Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/cW39mtAp8ttxrryEEYyzgpZyl-Y.roa
File: cW39mtAp8ttxrryEEYyzgpZyl-Y.roa (raw, json)
Hash identifier: AHaemtAtPHl6rkUemFWAQRCUJRJsHnHRQru7T2KV13c=
Subject key identifier: 71:6D:FD:9A:D0:29:F2:DB:71:AE:BC:84:11:8C:B3:82:96:72:97:E6
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 86A9
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/cW39mtAp8ttxrryEEYyzgpZyl-Y.roa
Signing time: Mon 20 Oct 2025 03:35:12 +0000
ROA not before: Mon 20 Oct 2025 03:35:12 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 134762
IP address blocks: 43.226.49.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 34473 (0x86a9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Oct 20 03:35:12 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=716DFD9AD029F2DB71AEBC84118CB382967297E6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:1c:e5:61:3b:2f:2e:ba:6e:ca:50:e1:dc:c3:
cb:4b:66:42:34:85:2d:dc:88:d5:9c:3d:27:f5:40:
4f:75:fb:5e:26:7c:13:3f:cc:a2:9e:ea:c6:2b:47:
4d:a6:15:6b:72:c6:36:20:b2:35:7f:37:f0:af:06:
fc:71:b0:47:48:27:b1:2d:8f:37:ac:07:5c:4e:da:
4e:0b:76:de:6d:cd:b8:49:65:da:0a:80:4f:20:d4:
97:c5:21:2c:2d:be:0b:1d:c7:46:fe:f9:dd:04:49:
1c:b3:60:22:23:ad:9e:bb:c5:12:ca:44:68:80:2e:
5f:47:06:b2:c8:e2:31:41:84:5d:93:93:8e:68:c2:
ae:1c:7e:82:2e:cc:59:8d:95:cf:8c:da:09:7a:3a:
ae:9d:f3:6a:1e:69:aa:80:98:4e:09:93:b0:86:9a:
48:49:cb:aa:63:c0:32:b5:79:19:48:9d:72:64:74:
be:20:28:92:b2:98:a4:8d:0e:27:63:70:84:6b:d2:
e8:fc:c8:7f:4b:45:69:78:4a:44:6b:fa:d4:3e:98:
67:bb:70:c4:9b:34:4b:4f:a5:6c:93:61:81:ac:fb:
95:9e:4d:3c:af:0b:87:8b:39:9b:b3:90:ad:df:ca:
e5:82:dc:33:a6:c6:4f:28:c2:60:70:7b:6a:2c:59:
1a:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:6D:FD:9A:D0:29:F2:DB:71:AE:BC:84:11:8C:B3:82:96:72:97:E6
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/cW39mtAp8ttxrryEEYyzgpZyl-Y.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.226.49.0/24
Signature Algorithm: sha256WithRSAEncryption
3b:f0:cc:03:0d:96:c5:b7:05:e1:17:82:e6:7a:d0:90:60:67:
bb:3d:3c:36:2c:84:1c:f7:bd:36:52:3c:69:60:a6:a8:e6:f0:
53:d5:ca:07:07:fb:88:0f:c9:b9:44:a1:17:40:42:8f:fd:66:
6e:3e:b5:38:6c:00:36:fb:7d:6d:2a:98:e9:d7:be:7d:f1:ed:
ba:95:cb:c8:af:dc:32:e9:57:14:ff:2b:57:eb:ea:8c:b0:31:
23:da:58:63:03:18:6a:75:9b:39:32:08:dc:18:b4:3e:6c:d5:
9e:62:8d:c0:08:29:cb:63:2a:0e:07:4a:7a:a3:b3:f1:84:25:
3a:1f:ef:fd:8b:3b:c9:5d:70:7c:e8:39:be:a1:0a:37:a7:2b:
46:c4:0f:cd:44:bf:3f:66:ce:2b:2f:6d:53:38:fb:60:32:6c:
4d:63:3e:09:41:15:7d:90:14:ef:b5:42:bb:c7:17:ec:8a:40:
df:f5:4b:f4:f4:ae:c4:14:16:76:7c:b1:c7:38:11:91:c9:d1:
8b:23:3e:97:8e:49:81:d3:3d:2b:a4:42:e0:6e:eb:aa:c4:94:
e2:2c:53:88:e9:48:3c:6e:d8:87:b9:c0:8c:a4:88:38:22:ce:
ea:66:d3:95:4b:5e:78:18:ed:60:2c:4d:18:2e:94:43:b6:3e:
3a:2b:57:27
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIDAIapMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDhB
RTRDRjc4QjQ5REYwQjJDMUQyOUQzMkU0OEE5NDNBRTRGNDFBQ0MwHhcNMjUxMDIw
MDMzNTEyWhcNMjYwODAzMDg0NDQwWjAzMTEwLwYDVQQDEyg3MTZERkQ5QUQwMjlG
MkRCNzFBRUJDODQxMThDQjM4Mjk2NzI5N0U2MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAqhzlYTsvLrpuylDh3MPLS2ZCNIUt3IjVnD0n9UBPdfteJnwT
P8yinurGK0dNphVrcsY2ILI1fzfwrwb8cbBHSCexLY83rAdcTtpOC3bebc24SWXa
CoBPINSXxSEsLb4LHcdG/vndBEkcs2AiI62eu8USykRogC5fRwayyOIxQYRdk5OO
aMKuHH6CLsxZjZXPjNoJejqunfNqHmmqgJhOCZOwhppIScuqY8AytXkZSJ1yZHS+
ICiSspikjQ4nY3CEa9Lo/Mh/S0VpeEpEa/rUPphnu3DEmzRLT6Vsk2GBrPuVnk08
rwuHizmbs5Ct38rlgtwzpsZPKMJgcHtqLFkacwIDAQABo4IB8zCCAe8wHQYDVR0O
BBYEFHFt/ZrQKfLbca68hBGMs4KWcpfmMB8GA1UdIwQYMBaAFIrkz3i0nfCywdKd
MuSKlDrk9BrMMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwXQYDVR0fBFYwVDBS
oFCgToZMcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2
NjMvaXVUUGVMU2Q4TExCMHAweTVJcVVPdVQwR3N3LmNybDBjBggrBgEFBQcBAQRX
MFUwUwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYy
RTNEMDAwMC9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY2VyMA4GA1UdDwEB
/wQEAwIHgDCBnQYIKwYBBQUHAQsEgZAwgY0wWAYIKwYBBQUHMAuGTHJzeW5jOi8v
cnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xNjYzL2NXMzltdEFwOHR0
eHJyeUVFWXl6Z3BaeWwtWS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5j
bm5pYy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAr4jEwDQYJKoZIhvcNAQELBQADggEBADvwzAMNlsW3BeEXguZ60JBgZ7s9
PDYshBz3vTZSPGlgpqjm8FPVygcH+4gPyblEoRdAQo/9Zm4+tThsADb7fW0qmOnX
vn3x7bqVy8iv3DLpVxT/K1fr6oywMSPaWGMDGGp1mzkyCNwYtD5s1Z5ijcAIKctj
Kg4HSnqjs/GEJTof7/2LO8ldcHzoOb6hCjenK0bED81Evz9mzisvbVM4+2AybE1j
PglBFX2QFO+1QrvHF+yKQN/1S/T0rsQUFnZ8scc4EZHJ0YsjPpeOSYHTPSukQuBu
66rElOIsU4jpSDxu2Ie5wIykiDgizupm05VLXngY7WAsTRgulEO2PjorVyc=
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:29:04 2025 by rpki-client