Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/WxPqPkO6YUJl4VQsZLOVV1U3rSE.roa
File:                     WxPqPkO6YUJl4VQsZLOVV1U3rSE.roa (raw, json)
Hash identifier:          ClA4jAtuJJmkaS1puVf+QVDhAzeXZ7Qel7QT8Qj4w+s=
Subject key identifier:   5B:13:EA:3E:43:BA:61:42:65:E1:54:2C:64:B3:95:57:55:37:AD:21
Certificate issuer:       /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial:       034E
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/WxPqPkO6YUJl4VQsZLOVV1U3rSE.roa
Signing time:             Sun 11 May 2025 11:37:53 +0000
ROA not before:           Sun 11 May 2025 11:37:53 +0000
ROA not after:            Thu 09 Apr 2026 06:33:21 +0000
asID:                     9391
IP address blocks:        119.16.0.0/16 maxlen: 16
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 846 (0x34e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
        Validity
            Not Before: May 11 11:37:53 2025 GMT
            Not After : Apr  9 06:33:21 2026 GMT
        Subject: CN=5B13EA3E43BA614265E1542C64B395575537AD21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a8:ab:56:f9:57:ad:a0:67:5b:e6:b3:45:fd:
                    71:06:65:e4:f5:af:40:70:f9:f4:ba:fb:09:ae:4f:
                    b5:ba:42:72:c8:57:52:18:fb:a2:fe:65:fb:c3:69:
                    58:cb:b6:42:ee:a1:96:04:0b:fb:67:6d:2c:39:f3:
                    7c:75:38:33:b9:64:c6:85:36:3b:3b:1c:5f:18:57:
                    0f:6e:9e:a6:26:6e:b6:71:d9:ef:96:0e:4d:91:48:
                    b1:1b:46:ed:62:89:b0:95:94:f2:c1:4f:d2:d5:9c:
                    bb:57:07:5e:a6:cc:23:7c:1f:58:cc:53:93:b4:b8:
                    87:94:f9:57:f3:e4:ab:15:da:9b:ef:6b:0c:71:d6:
                    f5:91:ea:98:07:fa:0e:1d:bc:31:92:6b:d9:6a:3b:
                    c4:ac:d9:d4:f3:ac:6c:99:20:0c:b7:22:26:01:c5:
                    25:e9:c6:8f:75:69:23:45:d6:b1:a0:78:2f:cb:f3:
                    23:23:c2:12:ad:be:01:93:f1:18:79:51:67:ae:d9:
                    bb:34:9f:e7:30:91:cb:b6:31:2e:0c:34:f7:f2:0c:
                    fe:9f:91:6d:17:4c:8b:bd:29:72:47:58:58:f4:14:
                    cd:2f:b9:0a:24:b2:4f:18:75:81:e5:21:64:65:9e:
                    76:88:4b:e2:33:8a:85:db:9d:66:b9:b5:86:8f:94:
                    8f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:13:EA:3E:43:BA:61:42:65:E1:54:2C:64:B3:95:57:55:37:AD:21
            X509v3 Authority Key Identifier:
                keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/WxPqPkO6YUJl4VQsZLOVV1U3rSE.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.16.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         63:ee:97:78:d2:e0:04:04:75:d9:bf:21:75:03:53:26:1d:7f:
         30:96:b2:59:46:34:d7:1c:de:bc:a0:03:f9:b2:94:06:c6:b7:
         e5:fa:48:06:69:39:5f:9f:58:be:f0:b1:94:cc:01:e5:78:f3:
         e0:41:c0:b3:66:8e:a7:67:62:1c:21:35:89:9f:3f:7f:48:41:
         21:16:0e:3f:53:9e:08:8c:01:89:32:6e:e2:52:22:45:78:58:
         5b:59:36:ab:0a:e7:e6:b9:3d:ea:53:4b:4a:c7:48:43:6a:40:
         f5:f9:f9:f5:d1:af:ac:12:f6:92:34:6b:af:79:bd:fd:19:2f:
         7c:b9:ff:ff:b3:ea:e5:6e:1a:6d:c6:66:ae:d3:a6:8a:9c:b5:
         3f:4b:cb:8f:92:f4:b0:5c:63:f3:ea:50:b7:78:82:8d:ea:fb:
         ba:c8:8f:62:cf:45:34:a7:d7:02:df:03:95:72:be:d2:57:cd:
         10:54:c3:e0:00:35:03:ec:38:1e:24:8b:c2:1b:e3:0b:50:02:
         9e:c3:09:6e:77:67:c1:f3:9c:a9:5d:e6:5f:24:a9:7a:ca:1a:
         08:50:48:cd:81:b3:ae:90:0c:67:0d:41:fa:2c:12:aa:81:be:
         a8:2b:99:c1:01:1f:de:b5:19:ae:56:11:63:c8:c2:de:dc:a5:
         98:42:83:74
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICA04wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTEx
MTM3NTNaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDVCMTNFQTNFNDNCQTYx
NDI2NUUxNTQyQzY0QjM5NTU3NTUzN0FEMjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDqKtW+VetoGdb5rNF/XEGZeT1r0Bw+fS6+wmuT7W6QnLIV1IY
+6L+ZfvDaVjLtkLuoZYEC/tnbSw583x1ODO5ZMaFNjs7HF8YVw9unqYmbrZx2e+W
Dk2RSLEbRu1iibCVlPLBT9LVnLtXB16mzCN8H1jMU5O0uIeU+Vfz5KsV2pvvawxx
1vWR6pgH+g4dvDGSa9lqO8Ss2dTzrGyZIAy3IiYBxSXpxo91aSNF1rGgeC/L8yMj
whKtvgGT8Rh5UWeu2bs0n+cwkcu2MS4MNPfyDP6fkW0XTIu9KXJHWFj0FM0vuQok
sk8YdYHlIWRlnnaIS+IzioXbnWa5tYaPlI8BAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUWxPqPkO6YUJl4VQsZLOVV1U3rSEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9XeFBxUGtPNllVSmw0VlFz
WkxPVlYxVTNyU0Uucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
dxAwDQYJKoZIhvcNAQELBQADggEBAGPul3jS4AQEddm/IXUDUyYdfzCWsllGNNcc
3rygA/mylAbGt+X6SAZpOV+fWL7wsZTMAeV48+BBwLNmjqdnYhwhNYmfP39IQSEW
Dj9TngiMAYkybuJSIkV4WFtZNqsK5+a5PepTS0rHSENqQPX5+fXRr6wS9pI0a695
vf0ZL3y5//+z6uVuGm3GZq7TpoqctT9Ly4+S9LBcY/PqULd4go3q+7rIj2LPRTSn
1wLfA5VyvtJXzRBUw+AANQPsOB4ki8Ib4wtQAp7DCW53Z8HznKld5l8kqXrKGghQ
SM2Bs66QDGcNQfosEqqBvqgrmcEBH961Ga5WEWPIwt7cpZhCg3Q=
-----END CERTIFICATE-----
Generated at Sun May 18 01:59:32 2025 by rpki-client