Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/QlK5II3STg7atfDmnVr2_5JLplc.roa
File: QlK5II3STg7atfDmnVr2_5JLplc.roa (raw, json)
Hash identifier: Q5a8wmByR9cwci7IveydNhXkosPQDSk3A+tZoFYWhpA=
Subject key identifier: 42:52:B9:20:8D:D2:4E:0E:DA:B5:F0:E6:9D:5A:F6:FF:92:4B:A6:57
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 06E5
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/QlK5II3STg7atfDmnVr2_5JLplc.roa
Signing time: Fri 16 May 2025 06:38:09 +0000
ROA not before: Fri 16 May 2025 06:38:09 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 27.103.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1765 (0x6e5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 16 06:38:09 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=4252B9208DD24E0EDAB5F0E69D5AF6FF924BA657
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:50:37:f6:2a:c3:a5:4c:ed:60:72:5a:ed:a6:
09:3d:5e:a6:56:09:7b:d7:a4:b0:1e:bb:22:a6:2d:
f0:c2:77:e4:7d:b7:bb:06:e2:23:b9:bd:c5:e9:24:
04:3d:55:05:24:2b:9c:cf:69:fb:11:6c:ce:36:70:
45:ee:8d:04:3c:1a:ce:63:45:27:b6:50:91:cb:e7:
c8:be:06:08:b5:50:a6:7b:11:55:29:a2:cf:97:02:
66:07:67:78:3c:69:73:8b:00:89:04:ed:c7:9d:39:
11:6d:67:46:42:2a:ff:0b:84:ac:0f:c0:f2:da:86:
11:bf:34:bf:0f:1d:ad:6c:46:0e:8f:14:69:95:98:
54:7b:5d:80:bc:83:ff:ca:4e:09:34:6f:e1:1b:2d:
cc:20:af:f9:2a:fe:91:f9:4e:0d:4e:af:4c:ba:1e:
19:85:6e:20:3f:2b:9d:23:1e:a4:73:51:f1:56:73:
15:ef:0f:ac:2a:95:db:8f:38:e6:27:df:44:7d:0e:
53:e8:a9:37:95:54:d4:20:16:07:d1:d3:0d:9a:86:
ae:95:ef:3c:4d:f2:7c:69:3e:0a:1d:f1:aa:53:da:
54:4d:ac:54:37:e1:cd:8f:31:b4:b7:8d:ac:55:42:
a7:61:b7:28:0c:ea:9a:9b:80:5c:f8:01:50:c7:19:
3b:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:52:B9:20:8D:D2:4E:0E:DA:B5:F0:E6:9D:5A:F6:FF:92:4B:A6:57
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/QlK5II3STg7atfDmnVr2_5JLplc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
27.103.0.0/16
Signature Algorithm: sha256WithRSAEncryption
79:42:7d:fd:43:1d:82:4c:19:09:f7:50:bd:e5:b4:27:85:41:
ed:f4:4f:1b:9e:a2:79:e6:02:e4:2f:da:f5:62:f8:f6:84:7d:
9e:a9:e9:ac:33:1e:b0:d9:5e:33:fb:f0:b4:01:83:b3:06:3e:
f5:2f:e1:f5:b0:c8:cf:27:66:4a:bf:98:fc:a9:0f:a1:e8:7c:
00:91:f7:06:8d:e5:09:79:e7:df:2d:a1:36:ad:4e:10:e5:97:
1d:d8:38:5a:e0:bc:6b:54:89:ff:6c:3a:a7:0c:3b:44:a2:e1:
72:86:6a:15:9b:11:15:04:9b:c6:36:87:da:ec:f2:3c:86:d6:
5f:14:b0:52:d5:19:a4:7e:df:77:52:8f:9a:7f:3f:b3:6b:d3:
c4:56:61:9d:5d:a3:89:1a:85:3c:81:ab:a9:14:47:a4:9c:88:
ed:fd:6f:52:6b:f1:7b:37:8b:98:55:22:01:d0:a5:a7:3d:1e:
78:a3:a2:bc:68:71:cc:5f:fe:60:59:f6:93:ac:ae:f6:27:ce:
8f:95:e3:c4:fd:05:aa:cb:b2:e1:30:fb:9e:17:f4:52:2e:e3:
5b:55:ed:c9:5a:4f:ff:65:5a:17:69:2d:13:1b:8d:17:36:19:
4c:26:3e:bd:8f:e9:9b:c9:b8:de:56:73:ee:e6:53:0b:4d:6d:
ca:37:74:47
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBuUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTYw
NjM4MDlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDQyNTJCOTIwOEREMjRF
MEVEQUI1RjBFNjlENUFGNkZGOTI0QkE2NTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXUDf2KsOlTO1gclrtpgk9XqZWCXvXpLAeuyKmLfDCd+R9t7sG
4iO5vcXpJAQ9VQUkK5zPafsRbM42cEXujQQ8Gs5jRSe2UJHL58i+Bgi1UKZ7EVUp
os+XAmYHZ3g8aXOLAIkE7cedORFtZ0ZCKv8LhKwPwPLahhG/NL8PHa1sRg6PFGmV
mFR7XYC8g//KTgk0b+EbLcwgr/kq/pH5Tg1Or0y6HhmFbiA/K50jHqRzUfFWcxXv
D6wqlduPOOYn30R9DlPoqTeVVNQgFgfR0w2ahq6V7zxN8nxpPgod8apT2lRNrFQ3
4c2PMbS3jaxVQqdhtygM6pqbgFz4AVDHGTubAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUQlK5II3STg7atfDmnVr2/5JLplcwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9RbEs1SUkzU1RnN2F0ZkRt
blZyMl81SkxwbGMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
G2cwDQYJKoZIhvcNAQELBQADggEBAHlCff1DHYJMGQn3UL3ltCeFQe30Txueonnm
AuQv2vVi+PaEfZ6p6awzHrDZXjP78LQBg7MGPvUv4fWwyM8nZkq/mPypD6HofACR
9waN5Ql5598toTatThDllx3YOFrgvGtUif9sOqcMO0Si4XKGahWbERUEm8Y2h9rs
8jyG1l8UsFLVGaR+33dSj5p/P7Nr08RWYZ1do4kahTyBq6kUR6SciO39b1Jr8Xs3
i5hVIgHQpac9Hnijorxoccxf/mBZ9pOsrvYnzo+V48T9BarLsuEw+54X9FIu41tV
7claT/9lWhdpLRMbjRc2GUwmPr2P6ZvJuN5Wc+7mUwtNbco3dEc=
-----END CERTIFICATE-----
Generated at Sun May 18 07:54:52 2025 by rpki-client