Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/ZQ3xSZ4L96YPVmOukBJS7v1Ntco.roa
File: ZQ3xSZ4L96YPVmOukBJS7v1Ntco.roa (raw, json)
Hash identifier: NvTL3X0njfIV0Lh6Y4ANvZHfh3BWZ9zkSEx9IZZg6fk=
Subject key identifier: 65:0D:F1:49:9E:0B:F7:A6:0F:56:63:AE:90:12:52:EE:FD:4D:B5:CA
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 8710
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/ZQ3xSZ4L96YPVmOukBJS7v1Ntco.roa
Signing time: Mon 20 Oct 2025 12:06:30 +0000
ROA not before: Mon 20 Oct 2025 12:06:30 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 134762
IP address blocks: 43.227.68.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 34576 (0x8710)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Oct 20 12:06:30 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=650DF1499E0BF7A60F5663AE901252EEFD4DB5CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:9b:ff:4b:a2:d5:c8:74:22:aa:54:4e:40:b6:
7e:62:eb:e3:06:70:25:26:9c:e2:c8:a4:71:18:5a:
e3:f5:7f:71:ea:1b:65:1c:ac:4d:ac:9d:7b:4e:e0:
21:58:5c:d5:4b:71:6a:82:c6:f1:34:bc:01:12:8d:
6f:f6:88:7e:c7:ca:6a:7f:a2:0d:12:6f:bb:22:f4:
ed:70:96:a4:9b:43:0b:8f:10:68:d1:ed:8a:d0:7c:
19:b4:08:3c:76:96:8d:0b:9b:96:6a:2f:50:47:2a:
24:47:cc:18:43:89:e5:34:19:cb:5a:03:d8:e4:c7:
17:1a:f1:80:6b:c7:e6:9d:d4:02:70:c4:c4:df:c3:
67:73:1a:e3:2d:7f:76:60:0f:2c:0e:af:5e:a1:75:
1d:09:75:77:e7:5e:a6:21:b4:7b:ed:af:12:21:a9:
1b:06:58:3e:42:a1:bf:b0:95:e3:5f:ce:9e:1a:4c:
7e:c8:8d:b1:21:da:1c:be:b9:92:c2:f2:f3:1b:cb:
3c:e5:01:d2:8e:f0:01:61:d9:c1:98:14:75:51:25:
6c:4e:8d:42:c3:9e:40:0a:af:4d:72:d2:be:f4:94:
60:c6:b9:bd:69:95:4c:44:cb:af:2b:cf:e0:f8:d2:
fd:36:d8:36:88:19:66:0d:fb:ee:fd:f1:82:23:8e:
5d:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:0D:F1:49:9E:0B:F7:A6:0F:56:63:AE:90:12:52:EE:FD:4D:B5:CA
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/ZQ3xSZ4L96YPVmOukBJS7v1Ntco.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.227.68.0/24
Signature Algorithm: sha256WithRSAEncryption
85:c9:e8:4b:1f:28:5b:f2:0c:11:01:68:47:55:e0:48:f0:a7:
9d:c0:ab:fc:3d:32:08:dc:21:81:74:74:a4:19:39:66:e6:f1:
94:b2:ac:6a:b4:40:b6:54:c2:4a:27:31:31:ff:79:b4:a0:21:
50:d7:ca:58:fa:c8:be:06:d4:cd:0a:2f:ca:1d:9c:59:84:ce:
c4:0a:3a:4a:37:74:56:84:76:d9:d0:fb:d4:13:b9:03:e6:25:
80:ae:aa:21:40:3b:76:80:3c:f6:8e:12:e5:49:41:7f:02:4f:
e0:d8:4b:e3:79:5b:80:82:62:29:0a:8c:da:dc:95:bd:d3:74:
43:a5:91:97:a7:25:f6:7d:38:b7:b1:6d:8e:86:96:be:c6:1a:
e3:bd:47:1e:29:1d:6a:06:87:9a:26:bc:a8:5b:8c:f3:67:45:
aa:32:94:f9:3a:6e:98:67:de:f5:d8:6e:a1:13:27:23:a7:4b:
79:e4:29:01:0a:58:89:db:b8:18:59:e5:80:bd:22:af:ea:74:
65:ec:0d:56:3c:a0:4d:4a:d1:d4:e3:e5:53:c9:86:df:30:e1:
db:a0:fc:f1:98:c9:be:6e:f0:cf:d6:58:d1:bb:1c:a7:5d:9e:
47:8e:55:86:dd:d8:f4:0c:18:26:b6:4e:71:5a:3e:91:0e:17:
c0:0e:0c:db
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIDAIcQMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDhB
RTRDRjc4QjQ5REYwQjJDMUQyOUQzMkU0OEE5NDNBRTRGNDFBQ0MwHhcNMjUxMDIw
MTIwNjMwWhcNMjYwODAzMDg0NDQwWjAzMTEwLwYDVQQDEyg2NTBERjE0OTlFMEJG
N0E2MEY1NjYzQUU5MDEyNTJFRUZENERCNUNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAupv/S6LVyHQiqlROQLZ+YuvjBnAlJpziyKRxGFrj9X9x6htl
HKxNrJ17TuAhWFzVS3FqgsbxNLwBEo1v9oh+x8pqf6INEm+7IvTtcJakm0MLjxBo
0e2K0HwZtAg8dpaNC5uWai9QRyokR8wYQ4nlNBnLWgPY5McXGvGAa8fmndQCcMTE
38NncxrjLX92YA8sDq9eoXUdCXV3516mIbR77a8SIakbBlg+QqG/sJXjX86eGkx+
yI2xIdocvrmSwvLzG8s85QHSjvABYdnBmBR1USVsTo1Cw55ACq9NctK+9JRgxrm9
aZVMRMuvK8/g+NL9Ntg2iBlmDfvu/fGCI45dcQIDAQABo4IB8zCCAe8wHQYDVR0O
BBYEFGUN8UmeC/emD1ZjrpASUu79TbXKMB8GA1UdIwQYMBaAFIrkz3i0nfCywdKd
MuSKlDrk9BrMMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwXQYDVR0fBFYwVDBS
oFCgToZMcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2
NjMvaXVUUGVMU2Q4TExCMHAweTVJcVVPdVQwR3N3LmNybDBjBggrBgEFBQcBAQRX
MFUwUwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYy
RTNEMDAwMC9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY2VyMA4GA1UdDwEB
/wQEAwIHgDCBnQYIKwYBBQUHAQsEgZAwgY0wWAYIKwYBBQUHMAuGTHJzeW5jOi8v
cnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xNjYzL1pRM3hTWjRMOTZZ
UFZtT3VrQkpTN3YxTnRjby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5j
bm5pYy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAr40QwDQYJKoZIhvcNAQELBQADggEBAIXJ6EsfKFvyDBEBaEdV4Ejwp53A
q/w9MgjcIYF0dKQZOWbm8ZSyrGq0QLZUwkonMTH/ebSgIVDXylj6yL4G1M0KL8od
nFmEzsQKOko3dFaEdtnQ+9QTuQPmJYCuqiFAO3aAPPaOEuVJQX8CT+DYS+N5W4CC
YikKjNrclb3TdEOlkZenJfZ9OLexbY6Glr7GGuO9Rx4pHWoGh5omvKhbjPNnRaoy
lPk6bphn3vXYbqETJyOnS3nkKQEKWInbuBhZ5YC9Iq/qdGXsDVY8oE1K0dTj5VPJ
ht8w4dug/PGYyb5u8M/WWNG7HKddnkeOVYbd2PQMGCa2TnFaPpEOF8AODNs=
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:52:17 2025 by rpki-client