Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/9SdAITtTGVXdhklszkReFRL4Bs0.roa
File: 9SdAITtTGVXdhklszkReFRL4Bs0.roa (raw, json)
Hash identifier: ikhQUQB2UY3e0rgUpwsFgtpSGmp4ZD2n6RH/4pvDLA8=
Subject key identifier: F5:27:40:21:3B:53:19:55:DD:86:49:6C:CE:44:5E:15:12:F8:06:CD
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 460D
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/9SdAITtTGVXdhklszkReFRL4Bs0.roa
Signing time: Sat 23 Aug 2025 18:32:37 +0000
ROA not before: Sat 23 Aug 2025 18:32:37 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 134762
IP address blocks: 43.227.68.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17933 (0x460d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Aug 23 18:32:37 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=F52740213B531955DD86496CCE445E1512F806CD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:3e:5c:dc:52:6c:d6:d5:e0:47:69:73:d1:04:
1f:68:3c:21:9f:5a:34:cd:9d:a9:89:d0:23:48:3c:
bb:1d:12:f1:45:9d:aa:49:5b:1d:69:8d:b1:41:fe:
7d:2c:21:13:d1:b8:d1:66:10:4e:a9:15:20:d8:0a:
f3:be:df:4c:f1:5d:61:08:27:ce:28:b4:bc:1d:61:
98:99:fa:2d:c6:27:77:c9:aa:e0:d3:41:70:d5:be:
14:c2:f3:ce:c5:e7:f0:38:2d:65:6a:45:91:b1:6d:
f1:c2:d9:13:0b:45:27:c0:30:64:0a:75:f7:da:39:
94:4b:2b:71:66:40:e5:2b:ad:7b:23:04:dc:c4:66:
d0:e2:86:da:29:31:69:d2:39:09:f8:21:12:39:e3:
82:3f:ea:29:fa:b5:66:74:d7:a0:32:9a:59:03:84:
c5:cb:c3:c0:91:01:7d:5d:62:f1:ec:3b:a1:4b:fe:
e4:b4:9e:9c:5c:ec:67:4b:f2:9c:df:d3:df:c8:4e:
f9:da:a9:9c:b6:d0:9c:3b:29:e0:6c:cc:b7:da:d3:
81:50:a9:25:c9:01:97:06:7a:ac:fd:46:49:ad:b4:
f1:40:3d:4f:fe:c4:65:3b:5b:26:a0:c3:04:11:5c:
37:88:36:2e:b8:42:85:ed:91:fc:ea:40:eb:5f:72:
02:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:27:40:21:3B:53:19:55:DD:86:49:6C:CE:44:5E:15:12:F8:06:CD
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/9SdAITtTGVXdhklszkReFRL4Bs0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.227.68.0/24
Signature Algorithm: sha256WithRSAEncryption
52:5b:30:59:39:7b:2c:79:f7:29:73:64:74:bf:da:bb:b7:80:
f6:8f:93:51:50:05:ba:34:f0:ff:09:1f:ab:dd:ac:14:d3:40:
f2:e5:e1:77:d7:b8:eb:98:f2:59:90:5b:1d:81:69:34:dd:96:
b1:ca:2c:d9:98:b5:45:c9:6d:76:04:e2:e1:5a:ce:29:dc:0c:
ac:8f:5e:84:aa:ef:1e:54:82:e0:7f:32:2d:79:73:3c:ff:b4:
11:85:a1:96:2a:b5:d5:d6:f6:44:40:6a:0b:e9:01:bb:0d:39:
a4:3b:9f:47:03:07:61:a8:44:18:0e:8c:d0:83:1c:14:19:b4:
ac:a2:5e:02:59:99:aa:8b:ca:c7:ac:ff:38:af:ad:59:34:0d:
20:e6:38:de:a2:b1:06:f9:65:22:57:3a:3f:0c:0f:db:65:87:
a0:6d:54:e2:91:3f:b9:54:6a:85:f3:e5:87:17:4c:ab:fe:21:
a9:6a:17:69:13:4e:a2:03:85:1a:6b:4b:a5:25:07:b1:fa:33:
fd:46:b5:0c:41:03:d9:6e:6b:7d:eb:0f:8c:03:c8:28:8f:d2:
dc:eb:5c:79:a9:b2:4f:a0:12:aa:2c:4c:63:1f:fb:ae:2c:9d:
0a:6d:77:4d:10:0e:e4:3a:08:48:1a:91:df:13:be:ef:72:55:
69:7c:23:03
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICRg0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOEFF
NENGNzhCNDlERjBCMkMxRDI5RDMyRTQ4QTk0M0FFNEY0MUFDQzAeFw0yNTA4MjMx
ODMyMzdaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEY1Mjc0MDIxM0I1MzE5
NTVERDg2NDk2Q0NFNDQ1RTE1MTJGODA2Q0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJPlzcUmzW1eBHaXPRBB9oPCGfWjTNnamJ0CNIPLsdEvFFnapJ
Wx1pjbFB/n0sIRPRuNFmEE6pFSDYCvO+30zxXWEIJ84otLwdYZiZ+i3GJ3fJquDT
QXDVvhTC887F5/A4LWVqRZGxbfHC2RMLRSfAMGQKdffaOZRLK3FmQOUrrXsjBNzE
ZtDihtopMWnSOQn4IRI544I/6in6tWZ016AymlkDhMXLw8CRAX1dYvHsO6FL/uS0
npxc7GdL8pzf09/ITvnaqZy20Jw7KeBszLfa04FQqSXJAZcGeqz9RkmttPFAPU/+
xGU7WyagwwQRXDeINi64QoXtkfzqQOtfcgLrAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQU9SdAITtTGVXdhklszkReFRL4Bs0wHwYDVR0jBBgwFoAUiuTPeLSd8LLB0p0y
5IqUOuT0GswwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTY2
My9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2l1VFBlTFNkOExMQjBwMHk1SXFVT3VUMEdzdy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2NjMvOVNkQUlUdFRHVlhk
aGtsc3prUmVGUkw0QnMwLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEACvjRDANBgkqhkiG9w0BAQsFAAOCAQEAUlswWTl7LHn3KXNkdL/au7eA9o+T
UVAFujTw/wkfq92sFNNA8uXhd9e465jyWZBbHYFpNN2Wscos2Zi1RcltdgTi4VrO
KdwMrI9ehKrvHlSC4H8yLXlzPP+0EYWhliq11db2REBqC+kBuw05pDufRwMHYahE
GA6M0IMcFBm0rKJeAlmZqovKx6z/OK+tWTQNIOY43qKxBvllIlc6PwwP22WHoG1U
4pE/uVRqhfPlhxdMq/4hqWoXaRNOogOFGmtLpSUHsfoz/Ua1DEED2W5rfesPjAPI
KI/S3OtceamyT6ASqixMYx/7riydCm13TRAO5DoISBqR3xO+73JVaXwjAw==
-----END CERTIFICATE-----
Generated at Sun Aug 24 01:28:32 2025 by rpki-client