Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/H4Mscz_blL8XYkpkD6DAxoq89zE.roa
File: H4Mscz_blL8XYkpkD6DAxoq89zE.roa (raw, json)
Hash identifier: qRn7PH5++DpErq72YELNJUvxsEVgYpwgJWCSN5eaoFw=
Subject key identifier: 1F:83:2C:73:3F:DB:94:BF:17:62:4A:64:0F:A0:C0:C6:8A:BC:F7:31
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1725
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/H4Mscz_blL8XYkpkD6DAxoq89zE.roa
Signing time: Fri 06 Jun 2025 22:39:28 +0000
ROA not before: Fri 06 Jun 2025 22:39:28 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 27.103.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5925 (0x1725)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 6 22:39:28 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=1F832C733FDB94BF17624A640FA0C0C68ABCF731
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:b2:e3:b7:44:46:fd:7d:5d:af:31:bc:a1:66:
26:55:ca:85:9d:10:41:30:47:68:8c:f2:eb:57:37:
72:52:40:38:f3:c5:74:c4:a1:fc:b8:16:d3:a0:da:
f3:1e:08:d1:9c:fe:70:0e:0c:ed:96:b3:06:b5:c5:
11:89:99:ab:2d:4b:af:c6:3d:5b:25:67:5f:fd:a1:
73:b7:66:6e:02:93:d8:f2:fb:35:56:8d:c1:66:35:
c9:80:9a:01:41:08:a4:d5:dd:20:19:02:78:d8:9a:
e1:c7:66:b7:8b:a3:21:18:fe:d8:0f:d8:6e:6d:43:
a5:89:23:38:64:87:d0:c5:0c:d2:10:e5:13:21:c0:
63:0d:b6:b6:d8:66:6c:60:86:aa:75:3c:4e:ca:bb:
41:06:1f:52:fe:fe:45:3a:f6:a5:7f:7d:76:c1:04:
b5:80:46:04:ca:59:93:13:c5:89:6f:2b:58:ea:c5:
45:57:04:e0:fe:10:b6:a5:48:35:f0:86:b6:ae:4d:
0b:ab:a4:fe:84:44:49:ae:e5:fe:ad:7e:50:12:16:
6b:b2:fb:c9:82:af:17:39:8a:52:38:ba:a7:3e:29:
48:1f:ff:19:65:e5:d2:57:d0:d8:68:a5:50:10:19:
9d:77:8f:24:a2:8d:46:e2:90:36:45:5e:6a:97:3d:
0f:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:83:2C:73:3F:DB:94:BF:17:62:4A:64:0F:A0:C0:C6:8A:BC:F7:31
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/H4Mscz_blL8XYkpkD6DAxoq89zE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
27.103.0.0/16
Signature Algorithm: sha256WithRSAEncryption
1d:11:ae:cd:61:88:c1:9a:68:d7:3c:ee:41:00:d3:29:29:3a:
b9:64:bf:18:c6:56:65:4c:05:8f:31:03:cf:16:52:36:94:c6:
d9:ca:89:63:5c:e9:95:30:5a:e2:57:21:cf:dd:ec:0d:5c:a7:
7a:1a:fb:34:06:0b:7a:16:6e:20:02:30:a1:a3:d6:93:7d:aa:
08:59:56:d5:c3:9f:08:01:bf:2b:8e:98:38:f3:23:a7:13:6a:
64:cb:0c:62:ac:4c:74:4d:54:09:6c:27:18:fb:67:38:b5:c3:
ac:8f:83:7e:06:fc:79:2c:02:e2:29:ba:87:f9:22:99:a9:f8:
65:af:f0:e1:25:ff:4e:e9:2c:94:94:97:e4:ea:f4:a0:c2:a2:
2e:23:5a:d8:5e:59:e3:9e:8e:6e:4b:e3:e1:b5:50:ee:8d:2d:
f2:19:0a:87:8b:c4:b7:48:d7:5e:85:4d:eb:10:61:b1:9b:fb:
cb:33:8e:d0:f7:f3:36:88:5f:c0:c3:2d:4b:4a:68:ed:a1:34:
9b:75:19:27:24:de:25:9d:48:db:88:4e:04:f0:8b:3c:bf:07:
09:14:dd:67:2c:fc:22:26:48:1f:cd:aa:46:55:55:47:96:f3:
5a:be:1a:f3:ff:f3:b0:5c:85:5e:20:7d:2e:9e:e9:69:63:d9:
93:a3:80:62
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICFyUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MDYy
MjM5MjhaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDFGODMyQzczM0ZEQjk0
QkYxNzYyNEE2NDBGQTBDMEM2OEFCQ0Y3MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDesuO3REb9fV2vMbyhZiZVyoWdEEEwR2iM8utXN3JSQDjzxXTE
ofy4FtOg2vMeCNGc/nAODO2Wswa1xRGJmastS6/GPVslZ1/9oXO3Zm4Ck9jy+zVW
jcFmNcmAmgFBCKTV3SAZAnjYmuHHZreLoyEY/tgP2G5tQ6WJIzhkh9DFDNIQ5RMh
wGMNtrbYZmxghqp1PE7Ku0EGH1L+/kU69qV/fXbBBLWARgTKWZMTxYlvK1jqxUVX
BOD+ELalSDXwhrauTQurpP6EREmu5f6tflASFmuy+8mCrxc5ilI4uqc+KUgf/xll
5dJX0NhopVAQGZ13jySijUbikDZFXmqXPQ9tAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUH4Mscz/blL8XYkpkD6DAxoq89zEwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9INE1zY3pfYmxMOFhZa3Br
RDZEQXhvcTg5ekUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
G2cwDQYJKoZIhvcNAQELBQADggEBAB0Rrs1hiMGaaNc87kEA0ykpOrlkvxjGVmVM
BY8xA88WUjaUxtnKiWNc6ZUwWuJXIc/d7A1cp3oa+zQGC3oWbiACMKGj1pN9qghZ
VtXDnwgBvyuOmDjzI6cTamTLDGKsTHRNVAlsJxj7Zzi1w6yPg34G/HksAuIpuof5
Ipmp+GWv8OEl/07pLJSUl+Tq9KDCoi4jWtheWeOejm5L4+G1UO6NLfIZCoeLxLdI
116FTesQYbGb+8szjtD38zaIX8DDLUtKaO2hNJt1GSck3iWdSNuITgTwizy/BwkU
3Wcs/CImSB/NqkZVVUeW81q+GvP/87BchV4gfS6e6Wlj2ZOjgGI=
-----END CERTIFICATE-----
Generated at Sat Jun 21 23:28:26 2025 by rpki-client