Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/oZAbcG9Qh79hq5CEt7XaFt2iVwo.roa
File: oZAbcG9Qh79hq5CEt7XaFt2iVwo.roa (raw, json)
Hash identifier: 4FaRa9FQkcvT1I1KTSFRWN7boGi/bs+uuC2cbSpRh/o=
Subject key identifier: A1:90:1B:70:6F:50:87:BF:61:AB:90:84:B7:B5:DA:16:DD:A2:57:0A
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 0415
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/oZAbcG9Qh79hq5CEt7XaFt2iVwo.roa
Signing time: Mon 12 May 2025 12:37:59 +0000
ROA not before: Mon 12 May 2025 12:37:59 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 27.103.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1045 (0x415)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: May 12 12:37:59 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=A1901B706F5087BF61AB9084B7B5DA16DDA2570A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:48:05:a7:3e:38:23:d0:0b:7f:91:cc:89:48:
d4:2f:eb:16:e7:29:cd:75:2a:ac:28:0a:ed:71:ff:
c4:c3:82:05:3c:36:4b:ba:68:9a:00:4a:37:42:65:
62:21:ef:5c:b2:1a:1d:6f:6a:55:ca:9c:48:53:0f:
c9:22:c3:d9:ba:12:d0:1f:d5:eb:d0:c5:aa:0c:93:
36:3c:ae:1d:5d:ea:40:ff:4f:b1:0b:1a:5b:8e:93:
eb:a0:20:34:96:dc:29:06:01:f6:da:ac:44:2b:35:
06:00:b0:c4:bc:7f:de:03:9d:54:c0:93:99:a1:a0:
ea:b3:59:ae:7c:e6:e5:9a:43:27:f3:de:e9:e3:9c:
2e:6f:29:02:7f:82:e8:bd:70:ce:b6:58:f5:12:a6:
62:69:9a:f8:2b:ad:bb:8c:2a:26:37:8e:ba:60:cc:
d6:32:fa:0c:14:17:7a:ed:06:07:69:b6:b3:a6:6a:
51:b7:26:01:a1:68:e1:ce:2a:44:07:a4:c4:a9:a1:
8a:27:7b:67:19:f0:46:00:41:70:1a:c6:02:b9:98:
6e:26:e8:61:95:3b:b0:31:5f:3e:d5:f2:86:ba:68:
cb:ef:0c:75:f4:0b:c2:62:b4:11:36:92:9b:76:5d:
2f:76:9f:ff:47:e9:fb:c3:45:ca:8d:b2:ea:64:dc:
5b:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:90:1B:70:6F:50:87:BF:61:AB:90:84:B7:B5:DA:16:DD:A2:57:0A
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/oZAbcG9Qh79hq5CEt7XaFt2iVwo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
27.103.0.0/16
Signature Algorithm: sha256WithRSAEncryption
74:48:aa:e8:b9:74:79:b8:56:80:b1:c7:a5:ea:a0:1f:d5:41:
a9:50:1a:55:c8:48:07:d5:20:5e:94:92:d9:64:34:ab:e4:bb:
89:20:c1:31:20:d2:2b:c7:60:8d:aa:72:fc:77:25:ce:60:5d:
ec:af:08:e0:4e:99:6d:7d:c9:9b:2d:a1:66:e1:86:0d:4b:23:
a4:aa:73:af:07:c8:75:de:7d:16:0e:be:9a:10:4b:02:5d:a3:
0e:71:fb:3d:70:8c:9c:83:5d:ee:2d:78:a6:48:45:56:66:61:
03:11:79:ca:47:20:d4:64:ac:4b:52:b9:2e:7b:54:89:87:fa:
b8:ed:dc:d1:d8:87:5e:bc:ac:ca:63:ef:29:d5:ac:78:20:53:
ee:3a:ba:55:e8:40:61:91:b9:6f:22:61:8f:88:2b:cb:24:4d:
0c:55:31:15:5b:7d:ae:e6:c2:5f:bb:2a:87:93:22:7b:f6:6a:
2a:79:50:84:a6:e1:27:68:94:1d:f3:7f:e8:39:2d:ed:f2:63:
ee:b8:c4:c4:f0:55:9f:63:e8:67:c1:9a:cb:61:74:8a:0e:82:
17:89:46:a3:5d:65:29:e1:11:d3:d4:68:06:c2:ad:ef:7b:4a:
9e:a2:18:3b:d5:2d:ee:46:8a:4e:2c:88:d2:a4:6a:b3:3c:81:
46:a4:76:17
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBBUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA1MTIx
MjM3NTlaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKEExOTAxQjcwNkY1MDg3
QkY2MUFCOTA4NEI3QjVEQTE2RERBMjU3MEEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDWSAWnPjgj0At/kcyJSNQv6xbnKc11KqwoCu1x/8TDggU8Nku6
aJoASjdCZWIh71yyGh1valXKnEhTD8kiw9m6EtAf1evQxaoMkzY8rh1d6kD/T7EL
GluOk+ugIDSW3CkGAfbarEQrNQYAsMS8f94DnVTAk5mhoOqzWa585uWaQyfz3unj
nC5vKQJ/gui9cM62WPUSpmJpmvgrrbuMKiY3jrpgzNYy+gwUF3rtBgdptrOmalG3
JgGhaOHOKkQHpMSpoYone2cZ8EYAQXAaxgK5mG4m6GGVO7AxXz7V8oa6aMvvDHX0
C8JitBE2kpt2XS92n/9H6fvDRcqNsupk3FsRAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUoZAbcG9Qh79hq5CEt7XaFt2iVwowHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9vWkFiY0c5UWg3OWhxNUNF
dDdYYUZ0MmlWd28ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
G2cwDQYJKoZIhvcNAQELBQADggEBAHRIqui5dHm4VoCxx6XqoB/VQalQGlXISAfV
IF6UktlkNKvku4kgwTEg0ivHYI2qcvx3Jc5gXeyvCOBOmW19yZstoWbhhg1LI6Sq
c68HyHXefRYOvpoQSwJdow5x+z1wjJyDXe4teKZIRVZmYQMRecpHINRkrEtSuS57
VImH+rjt3NHYh168rMpj7ynVrHggU+46ulXoQGGRuW8iYY+IK8skTQxVMRVbfa7m
wl+7KoeTInv2aip5UISm4SdolB3zf+g5Le3yY+64xMTwVZ9j6GfBmsthdIoOgheJ
RqNdZSnhEdPUaAbCre97Sp6iGDvVLe5Gik4siNKkarM8gUakdhc=
-----END CERTIFICATE-----
Generated at Fri Jun 20 21:32:16 2025 by rpki-client