Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/Vl2yvD1UAgDdbUaPfygLhhH2ohE.roa
File: Vl2yvD1UAgDdbUaPfygLhhH2ohE.roa (raw, json)
Hash identifier: L90K8Ar0RipzSKfxfntNlpIKWHrBcunfTt84RnLUVwU=
Subject key identifier: 56:5D:B2:BC:3D:54:02:00:DD:6D:46:8F:7F:28:0B:86:11:F6:A2:11
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 4678
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/Vl2yvD1UAgDdbUaPfygLhhH2ohE.roa
Signing time: Sun 24 Aug 2025 03:32:41 +0000
ROA not before: Sun 24 Aug 2025 03:32:41 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 134762
IP address blocks: 43.226.49.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18040 (0x4678)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Aug 24 03:32:41 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=565DB2BC3D540200DD6D468F7F280B8611F6A211
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:96:99:76:29:3f:c3:cf:52:47:a8:f7:ef:7a:
c8:57:8c:9d:17:2e:93:05:eb:76:25:ae:17:97:e2:
84:bf:ce:55:87:cf:03:35:bf:9c:a8:68:d4:15:97:
5f:96:ae:ff:9f:1a:1e:50:a8:ed:f9:56:2d:e4:65:
15:fd:a9:e8:c9:a4:0b:b5:48:39:39:5b:a7:3c:70:
e5:82:6e:0c:92:35:f2:d8:b8:38:58:e2:1d:b3:50:
24:6f:88:32:c3:f1:b8:75:29:a4:9b:02:90:a3:97:
3c:af:9a:38:97:5a:e9:1a:31:56:4c:e0:4c:af:93:
09:da:ae:30:f2:f8:8b:a1:91:cc:67:e2:3c:8e:8e:
24:7a:1d:8f:e4:7c:54:2b:48:fa:a8:0f:04:1c:71:
cb:b4:0e:65:9e:3a:be:62:16:38:87:a2:9c:7a:bb:
4d:c9:e1:e5:d3:60:64:0e:d6:3d:ea:88:dd:e1:b4:
c4:a2:a2:87:33:43:c2:ca:7b:7e:fa:f6:29:e2:21:
ed:64:70:8e:39:c0:48:52:44:58:c9:d5:6a:c2:95:
74:83:be:f3:3f:66:03:af:a9:60:ba:60:cf:74:b7:
b8:43:3e:2c:ed:bf:0b:82:c6:51:d4:15:d7:9a:b2:
15:10:6e:c3:33:2b:e9:dd:75:c2:ef:77:5f:1c:57:
b9:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:5D:B2:BC:3D:54:02:00:DD:6D:46:8F:7F:28:0B:86:11:F6:A2:11
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/Vl2yvD1UAgDdbUaPfygLhhH2ohE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.226.49.0/24
Signature Algorithm: sha256WithRSAEncryption
14:d4:c0:41:b7:83:ef:eb:ca:8e:ff:d9:48:4b:57:c6:3a:79:
ac:e2:3c:09:d5:86:d4:5e:67:8b:70:ea:d5:f8:d0:13:fc:31:
14:31:f1:ee:7f:fb:ef:5d:c7:ba:b0:80:58:b1:d2:c6:8a:32:
5e:41:f0:40:df:64:2b:2e:f1:eb:69:56:3e:ab:c6:c7:8e:cd:
50:c8:8a:78:f1:a8:31:2e:99:df:91:b9:7d:d3:56:21:3e:34:
72:94:89:2e:46:6c:9d:43:e8:30:e5:8e:75:bb:a5:02:0f:5f:
73:0b:54:86:bb:a3:c8:42:20:9f:37:68:14:8b:0b:17:57:33:
59:a3:a1:33:e5:82:25:ca:00:22:81:c0:b6:c7:4e:84:b9:56:
82:ba:62:27:1e:8b:30:d2:27:bf:94:65:23:11:46:b6:34:7f:
1b:0b:f8:aa:f0:21:09:9e:2b:b4:b6:7e:c9:86:45:d2:92:d6:
71:60:aa:a9:af:56:15:9d:00:df:1b:c4:46:75:53:50:5f:a5:
88:ae:b4:81:25:19:5e:c5:5f:d0:95:aa:7f:35:95:85:2e:ad:
9b:4b:20:70:38:d7:c6:52:73:b1:fa:53:15:d0:b9:b3:c8:ad:
9a:49:f8:3b:79:44:e8:97:79:39:d1:40:1d:9b:8b:b8:a0:3e:
81:d9:54:b2
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICRngwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOEFF
NENGNzhCNDlERjBCMkMxRDI5RDMyRTQ4QTk0M0FFNEY0MUFDQzAeFw0yNTA4MjQw
MzMyNDFaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDU2NURCMkJDM0Q1NDAy
MDBERDZENDY4RjdGMjgwQjg2MTFGNkEyMTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1lpl2KT/Dz1JHqPfveshXjJ0XLpMF63YlrheX4oS/zlWHzwM1
v5yoaNQVl1+Wrv+fGh5QqO35Vi3kZRX9qejJpAu1SDk5W6c8cOWCbgySNfLYuDhY
4h2zUCRviDLD8bh1KaSbApCjlzyvmjiXWukaMVZM4EyvkwnarjDy+Iuhkcxn4jyO
jiR6HY/kfFQrSPqoDwQcccu0DmWeOr5iFjiHopx6u03J4eXTYGQO1j3qiN3htMSi
ooczQ8LKe3769iniIe1kcI45wEhSRFjJ1WrClXSDvvM/ZgOvqWC6YM90t7hDPizt
vwuCxlHUFdeashUQbsMzK+nddcLvd18cV7k/AgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUVl2yvD1UAgDdbUaPfygLhhH2ohEwHwYDVR0jBBgwFoAUiuTPeLSd8LLB0p0y
5IqUOuT0GswwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTY2
My9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2l1VFBlTFNkOExMQjBwMHk1SXFVT3VUMEdzdy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2NjMvVmwyeXZEMVVBZ0Rk
YlVhUGZ5Z0xoaEgyb2hFLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEACviMTANBgkqhkiG9w0BAQsFAAOCAQEAFNTAQbeD7+vKjv/ZSEtXxjp5rOI8
CdWG1F5ni3Dq1fjQE/wxFDHx7n/7713HurCAWLHSxooyXkHwQN9kKy7x62lWPqvG
x47NUMiKePGoMS6Z35G5fdNWIT40cpSJLkZsnUPoMOWOdbulAg9fcwtUhrujyEIg
nzdoFIsLF1czWaOhM+WCJcoAIoHAtsdOhLlWgrpiJx6LMNInv5RlIxFGtjR/Gwv4
qvAhCZ4rtLZ+yYZF0pLWcWCqqa9WFZ0A3xvERnVTUF+liK60gSUZXsVf0JWqfzWV
hS6tm0sgcDjXxlJzsfpTFdC5s8itmkn4O3lE6Jd5OdFAHZuLuKA+gdlUsg==
-----END CERTIFICATE-----
Generated at Sun Aug 24 09:42:23 2025 by rpki-client