Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/_-xpk8lz2gnZHbIr6fREGaKAkOU.roa
File: _-xpk8lz2gnZHbIr6fREGaKAkOU.roa (raw, json)
Hash identifier: CfInZXbdUVi4hudApDv9bAVXv2cPDL9lp5uIol8Vtoo=
Subject key identifier: FF:EC:69:93:C9:73:DA:09:D9:1D:B2:2B:E9:F4:44:19:A2:80:90:E5
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 86F0
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/_-xpk8lz2gnZHbIr6fREGaKAkOU.roa
Signing time: Mon 20 Oct 2025 09:35:13 +0000
ROA not before: Mon 20 Oct 2025 09:35:13 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 63612
IP address blocks: 43.227.80.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 34544 (0x86f0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Oct 20 09:35:13 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=FFEC6993C973DA09D91DB22BE9F44419A28090E5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:39:f6:34:7a:fa:5a:4b:d6:fd:31:82:ab:67:
9e:58:28:20:26:15:a6:ac:f3:6e:85:3c:a9:72:bc:
d0:f8:1b:f1:fe:f8:74:27:88:26:76:98:d2:68:1b:
e7:58:20:6f:e6:41:f4:07:4d:90:78:7d:2e:44:3b:
85:72:97:7c:cf:e6:e1:d9:a6:45:c2:b8:48:2d:d7:
02:cc:0b:2d:7d:87:9d:94:91:e8:92:9a:50:6e:56:
a3:d8:40:53:e6:ae:f5:2c:ad:1e:31:1d:90:7d:68:
ae:f7:cd:bc:ab:1c:cc:4e:69:6b:64:8c:31:71:f1:
62:86:c7:5e:bd:2d:c0:c4:91:60:a3:97:c8:f7:cf:
5b:b6:ef:47:55:f5:a4:77:a6:d9:46:72:8a:c9:4d:
6f:79:8c:b7:ee:ae:d2:c8:ae:1b:14:db:2b:2a:d4:
a5:59:ec:89:b6:f8:60:0b:f2:7e:34:d0:4c:7a:fa:
3f:d9:bc:d9:da:bf:b1:e1:66:17:44:4e:4e:75:17:
ba:1b:e0:63:4d:b5:3b:aa:87:d4:24:b0:05:5e:ae:
3b:53:3b:ad:29:b0:e9:b6:47:d8:66:f1:2e:70:16:
8d:31:39:85:3c:ec:4f:75:58:c1:4a:26:56:86:5d:
26:20:88:d5:85:ec:53:75:65:83:93:79:6b:12:72:
ca:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:EC:69:93:C9:73:DA:09:D9:1D:B2:2B:E9:F4:44:19:A2:80:90:E5
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/_-xpk8lz2gnZHbIr6fREGaKAkOU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.227.80.0/20
Signature Algorithm: sha256WithRSAEncryption
5d:29:17:fe:11:de:39:1e:d5:ec:95:32:c0:2e:d0:d7:70:55:
3f:da:fb:fc:bf:76:e0:26:6e:d6:ad:78:5d:a0:76:1d:6b:c7:
8a:fb:b0:e2:ff:1e:f4:0f:10:7d:7b:ff:8b:18:54:4d:db:b8:
56:ce:32:11:c4:0c:9d:a8:6e:15:44:dd:54:20:4c:a5:c8:98:
96:29:92:09:52:38:2b:be:01:6b:8b:e6:4f:2f:d4:24:34:fc:
e8:95:13:ae:c2:a4:ad:52:a2:ec:5b:78:f7:02:04:5a:53:06:
85:eb:0f:16:90:81:1d:ba:61:a3:6b:03:3d:bb:e7:8e:7c:ba:
d4:34:7b:bc:1a:6c:30:85:fe:77:df:60:db:45:37:f0:e3:5a:
83:7c:a8:55:4b:25:55:3b:19:1c:47:e9:52:41:b9:c5:4b:5c:
45:c6:cd:68:f4:aa:75:b0:96:fd:1a:18:f4:01:04:a0:60:0f:
04:15:76:57:47:32:66:82:7b:53:d5:25:da:6d:a7:6b:a4:2c:
b8:90:3c:8a:e6:8a:09:25:5e:32:c2:a7:e9:b7:8a:b7:2b:6d:
95:b3:72:cb:de:d4:3c:7f:8c:3b:bf:4a:9d:7c:4f:5e:27:d8:
7b:cf:f6:3a:d2:cd:c4:aa:4a:86:e4:73:71:c7:fb:f5:3e:7e:
ff:0a:5c:2e
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIDAIbwMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDhB
RTRDRjc4QjQ5REYwQjJDMUQyOUQzMkU0OEE5NDNBRTRGNDFBQ0MwHhcNMjUxMDIw
MDkzNTEzWhcNMjYwODAzMDg0NDQwWjAzMTEwLwYDVQQDEyhGRkVDNjk5M0M5NzNE
QTA5RDkxREIyMkJFOUY0NDQxOUEyODA5MEU1MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyzn2NHr6WkvW/TGCq2eeWCggJhWmrPNuhTypcrzQ+Bvx/vh0
J4gmdpjSaBvnWCBv5kH0B02QeH0uRDuFcpd8z+bh2aZFwrhILdcCzAstfYedlJHo
kppQblaj2EBT5q71LK0eMR2QfWiu9828qxzMTmlrZIwxcfFihsdevS3AxJFgo5fI
989btu9HVfWkd6bZRnKKyU1veYy37q7SyK4bFNsrKtSlWeyJtvhgC/J+NNBMevo/
2bzZ2r+x4WYXRE5OdRe6G+BjTbU7qofUJLAFXq47UzutKbDptkfYZvEucBaNMTmF
POxPdVjBSiZWhl0mIIjVhexTdWWDk3lrEnLKEQIDAQABo4IB8zCCAe8wHQYDVR0O
BBYEFP/saZPJc9oJ2R2yK+n0RBmigJDlMB8GA1UdIwQYMBaAFIrkz3i0nfCywdKd
MuSKlDrk9BrMMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwXQYDVR0fBFYwVDBS
oFCgToZMcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2
NjMvaXVUUGVMU2Q4TExCMHAweTVJcVVPdVQwR3N3LmNybDBjBggrBgEFBQcBAQRX
MFUwUwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYy
RTNEMDAwMC9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY2VyMA4GA1UdDwEB
/wQEAwIHgDCBnQYIKwYBBQUHAQsEgZAwgY0wWAYIKwYBBQUHMAuGTHJzeW5jOi8v
cnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xNjYzL18teHBrOGx6Mmdu
WkhiSXI2ZlJFR2FLQWtPVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5j
bm5pYy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQr41AwDQYJKoZIhvcNAQELBQADggEBAF0pF/4R3jke1eyVMsAu0NdwVT/a
+/y/duAmbtateF2gdh1rx4r7sOL/HvQPEH17/4sYVE3buFbOMhHEDJ2obhVE3VQg
TKXImJYpkglSOCu+AWuL5k8v1CQ0/OiVE67CpK1SouxbePcCBFpTBoXrDxaQgR26
YaNrAz275458utQ0e7wabDCF/nffYNtFN/DjWoN8qFVLJVU7GRxH6VJBucVLXEXG
zWj0qnWwlv0aGPQBBKBgDwQVdldHMmaCe1PVJdptp2ukLLiQPIrmigklXjLCp+m3
ircrbZWzcsve1Dx/jDu/Sp18T14n2HvP9jrSzcSqSobkc3HH+/U+fv8KXC4=
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:28:12 2025 by rpki-client