Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/3Z2fVG9AR9VB_RxWFD_S35nQpeo.roa
File: 3Z2fVG9AR9VB_RxWFD_S35nQpeo.roa (raw, json)
Hash identifier: PBrjR6irDOEaeyIXAfmiwv5NECCFRj2JYCDfdeFUWBQ=
Subject key identifier: DD:9D:9F:54:6F:40:47:D5:41:FD:1C:56:14:3F:D2:DF:99:D0:A5:EA
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 01C9
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/3Z2fVG9AR9VB_RxWFD_S35nQpeo.roa
Signing time: Fri 09 May 2025 11:07:45 +0000
ROA not before: Fri 09 May 2025 11:07:45 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 27.103.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 457 (0x1c9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 9 11:07:45 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=DD9D9F546F4047D541FD1C56143FD2DF99D0A5EA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:c8:52:4f:e1:5e:86:b4:39:82:12:c2:bb:7c:
f7:d7:b7:4c:99:97:16:3f:ae:e3:59:05:2f:4a:98:
1b:37:c9:fb:11:88:5f:e0:36:6c:dd:ec:48:51:58:
f7:82:1a:9a:0c:b5:b2:07:a3:fc:b1:f1:6a:49:e7:
c0:5a:2c:05:d6:f2:1a:20:11:75:fa:ba:8d:57:a2:
fc:a5:e2:c2:31:ca:85:fa:69:cb:ce:5c:88:b0:a5:
07:01:0e:68:c4:ca:36:88:af:d5:26:ab:95:9e:b0:
c9:a8:d1:ad:80:91:b8:47:76:54:ca:bb:63:21:77:
cb:6f:9d:02:30:80:a2:3c:63:34:3c:13:12:8c:81:
28:07:95:c4:b3:37:4e:f3:12:2e:e1:17:49:eb:87:
4d:7a:a9:0e:f5:1b:4b:02:ec:25:af:c3:b5:18:e5:
7c:87:47:cb:bf:56:e2:15:7a:a8:3b:45:e8:5d:ca:
9c:67:b0:74:66:a2:44:c2:af:ff:7b:2c:06:34:3a:
5a:3e:3c:03:23:a5:72:22:c8:6c:82:b7:8b:75:3f:
ff:2e:60:6a:d5:3a:87:81:ad:b2:1d:68:b8:22:39:
91:40:12:81:61:2a:a7:6b:b8:c2:dd:60:e8:e7:7a:
9f:15:ed:90:59:21:8e:35:12:67:15:49:b4:69:9b:
78:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:9D:9F:54:6F:40:47:D5:41:FD:1C:56:14:3F:D2:DF:99:D0:A5:EA
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/3Z2fVG9AR9VB_RxWFD_S35nQpeo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
27.103.0.0/16
Signature Algorithm: sha256WithRSAEncryption
55:f0:ce:58:71:b8:57:41:94:94:ea:b0:b5:92:e6:b0:3c:5c:
60:69:48:d3:7c:59:bd:f3:d2:c9:ac:08:4e:d2:d8:ca:65:7f:
ca:1c:97:dc:97:ba:da:8a:d7:dd:d3:4c:f9:0c:b6:59:c0:2f:
ae:10:f9:dc:2e:da:e2:00:21:f5:47:59:89:77:e3:15:78:d5:
a9:46:a1:5b:21:96:2c:ad:f8:85:f7:79:d1:9c:1c:a1:25:c2:
a9:08:58:59:36:0f:8a:6b:0c:3d:28:19:af:f1:75:e9:30:2b:
fa:5a:5c:1a:8f:d7:1a:d7:cf:e5:9f:b7:0f:a6:0c:c9:61:89:
a6:19:12:c6:7b:0f:c4:57:77:3e:71:2b:23:7c:66:93:f2:df:
da:ed:f7:0d:cd:46:76:19:5e:38:74:bf:82:61:87:24:cd:62:
e6:84:dd:3b:34:20:a6:47:79:18:d3:35:b5:80:cc:9f:46:c1:
ff:93:a9:67:08:41:4d:c8:df:6a:86:1f:ba:6a:04:ba:1b:90:
ed:c1:e6:45:f2:55:90:06:97:30:21:cb:34:3e:bb:6d:9d:35:
de:0a:57:db:e3:ad:ad:86:e1:45:f7:e3:1f:51:57:70:7a:0e:
37:06:ec:86:55:09:68:ac:8a:c9:5e:1b:61:6c:f0:3c:75:f9:
45:5f:44:64
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAckwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MDkx
MTA3NDVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEREOUQ5RjU0NkY0MDQ3
RDU0MUZEMUM1NjE0M0ZEMkRGOTlEMEE1RUEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDsyFJP4V6GtDmCEsK7fPfXt0yZlxY/ruNZBS9KmBs3yfsRiF/g
Nmzd7EhRWPeCGpoMtbIHo/yx8WpJ58BaLAXW8hogEXX6uo1Xovyl4sIxyoX6acvO
XIiwpQcBDmjEyjaIr9Umq5WesMmo0a2AkbhHdlTKu2Mhd8tvnQIwgKI8YzQ8ExKM
gSgHlcSzN07zEi7hF0nrh016qQ71G0sC7CWvw7UY5XyHR8u/VuIVeqg7Rehdypxn
sHRmokTCr/97LAY0Olo+PAMjpXIiyGyCt4t1P/8uYGrVOoeBrbIdaLgiOZFAEoFh
KqdruMLdYOjnep8V7ZBZIY41EmcVSbRpm3h7AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU3Z2fVG9AR9VB/RxWFD/S35nQpeowHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni8zWjJmVkc5QVI5VkJfUnhX
RkRfUzM1blFwZW8ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
G2cwDQYJKoZIhvcNAQELBQADggEBAFXwzlhxuFdBlJTqsLWS5rA8XGBpSNN8Wb3z
0smsCE7S2Mplf8ocl9yXutqK193TTPkMtlnAL64Q+dwu2uIAIfVHWYl34xV41alG
oVshliyt+IX3edGcHKElwqkIWFk2D4prDD0oGa/xdekwK/paXBqP1xrXz+Wftw+m
DMlhiaYZEsZ7D8RXdz5xKyN8ZpPy39rt9w3NRnYZXjh0v4JhhyTNYuaE3Ts0IKZH
eRjTNbWAzJ9Gwf+TqWcIQU3I32qGH7pqBLobkO3B5kXyVZAGlzAhyzQ+u22dNd4K
V9vjra2G4UX34x9RV3B6DjcG7IZVCWisisleG2Fs8Dx1+UVfRGQ=
-----END CERTIFICATE-----
Generated at Sat May 17 19:41:14 2025 by rpki-client