Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/yr_xw6b9GfQkjWGQ7AaOsEgFVh0.roa
File:                     yr_xw6b9GfQkjWGQ7AaOsEgFVh0.roa (raw, json)
Hash identifier:          vUI2odMr5k6Qya72uztQUCiWyOEn1tizGuLEM6H2/nc=
Subject key identifier:   CA:BF:F1:C3:A6:FD:19:F4:24:8D:61:90:EC:06:8E:B0:48:05:56:1D
Certificate issuer:       /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial:       162D
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/yr_xw6b9GfQkjWGQ7AaOsEgFVh0.roa
Signing time:             Thu 05 Jun 2025 15:39:35 +0000
ROA not before:           Thu 05 Jun 2025 15:39:35 +0000
ROA not after:            Thu 09 Apr 2026 06:33:21 +0000
asID:                     9391
IP address blocks:        27.103.0.0/16 maxlen: 16
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5677 (0x162d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
        Validity
            Not Before: Jun  5 15:39:35 2025 GMT
            Not After : Apr  9 06:33:21 2026 GMT
        Subject: CN=CABFF1C3A6FD19F4248D6190EC068EB04805561D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ca:08:c9:9c:cf:eb:e2:92:ad:4e:b5:74:39:
                    74:4a:79:00:38:e8:bf:b9:44:54:fc:31:f8:6c:a7:
                    96:11:5e:19:e9:ea:0a:b0:81:34:d8:06:27:a9:f6:
                    79:42:2d:ec:23:b1:4f:11:54:4e:71:b6:1c:78:f9:
                    62:52:13:15:6c:91:bd:4d:37:6a:87:10:41:62:6a:
                    71:30:6f:48:23:87:a9:ec:9d:31:c0:6f:a6:dd:cf:
                    2b:ce:35:03:58:e0:2e:24:1e:28:e9:95:91:9a:b9:
                    00:a8:f2:2b:a3:b2:cc:ae:ca:41:b9:d8:73:ff:20:
                    6c:ce:30:02:bf:f9:88:9f:71:5d:d1:3e:a2:d8:3a:
                    cb:29:94:3c:0e:66:69:21:1b:cb:76:99:cf:ca:3c:
                    54:fe:b3:ce:6a:c3:4a:bd:21:07:5c:54:5d:83:46:
                    d5:36:74:dd:97:35:bd:a6:5e:3d:dd:b1:bd:27:e1:
                    9a:d3:17:b8:77:a9:20:0b:bb:f6:21:c4:42:4a:6a:
                    13:b4:16:f5:96:2f:58:c5:55:e4:49:84:69:0e:16:
                    5d:1c:0d:03:04:8f:ba:08:e7:3c:80:2d:22:d0:73:
                    7d:65:70:9f:89:6d:a7:6d:6e:c6:c8:7c:d7:e8:e0:
                    44:32:29:01:5e:d8:b0:1c:62:a6:7b:f2:20:a9:50:
                    cc:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:BF:F1:C3:A6:FD:19:F4:24:8D:61:90:EC:06:8E:B0:48:05:56:1D
            X509v3 Authority Key Identifier:
                keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/yr_xw6b9GfQkjWGQ7AaOsEgFVh0.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.103.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         19:d5:77:a5:c4:17:e2:86:8f:f1:ac:35:ef:9f:86:1e:f6:c9:
         41:1f:e8:7e:c3:c9:a1:1b:6a:24:5a:d3:10:bb:43:63:26:17:
         05:d6:07:d8:5b:c3:98:7c:62:ed:60:c5:84:14:19:02:89:f6:
         5b:c2:6a:03:46:45:3d:85:e2:4b:9c:a5:3e:6a:a2:8e:dc:d0:
         00:05:e2:a2:14:85:9b:69:9b:aa:87:c3:06:00:25:8a:ba:8a:
         88:ab:2c:86:d8:d2:ea:c2:f9:41:40:ab:5c:fd:07:34:ba:6d:
         e7:c8:98:20:4e:e1:13:4c:ef:41:f5:ce:c4:b5:d2:33:76:3b:
         1e:f4:2f:bf:c0:e3:70:98:88:55:b9:b7:c3:03:aa:05:d7:85:
         10:df:a9:77:86:0b:2e:b1:59:98:4a:b2:67:f5:7b:d3:1a:77:
         01:f0:1d:ae:ca:a1:1f:07:b2:7e:0a:23:c6:4f:b0:6d:72:43:
         d4:57:7f:61:4d:96:d9:d0:f5:ff:bb:46:c6:0a:3d:a7:bd:a2:
         2a:15:45:fd:a9:43:2f:74:31:7b:60:c3:d7:67:f3:d3:56:93:
         67:58:da:69:e8:c2:ba:37:81:f0:5c:72:b3:a1:28:dc:33:14:
         9c:c1:25:45:43:ec:46:58:d2:f8:67:a1:3d:fd:dc:71:c4:8c:
         bf:ad:46:2b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFi0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDUx
NTM5MzVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKENBQkZGMUMzQTZGRDE5
RjQyNDhENjE5MEVDMDY4RUIwNDgwNTU2MUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDNygjJnM/r4pKtTrV0OXRKeQA46L+5RFT8Mfhsp5YRXhnp6gqw
gTTYBiep9nlCLewjsU8RVE5xthx4+WJSExVskb1NN2qHEEFianEwb0gjh6nsnTHA
b6bdzyvONQNY4C4kHijplZGauQCo8iujssyuykG52HP/IGzOMAK/+YifcV3RPqLY
OssplDwOZmkhG8t2mc/KPFT+s85qw0q9IQdcVF2DRtU2dN2XNb2mXj3dsb0n4ZrT
F7h3qSALu/YhxEJKahO0FvWWL1jFVeRJhGkOFl0cDQMEj7oI5zyALSLQc31lcJ+J
badtbsbIfNfo4EQyKQFe2LAcYqZ78iCpUMytAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUyr/xw6b9GfQkjWGQ7AaOsEgFVh0wHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni95cl94dzZiOUdmUWtqV0dR
N0FhT3NFZ0ZWaDAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
G2cwDQYJKoZIhvcNAQELBQADggEBABnVd6XEF+KGj/GsNe+fhh72yUEf6H7DyaEb
aiRa0xC7Q2MmFwXWB9hbw5h8Yu1gxYQUGQKJ9lvCagNGRT2F4kucpT5qoo7c0AAF
4qIUhZtpm6qHwwYAJYq6ioirLIbY0urC+UFAq1z9BzS6befImCBO4RNM70H1zsS1
0jN2Ox70L7/A43CYiFW5t8MDqgXXhRDfqXeGCy6xWZhKsmf1e9MadwHwHa7KoR8H
sn4KI8ZPsG1yQ9RXf2FNltnQ9f+7RsYKPae9oioVRf2pQy90MXtgw9dn89NWk2dY
2mnowro3gfBccrOhKNwzFJzBJUVD7EZY0vhnoT393HHEjL+tRis=
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:33 2025 by rpki-client