Route Origin Authorization

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/j2ZnNEApr6ax3-D37OVqLD9RRXk.roa
File:                     j2ZnNEApr6ax3-D37OVqLD9RRXk.roa (raw, json)
Hash identifier:          kAoGjEkyQivdnaEG6FosO05JRgxMBf8pzrfi6AhGl9M=
Subject key identifier:   8F:66:67:34:40:29:AF:A6:B1:DF:E0:F7:EC:E5:6A:2C:3F:51:45:79
Certificate issuer:       /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial:       0241
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/j2ZnNEApr6ax3-D37OVqLD9RRXk.roa
Signing time:             Sat 10 May 2025 02:07:49 +0000
ROA not before:           Sat 10 May 2025 02:07:49 +0000
ROA not after:            Thu 09 Apr 2026 06:33:21 +0000
asID:                     9391
IP address blocks:        27.103.0.0/16 maxlen: 16
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 577 (0x241)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
        Validity
            Not Before: May 10 02:07:49 2025 GMT
            Not After : Apr  9 06:33:21 2026 GMT
        Subject: CN=8F6667344029AFA6B1DFE0F7ECE56A2C3F514579
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:37:43:6a:68:c5:34:a0:d2:d5:5a:4a:a3:93:
                    9a:07:81:b6:61:d4:e5:3c:c7:7d:80:64:cd:2a:7f:
                    2e:b0:6d:8c:05:e2:ca:8c:b6:8f:9b:ce:cc:d1:f2:
                    0f:fe:e7:d3:ef:98:7d:7f:16:b1:e0:4f:fc:6c:90:
                    39:53:af:d6:f7:14:15:5f:2e:cd:33:ab:aa:20:97:
                    70:d1:65:3d:33:22:a2:36:26:da:89:d4:47:59:72:
                    03:13:1a:0a:c9:e8:d1:e7:bc:02:b0:17:d9:7c:3a:
                    1e:11:ec:fb:6f:68:60:88:3a:45:48:c4:fd:8b:b2:
                    6d:73:41:71:4a:71:d1:f7:25:d2:ce:68:0e:bc:35:
                    13:11:65:1c:fc:90:9f:e2:04:f8:9e:2d:14:9b:24:
                    89:2a:51:8c:f5:a8:05:33:04:1c:f4:90:53:1d:cc:
                    fe:32:29:26:96:89:cd:1a:4e:cd:b7:33:8e:96:b7:
                    93:02:87:49:bc:8d:fc:f9:1f:c8:bb:69:ed:35:c8:
                    f3:a1:19:e4:6f:0a:85:cc:01:96:9c:e1:63:03:7d:
                    a0:9f:21:f4:79:f0:28:d5:c5:b8:5f:14:56:e4:5c:
                    1b:03:38:77:88:a6:47:75:0b:04:c0:ac:82:5b:70:
                    76:8d:37:d5:02:63:d3:8d:ae:09:1f:0f:7f:5a:e0:
                    45:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:66:67:34:40:29:AF:A6:B1:DF:E0:F7:EC:E5:6A:2C:3F:51:45:79
            X509v3 Authority Key Identifier:
                keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/j2ZnNEApr6ax3-D37OVqLD9RRXk.roa
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.103.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         03:75:4e:8a:be:ed:0c:4e:ff:df:93:39:3d:21:5f:1c:ff:0b:
         b0:d2:1d:ab:f3:e2:11:cb:cd:f3:ad:4f:ce:2e:ca:69:01:7a:
         63:18:59:9a:e5:67:6c:26:2b:cc:08:41:fe:46:42:10:62:25:
         65:3a:45:74:d4:a0:91:f1:94:3b:7a:e1:f1:f5:1c:6b:fc:75:
         36:06:7f:a0:ef:28:d5:23:22:36:75:2f:c9:c2:f6:d4:b0:f4:
         b9:90:8b:42:26:8e:bc:4a:75:3c:27:0b:23:85:c8:1b:43:1e:
         a7:54:bb:36:c8:5e:d6:8a:76:dc:22:c1:1b:97:ea:6d:78:5c:
         2d:82:14:19:80:87:aa:00:a9:96:94:99:c6:94:7d:56:c7:35:
         c8:83:71:e1:40:2e:c7:7c:34:93:b5:b4:57:14:ee:d5:63:ab:
         0e:50:3d:d8:ff:35:db:8c:b3:ed:39:eb:bf:60:98:21:97:3e:
         af:07:21:8e:15:05:fc:3a:db:61:bc:42:c0:c2:0d:f5:19:86:
         e2:d4:26:98:8b:7f:af:79:c9:33:99:af:d6:18:99:d2:25:79:
         aa:ba:3a:0c:77:54:48:8f:b8:33:23:c9:18:4c:78:66:b3:4c:
         8a:ad:83:16:34:fd:38:38:f0:dc:75:75:83:2a:08:f9:ad:5a:
         f6:1e:81:9a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICAkEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTAw
MjA3NDlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDhGNjY2NzM0NDAyOUFG
QTZCMURGRTBGN0VDRTU2QTJDM0Y1MTQ1NzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJN0NqaMU0oNLVWkqjk5oHgbZh1OU8x32AZM0qfy6wbYwF4sqM
to+bzszR8g/+59PvmH1/FrHgT/xskDlTr9b3FBVfLs0zq6ogl3DRZT0zIqI2JtqJ
1EdZcgMTGgrJ6NHnvAKwF9l8Oh4R7PtvaGCIOkVIxP2Lsm1zQXFKcdH3JdLOaA68
NRMRZRz8kJ/iBPieLRSbJIkqUYz1qAUzBBz0kFMdzP4yKSaWic0aTs23M46Wt5MC
h0m8jfz5H8i7ae01yPOhGeRvCoXMAZac4WMDfaCfIfR58CjVxbhfFFbkXBsDOHeI
pkd1CwTArIJbcHaNN9UCY9ONrgkfD39a4EX7AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUj2ZnNEApr6ax3+D37OVqLD9RRXkwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9qMlpuTkVBcHI2YXgzLUQz
N09WcUxEOVJSWGsucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
G2cwDQYJKoZIhvcNAQELBQADggEBAAN1Toq+7QxO/9+TOT0hXxz/C7DSHavz4hHL
zfOtT84uymkBemMYWZrlZ2wmK8wIQf5GQhBiJWU6RXTUoJHxlDt64fH1HGv8dTYG
f6DvKNUjIjZ1L8nC9tSw9LmQi0ImjrxKdTwnCyOFyBtDHqdUuzbIXtaKdtwiwRuX
6m14XC2CFBmAh6oAqZaUmcaUfVbHNciDceFALsd8NJO1tFcU7tVjqw5QPdj/NduM
s+05679gmCGXPq8HIY4VBfw622G8QsDCDfUZhuLUJpiLf695yTOZr9YYmdIleaq6
Ogx3VEiPuDMjyRhMeGazTIqtgxY0/Tg48Nx1dYMqCPmtWvYegZo=
-----END CERTIFICATE-----
Generated at Sun May 18 01:59:35 2025 by rpki-client