Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/D6PqpPIuTXoDcXqXd8ebgfWoxAk.roa
File: D6PqpPIuTXoDcXqXd8ebgfWoxAk.roa (raw, json)
Hash identifier: 7m1iUuSPmUcC1IFTSpWWAM4+iByplDgIOurhyP+JmSg=
Subject key identifier: 0F:A3:EA:A4:F2:2E:4D:7A:03:71:7A:97:77:C7:9B:81:F5:A8:C4:09
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0DA1
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/D6PqpPIuTXoDcXqXd8ebgfWoxAk.roa
Signing time: Sun 25 May 2025 06:08:32 +0000
ROA not before: Sun 25 May 2025 06:08:32 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 27.103.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3489 (0xda1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 25 06:08:32 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=0FA3EAA4F22E4D7A03717A9777C79B81F5A8C409
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:d7:29:36:cd:51:f6:e7:e2:fb:25:72:73:c0:
7b:6d:47:fe:d5:c9:a9:74:f4:44:30:4b:27:21:86:
0a:d4:39:c1:ee:2b:aa:92:a6:f2:a8:7e:32:2e:30:
1b:49:67:a8:35:b7:d9:2c:fa:c5:70:c3:4a:27:ab:
d0:94:1f:d5:41:f1:e8:be:32:7b:45:bc:69:cd:d8:
96:5b:b6:85:18:e2:6f:08:90:b4:27:30:c6:39:2d:
79:c8:6b:9d:e9:b8:f5:2c:76:90:1d:57:d6:2a:58:
c0:04:ed:e2:81:43:b7:c9:28:0d:00:4a:33:19:a4:
0d:4d:f4:57:b0:d7:58:23:08:25:16:e3:ff:4e:01:
41:da:d9:25:a4:68:51:c0:e0:93:ee:5b:1c:35:24:
9f:18:c0:83:79:80:e9:43:67:96:ce:9f:a2:4c:36:
b6:c8:d4:ce:a7:04:45:3f:82:b9:02:a7:d1:1a:4e:
b1:30:4f:c5:0f:e1:86:eb:d9:aa:2a:24:e4:88:98:
4c:70:6a:e2:3c:f8:44:33:92:ba:58:eb:03:49:b5:
e5:69:7d:1a:8e:24:06:84:ab:77:42:fc:dc:75:08:
8b:ee:bc:86:22:c8:17:98:b1:e1:86:fb:74:d2:c9:
14:a0:ca:4c:c5:5c:e5:a3:af:bc:d2:2b:49:84:41:
a1:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:A3:EA:A4:F2:2E:4D:7A:03:71:7A:97:77:C7:9B:81:F5:A8:C4:09
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/D6PqpPIuTXoDcXqXd8ebgfWoxAk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
27.103.0.0/16
Signature Algorithm: sha256WithRSAEncryption
01:05:54:fe:68:71:bc:95:75:65:6f:44:49:9f:96:a2:30:05:
e7:71:06:35:a3:ba:86:24:4c:1b:15:a1:5a:55:c4:05:29:6b:
bd:4a:9b:53:37:e9:1a:f1:61:9c:4b:bf:a2:b1:3f:cd:88:a2:
18:29:c0:0e:f1:71:35:7a:6a:56:4e:0d:31:90:7c:09:9c:08:
bc:d5:95:c3:8a:47:48:3b:ff:01:8e:56:c8:94:00:d7:ac:b1:
d7:13:1a:87:84:22:20:1f:9b:96:64:d1:06:b4:95:72:c2:8f:
4a:89:ca:93:a8:7c:d2:c2:00:71:a2:1d:91:f0:4a:01:0d:ed:
61:23:53:1a:ae:82:6a:2d:93:5c:04:b6:ce:2f:e5:3a:4b:e1:
48:de:cc:15:86:2c:59:d7:7b:91:58:37:5d:7a:ff:aa:27:62:
61:f1:ad:a2:9a:1f:9a:24:3e:40:0f:e2:9a:1c:23:94:82:07:
c0:e5:23:e2:b9:1f:a3:98:87:2a:6e:08:8d:a2:90:3e:2a:bf:
fd:de:f7:69:9a:73:22:75:a5:d6:a9:10:2c:18:84:25:0f:68:
62:3b:0c:c7:22:ff:8c:21:1d:47:b5:6a:f1:d7:57:cb:75:32:
62:03:14:8b:43:b0:43:1c:84:a7:70:b3:93:e9:fd:18:0d:5a:
f5:c2:4e:09
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICDaEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MjUw
NjA4MzJaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDBGQTNFQUE0RjIyRTRE
N0EwMzcxN0E5Nzc3Qzc5QjgxRjVBOEM0MDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDG1yk2zVH25+L7JXJzwHttR/7Vyal09EQwSychhgrUOcHuK6qS
pvKofjIuMBtJZ6g1t9ks+sVww0onq9CUH9VB8ei+MntFvGnN2JZbtoUY4m8IkLQn
MMY5LXnIa53puPUsdpAdV9YqWMAE7eKBQ7fJKA0ASjMZpA1N9Few11gjCCUW4/9O
AUHa2SWkaFHA4JPuWxw1JJ8YwIN5gOlDZ5bOn6JMNrbI1M6nBEU/grkCp9EaTrEw
T8UP4Ybr2aoqJOSImExwauI8+EQzkrpY6wNJteVpfRqOJAaEq3dC/Nx1CIvuvIYi
yBeYseGG+3TSyRSgykzFXOWjr7zSK0mEQaH1AgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUD6PqpPIuTXoDcXqXd8ebgfWoxAkwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9ENlBxcFBJdVRYb0RjWHFY
ZDhlYmdmV294QWsucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
G2cwDQYJKoZIhvcNAQELBQADggEBAAEFVP5ocbyVdWVvREmflqIwBedxBjWjuoYk
TBsVoVpVxAUpa71Km1M36RrxYZxLv6KxP82IohgpwA7xcTV6alZODTGQfAmcCLzV
lcOKR0g7/wGOVsiUANessdcTGoeEIiAfm5Zk0Qa0lXLCj0qJypOofNLCAHGiHZHw
SgEN7WEjUxqugmotk1wEts4v5TpL4UjezBWGLFnXe5FYN116/6onYmHxraKaH5ok
PkAP4pocI5SCB8DlI+K5H6OYhypuCI2ikD4qv/3e92macyJ1pdapECwYhCUPaGI7
DMci/4whHUe1avHXV8t1MmIDFItDsEMchKdws5Pp/RgNWvXCTgk=
-----END CERTIFICATE-----
Generated at Sat Jun 21 20:04:40 2025 by rpki-client