Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/EWWhvARVefYUYaceEpy6jaAqc8k.roa
File: EWWhvARVefYUYaceEpy6jaAqc8k.roa (raw, json)
Hash identifier: xYMxiDVPljpL01z2m3jgyZMj7Oon5heimFD/UDBnH3w=
Subject key identifier: 11:65:A1:BC:04:55:79:F6:14:61:A7:1E:12:9C:BA:8D:A0:2A:73:C9
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 460B
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/EWWhvARVefYUYaceEpy6jaAqc8k.roa
Signing time: Sat 23 Aug 2025 18:32:36 +0000
ROA not before: Sat 23 Aug 2025 18:32:36 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 63612
IP address blocks: 43.227.80.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17931 (0x460b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Aug 23 18:32:36 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=1165A1BC045579F61461A71E129CBA8DA02A73C9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:a1:55:bf:67:f3:85:33:7b:68:24:d8:0b:74:
59:a7:11:0b:8c:ff:6d:24:6f:7c:13:88:bb:03:8b:
68:c9:25:45:69:3e:69:21:0d:96:1b:9c:01:9f:bd:
51:98:00:f0:a4:3f:56:e0:06:86:37:6c:63:b6:04:
73:55:d0:1b:27:56:57:e1:d3:95:4e:86:13:17:03:
54:58:7b:8f:97:8f:76:5e:1d:d0:0b:83:ef:5c:3f:
6b:f3:00:bd:10:5f:98:ba:7c:1a:85:53:89:98:27:
85:7b:b4:e3:99:6e:7b:34:d5:af:83:8a:3d:82:9d:
22:89:82:92:87:02:45:db:c4:ab:8c:c5:01:da:4d:
b8:2e:28:56:df:fd:0c:fc:7b:6b:e0:65:ec:7f:20:
e9:90:1f:36:ad:3c:dd:7e:13:43:7f:60:47:88:d1:
7d:65:21:d2:1a:ca:57:3d:e1:20:75:f6:df:c9:b8:
bc:29:ce:be:73:f8:70:0c:d6:91:e6:df:eb:dc:92:
46:c4:fc:2d:42:4e:72:d2:c6:e8:7e:82:df:04:9a:
1b:8d:c4:ba:46:80:ab:52:fc:d0:22:36:ec:28:f1:
fc:12:b6:98:3d:53:0b:89:4a:0f:cc:4b:a2:93:7a:
96:49:2e:56:26:89:4e:90:36:8d:40:b2:02:8b:e9:
02:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:65:A1:BC:04:55:79:F6:14:61:A7:1E:12:9C:BA:8D:A0:2A:73:C9
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/EWWhvARVefYUYaceEpy6jaAqc8k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.227.80.0/20
Signature Algorithm: sha256WithRSAEncryption
24:59:51:27:7f:27:02:52:5c:dc:8e:14:0f:3c:bd:89:34:8e:
25:69:e2:d4:8a:09:4a:3e:2c:5c:b8:62:5d:d9:db:32:07:5a:
c5:a6:f8:1d:aa:44:44:89:a4:4a:f2:a8:38:b3:bd:a8:53:3e:
fb:07:83:06:ae:a7:2e:d1:92:b1:fe:c8:ee:9d:a2:56:8a:77:
e8:37:5c:db:b2:0e:85:31:ad:9b:11:1e:91:ff:ca:07:d5:fc:
f9:c5:cf:2a:30:e6:21:18:8a:83:f7:1a:4f:13:f6:e7:33:de:
65:0d:a8:2c:7a:87:93:ae:b3:23:a2:b2:2a:e5:d1:65:82:09:
b9:78:73:67:08:c6:c4:5d:10:eb:d4:21:e7:ee:09:1a:1f:50:
36:33:20:67:f3:20:e5:d4:46:32:ad:a9:da:8e:6a:01:18:f0:
10:45:6e:21:20:a4:8d:bd:17:1b:7d:4a:7d:4b:a2:a7:60:6d:
cc:9e:be:70:34:13:2c:a3:c8:ed:38:34:60:9e:62:58:ba:6c:
74:5d:ba:57:7e:00:bc:1c:23:48:f2:a7:dc:73:d5:ee:69:e8:
55:4a:3c:d3:83:5c:4f:80:e7:0b:21:c6:19:55:36:21:46:b4:
b3:3c:42:a9:30:51:16:10:49:15:e5:3c:ef:77:25:41:6e:38:
88:b2:36:7b
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICRgswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOEFF
NENGNzhCNDlERjBCMkMxRDI5RDMyRTQ4QTk0M0FFNEY0MUFDQzAeFw0yNTA4MjMx
ODMyMzZaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDExNjVBMUJDMDQ1NTc5
RjYxNDYxQTcxRTEyOUNCQThEQTAyQTczQzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCzoVW/Z/OFM3toJNgLdFmnEQuM/20kb3wTiLsDi2jJJUVpPmkh
DZYbnAGfvVGYAPCkP1bgBoY3bGO2BHNV0BsnVlfh05VOhhMXA1RYe4+Xj3ZeHdAL
g+9cP2vzAL0QX5i6fBqFU4mYJ4V7tOOZbns01a+Dij2CnSKJgpKHAkXbxKuMxQHa
TbguKFbf/Qz8e2vgZex/IOmQHzatPN1+E0N/YEeI0X1lIdIaylc94SB19t/JuLwp
zr5z+HAM1pHm3+vckkbE/C1CTnLSxuh+gt8EmhuNxLpGgKtS/NAiNuwo8fwStpg9
UwuJSg/MS6KTepZJLlYmiU6QNo1AsgKL6QL9AgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUEWWhvARVefYUYaceEpy6jaAqc8kwHwYDVR0jBBgwFoAUiuTPeLSd8LLB0p0y
5IqUOuT0GswwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTY2
My9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2l1VFBlTFNkOExMQjBwMHk1SXFVT3VUMEdzdy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2NjMvRVdXaHZBUlZlZllV
WWFjZUVweTZqYUFxYzhrLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEBCvjUDANBgkqhkiG9w0BAQsFAAOCAQEAJFlRJ38nAlJc3I4UDzy9iTSOJWni
1IoJSj4sXLhiXdnbMgdaxab4HapERImkSvKoOLO9qFM++weDBq6nLtGSsf7I7p2i
Vop36Ddc27IOhTGtmxEekf/KB9X8+cXPKjDmIRiKg/caTxP25zPeZQ2oLHqHk66z
I6KyKuXRZYIJuXhzZwjGxF0Q69Qh5+4JGh9QNjMgZ/Mg5dRGMq2p2o5qARjwEEVu
ISCkjb0XG31KfUuip2BtzJ6+cDQTLKPI7Tg0YJ5iWLpsdF26V34AvBwjSPKn3HPV
7mnoVUo804NcT4DnCyHGGVU2IUa0szxCqTBRFhBJFeU873clQW44iLI2ew==
-----END CERTIFICATE-----
Generated at Sun Aug 24 02:37:21 2025 by rpki-client