Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/eKT0IDwV2KXcd3iSgGBWj3VfWsU.roa
File: eKT0IDwV2KXcd3iSgGBWj3VfWsU.roa (raw, json)
Hash identifier: SIfrbmnnUgSsdcMirMEAlQY7g1vQtIurQ8Vn2yy29CU=
Subject key identifier: 78:A4:F4:20:3C:15:D8:A5:DC:77:78:92:80:60:56:8F:75:5F:5A:C5
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 4677
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/eKT0IDwV2KXcd3iSgGBWj3VfWsU.roa
Signing time: Sun 24 Aug 2025 03:32:41 +0000
ROA not before: Sun 24 Aug 2025 03:32:41 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 63612
IP address blocks: 43.227.80.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18039 (0x4677)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Aug 24 03:32:41 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=78A4F4203C15D8A5DC7778928060568F755F5AC5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:33:95:90:0e:8b:3e:7b:c2:71:38:2c:17:65:
a9:bb:34:9b:6b:60:99:21:a8:18:bb:46:cc:51:fc:
c8:ee:2b:d2:b7:ba:50:ca:09:dc:4d:d1:7d:ba:cd:
5f:5c:35:30:96:95:70:58:65:10:9f:e8:a4:25:69:
4d:6c:91:94:16:fd:40:dd:d7:33:70:dc:91:90:42:
00:cb:fc:6c:9c:46:5b:86:e2:54:24:c7:1b:42:e6:
aa:8f:f3:b8:1a:c4:41:00:e5:8f:8e:89:c3:f7:e9:
dc:ba:85:e6:d4:27:ff:22:4a:08:2b:41:39:6e:9a:
c2:d1:85:5c:ec:99:53:9b:2b:f7:ed:03:6b:46:66:
fd:32:4f:25:54:b6:95:24:0c:05:c3:fd:e1:d9:a4:
19:f8:18:46:d3:b6:d5:94:6d:f2:76:f6:9a:28:e9:
ec:e5:0e:63:88:9b:5c:d3:41:58:ca:1a:3f:fa:51:
19:99:fe:4c:3d:90:35:23:5e:c8:3e:f2:94:22:6f:
49:fe:91:3d:39:7c:c0:4c:b0:5f:89:db:94:26:22:
f3:c6:ca:15:32:e8:09:2c:c5:01:d7:56:03:a6:36:
46:d8:d6:8a:6b:4e:38:d7:4e:e6:58:91:f0:35:b1:
b1:7b:cd:00:19:51:19:9f:4f:69:73:7d:3a:c9:39:
e7:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:A4:F4:20:3C:15:D8:A5:DC:77:78:92:80:60:56:8F:75:5F:5A:C5
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/eKT0IDwV2KXcd3iSgGBWj3VfWsU.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.227.80.0/20
Signature Algorithm: sha256WithRSAEncryption
97:da:bc:6b:53:f4:6f:e2:2c:37:81:4f:9a:ee:87:ba:d5:9d:
1e:6e:9a:49:69:1a:32:4c:72:d9:ef:a6:71:81:bb:08:5f:62:
a4:cd:c3:96:ab:8f:27:7a:3a:7d:14:2a:dd:19:0a:0a:c4:95:
92:58:b5:e8:ad:6a:b6:f3:8f:59:df:7f:36:b7:03:7b:e7:c1:
49:8b:60:e3:4f:74:f1:82:ac:83:4d:d9:cb:b0:3e:70:33:88:
46:18:d2:79:17:67:6e:07:96:d0:b7:6f:66:06:9e:8f:b9:73:
ec:17:44:ff:6e:8f:b8:a4:75:41:bf:d0:11:14:2b:e3:67:2b:
83:10:eb:96:c9:44:fa:2f:36:ce:88:d6:52:24:e7:4f:e7:30:
ae:cc:fa:0c:d1:60:85:2d:4f:90:26:a1:a4:e7:9e:65:26:be:
59:cd:af:b9:79:9f:3f:9a:6d:3f:b1:d3:2c:f8:b6:82:61:f0:
1c:48:2d:90:0a:b0:6c:e0:a4:18:43:09:a1:6e:fd:4b:73:76:
c5:39:c0:a4:24:eb:37:28:8d:65:1d:d4:10:5a:78:54:e0:d7:
10:4b:ac:4e:77:6c:05:65:3d:e8:ba:3d:25:f5:9a:5f:3f:72:
bf:85:79:c4:40:ad:26:6b:cc:e4:ce:04:4b:41:25:97:d1:b4:
e3:48:f2:09
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICRncwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOEFF
NENGNzhCNDlERjBCMkMxRDI5RDMyRTQ4QTk0M0FFNEY0MUFDQzAeFw0yNTA4MjQw
MzMyNDFaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDc4QTRGNDIwM0MxNUQ4
QTVEQzc3Nzg5MjgwNjA1NjhGNzU1RjVBQzUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9M5WQDos+e8JxOCwXZam7NJtrYJkhqBi7RsxR/MjuK9K3ulDK
CdxN0X26zV9cNTCWlXBYZRCf6KQlaU1skZQW/UDd1zNw3JGQQgDL/GycRluG4lQk
xxtC5qqP87gaxEEA5Y+OicP36dy6hebUJ/8iSggrQTlumsLRhVzsmVObK/ftA2tG
Zv0yTyVUtpUkDAXD/eHZpBn4GEbTttWUbfJ29poo6ezlDmOIm1zTQVjKGj/6URmZ
/kw9kDUjXsg+8pQib0n+kT05fMBMsF+J25QmIvPGyhUy6AksxQHXVgOmNkbY1opr
TjjXTuZYkfA1sbF7zQAZURmfT2lzfTrJOeeFAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUeKT0IDwV2KXcd3iSgGBWj3VfWsUwHwYDVR0jBBgwFoAUiuTPeLSd8LLB0p0y
5IqUOuT0GswwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTY2
My9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2l1VFBlTFNkOExMQjBwMHk1SXFVT3VUMEdzdy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2NjMvZUtUMElEd1YyS1hj
ZDNpU2dHQldqM1ZmV3NVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEBCvjUDANBgkqhkiG9w0BAQsFAAOCAQEAl9q8a1P0b+IsN4FPmu6HutWdHm6a
SWkaMkxy2e+mcYG7CF9ipM3DlquPJ3o6fRQq3RkKCsSVkli16K1qtvOPWd9/NrcD
e+fBSYtg40908YKsg03Zy7A+cDOIRhjSeRdnbgeW0LdvZgaej7lz7BdE/26PuKR1
Qb/QERQr42crgxDrlslE+i82zojWUiTnT+cwrsz6DNFghS1PkCahpOeeZSa+Wc2v
uXmfP5ptP7HTLPi2gmHwHEgtkAqwbOCkGEMJoW79S3N2xTnApCTrNyiNZR3UEFp4
VODXEEusTndsBWU96Lo9JfWaXz9yv4V5xECtJmvM5M4ES0Ell9G040jyCQ==
-----END CERTIFICATE-----
Generated at Sun Aug 24 09:42:32 2025 by rpki-client