Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/HQns_l_YZlc-_D0ZkRcNAcTxtNE.roa
File: HQns_l_YZlc-_D0ZkRcNAcTxtNE.roa (raw, json)
Hash identifier: LgdVUkCgsknV23LqSNptNIVpvkNT6UwNrBJsAu5Snr4=
Subject key identifier: 1D:09:EC:FE:5F:D8:66:57:3E:FC:3D:19:91:17:0D:01:C4:F1:B4:D1
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 86F3
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/HQns_l_YZlc-_D0ZkRcNAcTxtNE.roa
Signing time: Mon 20 Oct 2025 09:35:15 +0000
ROA not before: Mon 20 Oct 2025 09:35:15 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 63612
IP address blocks: 103.45.128.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 34547 (0x86f3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Oct 20 09:35:15 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=1D09ECFE5FD866573EFC3D1991170D01C4F1B4D1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:39:fa:4f:07:90:57:ba:95:27:6a:46:60:4c:
53:2b:6f:47:da:bc:f5:24:f2:89:9f:3c:a0:c9:5e:
65:64:e6:3c:7f:a5:37:8d:c3:e3:ca:f1:17:a2:9c:
3f:1d:01:31:5e:cf:c2:94:9a:61:d7:d8:68:07:a6:
9d:ba:9f:b4:8b:3d:36:6e:8d:ff:59:ce:b9:a7:5a:
a9:60:f2:d5:e2:ba:12:c4:19:92:c3:8d:3c:11:ff:
dc:c0:16:ce:e9:fa:cd:db:7e:07:2a:98:55:53:c7:
dc:ef:25:a9:aa:ee:e1:37:11:54:eb:74:7b:3a:fa:
8c:f3:2c:b4:e1:b0:ab:74:b9:eb:70:66:84:d7:e2:
44:16:2f:dd:65:a0:8c:3e:af:d1:12:28:b7:e3:d0:
67:17:81:31:80:76:b7:0a:5b:ee:ea:8b:af:70:70:
a9:8b:be:c7:8f:2c:b7:4d:06:d7:f4:2d:22:89:b0:
cb:72:e9:47:23:41:97:01:85:8d:f6:b4:25:bf:03:
ff:b9:a8:03:89:d6:4e:cf:6d:2b:9b:d9:c3:ea:dc:
0f:d9:f8:6b:f5:63:56:23:95:2b:bd:b6:9e:a8:86:
1b:81:af:7e:ab:a2:64:f7:f8:6a:03:5a:c0:24:2d:
1a:ce:ae:57:13:13:a1:69:53:22:bf:34:a1:2b:5e:
6b:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:09:EC:FE:5F:D8:66:57:3E:FC:3D:19:91:17:0D:01:C4:F1:B4:D1
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/HQns_l_YZlc-_D0ZkRcNAcTxtNE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
103.45.128.0/19
Signature Algorithm: sha256WithRSAEncryption
91:d9:f5:33:ae:64:1b:37:6e:c2:dc:a3:fb:26:85:03:67:f9:
30:ca:e4:a5:9a:df:1b:a8:b8:ba:fa:b3:56:3f:c9:68:5f:c2:
6e:42:bb:ef:55:79:f9:97:61:fd:bd:c6:98:9b:d7:91:b0:28:
3b:d0:15:c4:22:18:92:f7:53:66:01:44:38:5e:5b:04:6a:b2:
37:67:bb:2e:4d:1d:ce:02:97:d0:7f:e4:27:52:93:47:12:f9:
50:2c:97:20:14:00:2f:b5:db:a7:1b:3b:4d:e8:b9:14:7e:0d:
29:da:46:b9:68:ed:a5:85:82:7a:97:dd:b5:9d:17:c6:d8:7b:
f8:cf:ba:7f:e6:e3:f0:0d:0d:40:95:ea:c5:a6:e7:d9:28:99:
e3:74:f5:ba:74:4d:36:23:3e:d6:04:fd:cf:71:00:c9:ba:c8:
e7:87:df:49:0e:06:f6:03:32:49:c4:8a:77:13:10:2d:3e:aa:
21:9d:f8:88:e4:5e:a0:70:0e:b4:3a:eb:31:0b:a5:56:45:d2:
6e:ab:32:ec:35:08:0d:c9:38:df:e3:8c:09:81:7d:04:96:18:
51:53:0a:48:0b:24:b3:04:8e:56:30:4f:fc:54:94:39:9e:a4:
ab:05:0c:7e:5e:54:01:76:57:05:78:d3:7e:b9:52:68:2f:d0:
33:1d:d6:1c
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIDAIbzMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDhB
RTRDRjc4QjQ5REYwQjJDMUQyOUQzMkU0OEE5NDNBRTRGNDFBQ0MwHhcNMjUxMDIw
MDkzNTE1WhcNMjYwODAzMDg0NDQwWjAzMTEwLwYDVQQDEygxRDA5RUNGRTVGRDg2
NjU3M0VGQzNEMTk5MTE3MEQwMUM0RjFCNEQxMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA0zn6TweQV7qVJ2pGYExTK29H2rz1JPKJnzygyV5lZOY8f6U3
jcPjyvEXopw/HQExXs/ClJph19hoB6adup+0iz02bo3/Wc65p1qpYPLV4roSxBmS
w408Ef/cwBbO6frN234HKphVU8fc7yWpqu7hNxFU63R7OvqM8yy04bCrdLnrcGaE
1+JEFi/dZaCMPq/REii349BnF4ExgHa3Clvu6ouvcHCpi77Hjyy3TQbX9C0iibDL
culHI0GXAYWN9rQlvwP/uagDidZOz20rm9nD6twP2fhr9WNWI5UrvbaeqIYbga9+
q6Jk9/hqA1rAJC0azq5XExOhaVMivzShK15rSwIDAQABo4IB8zCCAe8wHQYDVR0O
BBYEFB0J7P5f2GZXPvw9GZEXDQHE8bTRMB8GA1UdIwQYMBaAFIrkz3i0nfCywdKd
MuSKlDrk9BrMMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwXQYDVR0fBFYwVDBS
oFCgToZMcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2
NjMvaXVUUGVMU2Q4TExCMHAweTVJcVVPdVQwR3N3LmNybDBjBggrBgEFBQcBAQRX
MFUwUwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYy
RTNEMDAwMC9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY2VyMA4GA1UdDwEB
/wQEAwIHgDCBnQYIKwYBBQUHAQsEgZAwgY0wWAYIKwYBBQUHMAuGTHJzeW5jOi8v
cnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xNjYzL0hRbnNfbF9ZWmxj
LV9EMFprUmNOQWNUeHRORS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5j
bm5pYy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVnLYAwDQYJKoZIhvcNAQELBQADggEBAJHZ9TOuZBs3bsLco/smhQNn+TDK
5KWa3xuouLr6s1Y/yWhfwm5Cu+9VefmXYf29xpib15GwKDvQFcQiGJL3U2YBRDhe
WwRqsjdnuy5NHc4Cl9B/5CdSk0cS+VAslyAUAC+126cbO03ouRR+DSnaRrlo7aWF
gnqX3bWdF8bYe/jPun/m4/ANDUCV6sWm59komeN09bp0TTYjPtYE/c9xAMm6yOeH
30kOBvYDMknEincTEC0+qiGd+IjkXqBwDrQ66zELpVZF0m6rMuw1CA3JON/jjAmB
fQSWGFFTCkgLJLMEjlYwT/xUlDmepKsFDH5eVAF2VwV40365Umgv0DMd1hw=
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:26:57 2025 by rpki-client