Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/QwZKguok-b8FhE9hnJbkdnKTTYU.roa
File: QwZKguok-b8FhE9hnJbkdnKTTYU.roa (raw, json)
Hash identifier: 82DU5HDkqmL/BChANtmMXhnRK94koX+hWClHdvO4uVU=
Subject key identifier: 43:06:4A:82:EA:24:F9:BF:05:84:4F:61:9C:96:E4:76:72:93:4D:85
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 86AC
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/QwZKguok-b8FhE9hnJbkdnKTTYU.roa
Signing time: Mon 20 Oct 2025 03:35:13 +0000
ROA not before: Mon 20 Oct 2025 03:35:13 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 134762
IP address blocks: 43.226.72.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 34476 (0x86ac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Oct 20 03:35:13 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=43064A82EA24F9BF05844F619C96E47672934D85
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:68:86:fc:55:10:43:05:d9:89:9c:c8:0a:60:
13:70:07:5c:9b:d5:fc:6c:43:b8:ef:48:6a:67:c9:
cf:c4:82:93:8e:22:aa:d7:76:bc:22:9a:1d:e8:bd:
ae:a0:02:50:67:78:53:5b:f1:1f:86:ee:71:86:58:
d3:24:64:d5:26:8c:ba:ec:5c:bc:fa:e7:82:88:bc:
43:45:3a:9a:5b:80:68:9c:bc:35:39:d0:4c:5d:98:
69:0a:ae:ee:d8:27:28:6b:da:7c:e6:db:f1:71:40:
61:d6:aa:87:f7:4e:53:16:f8:29:f2:02:3e:bb:8f:
0b:9e:ce:de:ee:d6:f1:cd:1d:ae:2e:1a:8d:1a:b9:
bc:53:ea:54:e1:2b:2a:0b:7a:c5:e7:4b:25:4c:a2:
81:9c:57:70:31:09:74:2a:b5:b5:99:bc:64:ee:71:
a9:63:44:0b:c0:3f:5f:1a:ba:39:21:b3:9e:47:59:
b9:55:78:b6:2c:0c:6e:cf:ad:87:ad:99:e3:05:a0:
2b:ad:63:69:ce:17:79:33:b3:1d:5b:c6:c9:aa:a0:
15:5a:cf:50:8c:6e:e7:1c:44:5a:e9:ca:17:73:28:
5d:25:4a:73:ed:04:77:ee:37:11:21:e6:fc:99:80:
c6:6f:47:9b:43:64:e6:ce:b5:ac:82:a1:e1:d6:99:
09:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:06:4A:82:EA:24:F9:BF:05:84:4F:61:9C:96:E4:76:72:93:4D:85
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/QwZKguok-b8FhE9hnJbkdnKTTYU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.226.72.0/22
Signature Algorithm: sha256WithRSAEncryption
9a:4a:86:0f:72:a2:6e:66:0a:8a:5f:9c:94:e6:0a:54:2b:bd:
ce:18:4e:b5:e0:87:51:34:bc:dd:af:48:4f:91:f7:5a:42:25:
ab:0f:f9:db:55:2f:46:06:e1:54:c9:2e:c0:e5:66:6a:66:24:
8b:c5:c3:e3:86:a2:d0:c4:e6:aa:b6:e3:99:6e:a4:1b:5a:dc:
82:58:36:c4:00:d0:77:34:2d:9d:d7:2b:ae:d0:14:89:55:a1:
10:37:de:ac:1e:8d:58:5b:7b:02:84:2f:3d:78:87:cb:11:d2:
d2:99:a4:54:6e:ec:2c:69:8d:6f:f1:96:e6:02:e5:95:39:b0:
e1:9e:b7:1f:45:d0:47:80:84:8a:f3:11:97:ca:07:6b:e5:4a:
62:aa:3a:24:00:10:6a:d6:d8:e3:10:d1:65:76:39:f6:55:c0:
30:05:5b:c4:3e:93:35:bc:b3:f1:f0:c9:2b:ac:aa:bf:d7:61:
30:42:35:9d:16:7c:d7:a2:5e:87:bf:6c:7c:8c:02:30:a3:a6:
15:93:2d:33:1c:af:b2:83:0f:e5:8e:c8:87:d3:ad:44:54:9e:
2f:13:36:6b:81:d5:39:f1:54:6b:30:a7:04:b4:aa:02:de:d8:
11:fa:2e:30:52:90:fd:64:ad:47:ed:53:2b:23:30:31:95:7c:
02:9d:de:86
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIDAIasMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDhB
RTRDRjc4QjQ5REYwQjJDMUQyOUQzMkU0OEE5NDNBRTRGNDFBQ0MwHhcNMjUxMDIw
MDMzNTEzWhcNMjYwODAzMDg0NDQwWjAzMTEwLwYDVQQDEyg0MzA2NEE4MkVBMjRG
OUJGMDU4NDRGNjE5Qzk2RTQ3NjcyOTM0RDg1MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAtmiG/FUQQwXZiZzICmATcAdcm9X8bEO470hqZ8nPxIKTjiKq
13a8Ipod6L2uoAJQZ3hTW/Efhu5xhljTJGTVJoy67Fy8+ueCiLxDRTqaW4BonLw1
OdBMXZhpCq7u2Ccoa9p85tvxcUBh1qqH905TFvgp8gI+u48Lns7e7tbxzR2uLhqN
Grm8U+pU4SsqC3rF50slTKKBnFdwMQl0KrW1mbxk7nGpY0QLwD9fGro5IbOeR1m5
VXi2LAxuz62HrZnjBaArrWNpzhd5M7MdW8bJqqAVWs9QjG7nHERa6coXcyhdJUpz
7QR37jcRIeb8mYDGb0ebQ2TmzrWsgqHh1pkJfQIDAQABo4IB8zCCAe8wHQYDVR0O
BBYEFEMGSoLqJPm/BYRPYZyW5HZyk02FMB8GA1UdIwQYMBaAFIrkz3i0nfCywdKd
MuSKlDrk9BrMMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwXQYDVR0fBFYwVDBS
oFCgToZMcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2
NjMvaXVUUGVMU2Q4TExCMHAweTVJcVVPdVQwR3N3LmNybDBjBggrBgEFBQcBAQRX
MFUwUwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYy
RTNEMDAwMC9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY2VyMA4GA1UdDwEB
/wQEAwIHgDCBnQYIKwYBBQUHAQsEgZAwgY0wWAYIKwYBBQUHMAuGTHJzeW5jOi8v
cnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xNjYzL1F3WktndW9rLWI4
RmhFOWhuSmJrZG5LVFRZVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5j
bm5pYy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIr4kgwDQYJKoZIhvcNAQELBQADggEBAJpKhg9yom5mCopfnJTmClQrvc4Y
TrXgh1E0vN2vSE+R91pCJasP+dtVL0YG4VTJLsDlZmpmJIvFw+OGotDE5qq245lu
pBta3IJYNsQA0Hc0LZ3XK67QFIlVoRA33qwejVhbewKELz14h8sR0tKZpFRu7Cxp
jW/xluYC5ZU5sOGetx9F0EeAhIrzEZfKB2vlSmKqOiQAEGrW2OMQ0WV2OfZVwDAF
W8Q+kzW8s/HwySusqr/XYTBCNZ0WfNeiXoe/bHyMAjCjphWTLTMcr7KDD+WOyIfT
rURUni8TNmuB1TnxVGswpwS0qgLe2BH6LjBSkP1krUftUysjMDGVfAKd3oY=
-----END CERTIFICATE-----
Generated at Mon Oct 20 11:19:12 2025 by rpki-client