Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/Y_9WFk5vOaVJefuid58g_r8qIGk.roa
File: Y_9WFk5vOaVJefuid58g_r8qIGk.roa (raw, json)
Hash identifier: fam+P+fiwxlYd5NXlmoVnC6ngLeoagZNqf08AgH/Tkk=
Subject key identifier: 63:FF:56:16:4E:6F:39:A5:49:79:FB:A2:77:9F:20:FE:BF:2A:20:69
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1C4D
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Y_9WFk5vOaVJefuid58g_r8qIGk.roa
Signing time: Fri 13 Jun 2025 19:39:55 +0000
ROA not before: Fri 13 Jun 2025 19:39:55 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 27.103.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7245 (0x1c4d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 13 19:39:55 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=63FF56164E6F39A54979FBA2779F20FEBF2A2069
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:a6:76:ac:97:51:ca:a3:3a:8c:c1:e0:f9:3b:
ca:79:94:1d:ad:ba:8a:1e:3c:62:ca:71:4f:fd:6b:
85:17:2a:a1:d0:be:47:0c:e3:f9:d6:3f:5a:fb:3c:
bf:23:bf:0e:ec:43:14:e1:a9:a6:6d:0b:b3:3c:15:
1c:24:a0:49:f2:49:e7:db:98:51:a6:12:7e:e1:f3:
92:1a:76:1b:1f:f6:82:66:27:a7:45:e6:17:da:49:
9b:bd:59:9f:8a:10:b8:36:f1:9b:b2:1b:44:e0:e4:
d6:c6:d8:f4:77:c5:2f:1d:67:51:ae:45:8c:62:ae:
67:70:1a:ad:28:64:ec:50:0b:5e:2d:2d:6f:ad:5f:
2c:3f:47:a4:a1:1c:a8:45:5c:f3:c0:88:94:48:6b:
a9:b4:0a:c6:59:a4:ed:df:0e:f9:36:2b:1d:62:1c:
de:b0:59:8e:9b:07:5a:55:8e:98:04:f8:52:28:4d:
df:e4:f1:8b:e5:11:26:b9:a4:0b:ef:1e:79:d1:8d:
e2:dd:b3:3a:a4:db:49:b9:c1:62:f4:4f:b9:0a:f1:
2b:32:8f:2c:f2:4f:94:30:c3:63:76:d5:e8:60:c9:
07:c8:c7:0d:23:fd:8f:c1:ad:69:3c:ce:26:ea:5d:
d1:be:9f:3d:25:12:70:0f:21:f8:9d:52:a1:e0:d8:
7d:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:FF:56:16:4E:6F:39:A5:49:79:FB:A2:77:9F:20:FE:BF:2A:20:69
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/Y_9WFk5vOaVJefuid58g_r8qIGk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
27.103.0.0/16
Signature Algorithm: sha256WithRSAEncryption
48:24:b0:a4:31:bc:dd:5c:16:97:f4:37:4c:4c:2e:c0:4e:9d:
3c:c0:97:98:c5:bb:51:ad:91:44:8d:92:bc:66:43:7c:9a:5e:
7d:4a:b8:b1:6c:29:ad:10:88:87:a8:27:20:6c:63:ed:14:26:
d5:84:71:97:cb:09:ca:6d:c4:b6:6a:d0:97:71:a2:28:de:2b:
51:b0:90:a6:93:f8:08:e3:45:43:73:47:11:ea:41:6e:1f:3d:
e8:bb:e0:e7:f6:a0:27:fe:34:bd:3d:e4:97:d7:16:18:d8:52:
c6:23:e2:3d:bb:8a:2b:ef:17:94:41:05:b5:1c:4f:63:cf:f5:
55:45:98:aa:9f:43:d1:01:b3:f6:13:46:4d:d1:fa:d1:a6:84:
41:6c:fb:78:0e:74:51:6e:34:25:3e:b9:3c:78:cc:7c:f1:29:
6b:f0:1e:58:8d:f9:f7:70:17:16:51:a8:92:35:2b:9f:96:25:
07:d6:76:c9:ba:11:58:2e:df:8a:24:c7:23:8c:fd:4b:34:b7:
c0:63:5b:ce:93:24:39:b4:38:da:66:5a:a5:e4:ac:43:db:c2:
4b:89:55:fb:02:b5:c9:9d:0e:35:01:19:ca:c4:17:39:af:c0:
f6:fe:7e:e6:db:a8:83:d2:cb:01:f6:f2:1f:8d:d0:47:93:7a:
e5:14:87:2d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHE0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTMx
OTM5NTVaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDYzRkY1NjE2NEU2RjM5
QTU0OTc5RkJBMjc3OUYyMEZFQkYyQTIwNjkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDApnasl1HKozqMweD5O8p5lB2tuooePGLKcU/9a4UXKqHQvkcM
4/nWP1r7PL8jvw7sQxThqaZtC7M8FRwkoEnySefbmFGmEn7h85Iadhsf9oJmJ6dF
5hfaSZu9WZ+KELg28ZuyG0Tg5NbG2PR3xS8dZ1GuRYxirmdwGq0oZOxQC14tLW+t
Xyw/R6ShHKhFXPPAiJRIa6m0CsZZpO3fDvk2Kx1iHN6wWY6bB1pVjpgE+FIoTd/k
8YvlESa5pAvvHnnRjeLdszqk20m5wWL0T7kK8SsyjyzyT5Qww2N21ehgyQfIxw0j
/Y/BrWk8zibqXdG+nz0lEnAPIfidUqHg2H0JAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUY/9WFk5vOaVJefuid58g/r8qIGkwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9ZXzlXRms1dk9hVkplZnVp
ZDU4Z19yOHFJR2sucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
G2cwDQYJKoZIhvcNAQELBQADggEBAEgksKQxvN1cFpf0N0xMLsBOnTzAl5jFu1Gt
kUSNkrxmQ3yaXn1KuLFsKa0QiIeoJyBsY+0UJtWEcZfLCcptxLZq0JdxoijeK1Gw
kKaT+AjjRUNzRxHqQW4fPei74Of2oCf+NL095JfXFhjYUsYj4j27iivvF5RBBbUc
T2PP9VVFmKqfQ9EBs/YTRk3R+tGmhEFs+3gOdFFuNCU+uTx4zHzxKWvwHliN+fdw
FxZRqJI1K5+WJQfWdsm6EVgu34okxyOM/Us0t8BjW86TJDm0ONpmWqXkrEPbwkuJ
VfsCtcmdDjUBGcrEFzmvwPb+fubbqIPSywH28h+N0EeTeuUUhy0=
-----END CERTIFICATE-----
Generated at Sat Jun 21 20:58:47 2025 by rpki-client