0qt4f7
7ODw3g4RXMqBfDB1tijZcjqSXw0soYUpKKHQdFp01cm7LfsUeWzCuWoIJiLQ0I9C
3BMcMVWr5CoRHjYqHoVKEfGyYrSFbf5PSxHBKUJqBnkBfQVFQBdppPpkFhC7+lMr
TrOHIFxvwn1Hz5q+R7/Kt0LF8SDGmIc/Sk+llroPd6kyDh4fEg39gT+IiBxmZEpV
fD1i28fhkTCo072ycjg534dOR+NNXTd6mhI3AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUxuuFRVhoYWQ9Ov7fanMJI9Zd0+gwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni94dXVGUlZob1lXUTlPdjdm
YW5NSkk5WmQwLWcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAHfXXlz7kyUs2KFLl1dalo8M13WTaGk+JX4a
+pCf8gK4Nd3PblMijtvIHQhE8AQTzlW0JLLv4VCh4I9iOwAKXps0RKSvsqKGsGzn
4xnvEQHyz30aaQQLB8yXkh7nQGOvxg5H7ix8paF1C8NFK1GOInl88rTV+OP3kwx2
8N9cT3l3SAuwkBEF2no+AeupdCJynshZYgqHYkARc7+/CqzavyMlOiodcO/k6Bz8
IAspiS1Ht6jkXZyp5WbUG5ogoDffpuOn5pstlIgUFSRBxCf0kKnWGk8WqaFu0JwY
kHiXpJIVYG28aRKh1jZararwRL9Nbs/TTGHEoPDa0mUDt2/H0G8=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:39 2025 by rpki-client