Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/HEJ6DTy64Jm1xHMNyrxg1ksFP-w.roa
File: HEJ6DTy64Jm1xHMNyrxg1ksFP-w.roa (raw, json)
Hash identifier: DaUH4N6Ykh2EVKUh+hFWVnqT6gqtXXjR8QPYprODeSA=
Subject key identifier: 1C:42:7A:0D:3C:BA:E0:99:B5:C4:73:0D:CA:BC:60:D6:4B:05:3F:EC
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 86A8
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/HEJ6DTy64Jm1xHMNyrxg1ksFP-w.roa
Signing time: Mon 20 Oct 2025 03:35:12 +0000
ROA not before: Mon 20 Oct 2025 03:35:12 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 63612
IP address blocks: 43.227.80.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 34472 (0x86a8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Oct 20 03:35:12 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=1C427A0D3CBAE099B5C4730DCABC60D64B053FEC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:5c:9d:0c:4b:42:12:b8:fa:04:96:bd:84:44:
c5:03:36:3a:29:a8:cc:af:6a:0c:e9:58:36:51:99:
14:65:2d:55:19:15:bb:84:64:11:ec:e6:ea:b6:71:
e4:f4:ed:fc:2a:df:f0:49:a5:89:57:85:4f:fe:15:
7d:a1:fa:fd:a1:32:fd:b7:e6:5c:8a:24:11:10:de:
e4:7a:09:df:38:10:9e:d3:84:2d:da:65:ac:7f:5d:
a9:fc:72:c3:b0:2f:bd:75:4b:b8:51:72:f9:d9:fc:
1d:e7:42:e5:84:65:92:88:99:7c:83:4e:bd:81:70:
b9:bd:31:0f:ea:c5:90:d9:09:b0:d9:3b:f8:d4:a0:
f2:39:fe:24:8a:b2:8d:c4:f1:cf:63:c5:a3:c8:1e:
cc:55:6c:5f:25:90:33:53:92:35:7c:9a:ab:d8:47:
46:43:4c:a3:ac:fd:74:d2:00:ee:4d:86:77:cb:6b:
de:ef:9e:00:f6:90:0a:02:3b:9f:06:03:42:e2:72:
30:71:a9:be:6f:64:d9:24:a8:3b:b7:6e:32:25:2d:
81:7e:47:09:8d:7d:0d:b5:d9:f0:cd:02:88:f7:4d:
d2:cf:97:4c:c8:be:0d:15:66:cb:69:bf:d4:f9:d3:
2d:c1:43:71:c5:60:ca:c0:f6:be:4b:71:ec:f7:92:
36:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:42:7A:0D:3C:BA:E0:99:B5:C4:73:0D:CA:BC:60:D6:4B:05:3F:EC
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/HEJ6DTy64Jm1xHMNyrxg1ksFP-w.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.227.80.0/20
Signature Algorithm: sha256WithRSAEncryption
76:94:8d:a5:5b:6c:12:89:ec:a0:c8:2d:59:0d:2b:43:ec:b7:
9c:e4:bc:cd:4a:d5:7d:65:a4:2d:cc:cb:c9:ff:44:04:5d:3c:
b5:a1:a4:55:c1:4c:e2:07:49:d9:2d:f5:2b:66:de:17:fa:f8:
bb:2f:84:e8:24:69:30:61:79:64:4e:13:53:9f:62:47:ff:34:
a5:4f:69:8e:1f:6e:a5:ed:51:50:0f:84:b1:7f:83:97:21:34:
32:0c:ab:3c:84:fd:ac:0f:92:88:d8:4f:5b:3d:b9:07:33:52:
71:a1:3a:35:97:5f:4e:d3:41:01:bd:c7:f7:64:f6:57:ea:fd:
bc:d1:b2:bd:f7:81:86:80:01:ab:d6:b1:0a:d1:ee:79:67:97:
9f:4f:ed:8f:be:93:47:6e:a1:ac:70:e8:21:39:d3:87:22:cc:
61:9e:2c:d1:91:32:ea:1c:2f:64:17:4e:37:67:34:23:75:97:
73:c2:7b:83:0c:82:24:17:a4:d0:ba:48:19:09:8c:c9:26:6f:
ed:2f:4f:79:f3:0e:25:25:a3:e3:0b:43:71:4b:bb:89:de:54:
87:d1:3c:95:ef:7f:20:54:38:65:f7:e1:ee:09:40:d5:17:01:
39:b2:70:c4:2f:72:70:3e:ea:c4:87:e2:2f:b1:5b:b0:4d:21:
b4:6d:bd:46
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIDAIaoMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDhB
RTRDRjc4QjQ5REYwQjJDMUQyOUQzMkU0OEE5NDNBRTRGNDFBQ0MwHhcNMjUxMDIw
MDMzNTEyWhcNMjYwODAzMDg0NDQwWjAzMTEwLwYDVQQDEygxQzQyN0EwRDNDQkFF
MDk5QjVDNDczMERDQUJDNjBENjRCMDUzRkVDMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAwFydDEtCErj6BJa9hETFAzY6KajMr2oM6Vg2UZkUZS1VGRW7
hGQR7ObqtnHk9O38Kt/wSaWJV4VP/hV9ofr9oTL9t+ZciiQREN7kegnfOBCe04Qt
2mWsf12p/HLDsC+9dUu4UXL52fwd50LlhGWSiJl8g069gXC5vTEP6sWQ2Qmw2Tv4
1KDyOf4kirKNxPHPY8WjyB7MVWxfJZAzU5I1fJqr2EdGQ0yjrP100gDuTYZ3y2ve
754A9pAKAjufBgNC4nIwcam+b2TZJKg7t24yJS2BfkcJjX0NtdnwzQKI903Sz5dM
yL4NFWbLab/U+dMtwUNxxWDKwPa+S3Hs95I2PwIDAQABo4IB8zCCAe8wHQYDVR0O
BBYEFBxCeg08uuCZtcRzDcq8YNZLBT/sMB8GA1UdIwQYMBaAFIrkz3i0nfCywdKd
MuSKlDrk9BrMMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwXQYDVR0fBFYwVDBS
oFCgToZMcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2
NjMvaXVUUGVMU2Q4TExCMHAweTVJcVVPdVQwR3N3LmNybDBjBggrBgEFBQcBAQRX
MFUwUwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYy
RTNEMDAwMC9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY2VyMA4GA1UdDwEB
/wQEAwIHgDCBnQYIKwYBBQUHAQsEgZAwgY0wWAYIKwYBBQUHMAuGTHJzeW5jOi8v
cnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xNjYzL0hFSjZEVHk2NEpt
MXhITU55cnhnMWtzRlAtdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5j
bm5pYy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQr41AwDQYJKoZIhvcNAQELBQADggEBAHaUjaVbbBKJ7KDILVkNK0Pst5zk
vM1K1X1lpC3My8n/RARdPLWhpFXBTOIHSdkt9Stm3hf6+LsvhOgkaTBheWROE1Of
Ykf/NKVPaY4fbqXtUVAPhLF/g5chNDIMqzyE/awPkojYT1s9uQczUnGhOjWXX07T
QQG9x/dk9lfq/bzRsr33gYaAAavWsQrR7nlnl59P7Y++k0duoaxw6CE504cizGGe
LNGRMuocL2QXTjdnNCN1l3PCe4MMgiQXpNC6SBkJjMkmb+0vT3nzDiUlo+MLQ3FL
u4neVIfRPJXvfyBUOGX34e4JQNUXATmycMQvcnA+6sSH4i+xW7BNIbRtvUY=
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:42:35 2025 by rpki-client