Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/GFadXzQVFyGUjhgN1rjzAOysTIg.roa
File: GFadXzQVFyGUjhgN1rjzAOysTIg.roa (raw, json)
Hash identifier: qxOjwVfM0ZeAT+fhuIJaICfDAEJY7yIOvOUzH3dbFf8=
Subject key identifier: 18:56:9D:5F:34:15:17:21:94:8E:18:0D:D6:B8:F3:00:EC:AC:4C:88
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1AB1
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/GFadXzQVFyGUjhgN1rjzAOysTIg.roa
Signing time: Wed 11 Jun 2025 16:09:47 +0000
ROA not before: Wed 11 Jun 2025 16:09:47 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 27.103.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6833 (0x1ab1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 11 16:09:47 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=18569D5F34151721948E180DD6B8F300ECAC4C88
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:68:71:ca:85:3b:f9:d1:de:65:88:8e:07:9c:
a3:89:12:93:56:d6:89:16:75:43:39:ab:fc:17:64:
bd:af:30:f6:12:61:a0:03:96:15:80:14:4e:6a:42:
18:18:1c:0b:5f:fb:ce:01:d6:21:18:db:ef:84:76:
e1:d5:87:a0:cc:30:55:b9:bf:61:f4:fb:87:f8:98:
d7:ae:ea:54:b2:d4:ae:89:94:66:d1:bc:dd:58:42:
6e:7f:35:7c:c2:43:f5:b3:5f:bd:23:31:c7:ba:26:
a4:38:e6:39:03:54:43:35:63:b7:8d:dd:12:67:d0:
d2:78:95:a2:97:b3:a9:e2:cc:9d:d6:97:b0:9c:62:
96:40:34:cd:4c:f7:df:ce:9d:48:71:04:c6:5b:1e:
48:06:e2:3c:04:e0:e0:30:ea:0b:42:6a:19:72:90:
59:7c:30:bf:d3:a3:fd:e7:38:e3:a5:fa:46:02:84:
9b:60:80:ad:fc:56:7f:57:5c:12:3d:1a:75:05:96:
08:0f:a8:1f:8f:ca:fb:af:ac:62:a1:21:f3:38:6f:
e2:d1:28:90:3c:c4:66:b5:97:43:86:cf:45:1a:bb:
f6:61:d1:e9:f6:b9:ec:5a:38:95:4c:99:43:2a:2b:
77:a0:09:15:38:d1:df:a8:c2:53:f2:b2:a9:66:37:
19:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:56:9D:5F:34:15:17:21:94:8E:18:0D:D6:B8:F3:00:EC:AC:4C:88
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/GFadXzQVFyGUjhgN1rjzAOysTIg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
27.103.0.0/16
Signature Algorithm: sha256WithRSAEncryption
05:99:57:8f:05:df:d3:77:66:77:a3:e9:d4:ab:b7:62:a7:93:
57:be:c5:e6:8b:6c:df:30:5c:fd:c3:13:e9:ce:4d:14:87:60:
8d:99:b8:8d:12:5d:0e:db:ad:56:ea:5d:3b:fd:2b:7c:a3:39:
ca:77:b0:41:2c:3f:98:48:75:0e:46:fa:40:f9:cd:2d:fa:bd:
a2:10:97:a0:59:38:15:4e:dc:f2:b6:11:a1:46:8c:99:ca:00:
92:47:33:e7:d6:2a:72:6d:08:a9:b9:87:17:03:9c:f8:51:79:
56:0a:dc:9d:e0:a6:2c:2c:f0:2b:97:9e:44:44:1f:91:80:21:
29:33:e8:64:f9:e8:33:2d:2d:c3:8e:4f:b6:fa:be:75:ef:1c:
61:7f:1f:6f:1f:b8:5f:b6:a3:a8:94:5d:5e:33:7a:0e:c4:20:
98:71:0f:ba:a3:80:b4:cc:f6:91:de:ab:13:51:49:8a:a7:08:
0f:b4:13:ef:7b:e2:c2:e3:2a:f0:5f:61:89:95:66:b2:06:07:
a5:65:1c:1c:9e:49:d4:97:5e:90:9c:c3:66:be:ce:be:2a:70:
94:4c:63:1a:e9:54:6d:03:70:72:8a:83:b0:c1:c9:23:a9:cd:
7b:53:ef:2e:d9:cf:ac:9e:08:df:02:35:66:8c:5d:31:d2:7a:
f8:88:a5:bb
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICGrEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTEx
NjA5NDdaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDE4NTY5RDVGMzQxNTE3
MjE5NDhFMTgwREQ2QjhGMzAwRUNBQzRDODgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDwaHHKhTv50d5liI4HnKOJEpNW1okWdUM5q/wXZL2vMPYSYaAD
lhWAFE5qQhgYHAtf+84B1iEY2++EduHVh6DMMFW5v2H0+4f4mNeu6lSy1K6JlGbR
vN1YQm5/NXzCQ/WzX70jMce6JqQ45jkDVEM1Y7eN3RJn0NJ4laKXs6nizJ3Wl7Cc
YpZANM1M99/OnUhxBMZbHkgG4jwE4OAw6gtCahlykFl8ML/To/3nOOOl+kYChJtg
gK38Vn9XXBI9GnUFlggPqB+PyvuvrGKhIfM4b+LRKJA8xGa1l0OGz0Uau/Zh0en2
uexaOJVMmUMqK3egCRU40d+owlPysqlmNxlfAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUGFadXzQVFyGUjhgN1rjzAOysTIgwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9HRmFkWHpRVkZ5R1VqaGdO
MXJqekFPeXNUSWcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
G2cwDQYJKoZIhvcNAQELBQADggEBAAWZV48F39N3Znej6dSrt2Knk1e+xeaLbN8w
XP3DE+nOTRSHYI2ZuI0SXQ7brVbqXTv9K3yjOcp3sEEsP5hIdQ5G+kD5zS36vaIQ
l6BZOBVO3PK2EaFGjJnKAJJHM+fWKnJtCKm5hxcDnPhReVYK3J3gpiws8CuXnkRE
H5GAISkz6GT56DMtLcOOT7b6vnXvHGF/H28fuF+2o6iUXV4zeg7EIJhxD7qjgLTM
9pHeqxNRSYqnCA+0E+974sLjKvBfYYmVZrIGB6VlHByeSdSXXpCcw2a+zr4qcJRM
YxrpVG0DcHKKg7DBySOpzXtT7y7Zz6yeCN8CNWaMXTHSeviIpbs=
-----END CERTIFICATE-----
Generated at Sat Jun 21 15:00:28 2025 by rpki-client