Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/fuNpvyrWjNqASaRbQPtajVPqy6k.roa
File: fuNpvyrWjNqASaRbQPtajVPqy6k.roa (raw, json)
Hash identifier: BDXVfeJ+p55olmcKYt7LYY+SlG+OhVlWdGyqMfKIgMM=
Subject key identifier: 7E:E3:69:BF:2A:D6:8C:DA:80:49:A4:5B:40:FB:5A:8D:53:EA:CB:A9
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 86AA
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/fuNpvyrWjNqASaRbQPtajVPqy6k.roa
Signing time: Mon 20 Oct 2025 03:35:12 +0000
ROA not before: Mon 20 Oct 2025 03:35:12 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 134762
IP address blocks: 43.227.68.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 34474 (0x86aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Oct 20 03:35:12 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=7EE369BF2AD68CDA8049A45B40FB5A8D53EACBA9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:3d:24:3f:94:8d:07:e4:1c:93:01:9a:96:78:
ac:2e:d3:fb:50:e4:7b:c6:80:ba:22:63:07:8d:56:
0d:89:12:46:ef:76:f6:60:dd:f8:35:b0:21:5c:ed:
3b:94:fc:54:f2:9f:78:63:40:a3:ad:c4:d8:6e:38:
67:35:6e:96:33:a8:61:5b:cd:51:bf:6b:60:7b:b2:
0b:71:ba:12:f3:00:57:c6:ef:15:9e:9b:06:de:51:
35:74:b9:c4:c6:29:ae:01:db:da:c5:9b:54:7a:f7:
a9:e1:8b:47:58:14:94:4e:ad:0a:68:29:57:fa:ff:
8e:0a:0f:09:46:6e:a2:9d:be:4d:6e:22:db:e4:27:
48:8d:58:1b:d0:3a:c3:1e:bc:6f:43:06:9a:b6:d2:
ee:15:dc:73:5d:0a:5e:19:5f:3c:80:e6:c3:d2:94:
50:0c:e9:45:2e:84:b6:3c:56:a6:61:9c:87:69:dc:
ee:66:ad:b7:a0:3b:55:ac:8b:01:ea:c8:a0:b8:6a:
39:19:86:de:bd:40:05:bc:9e:dd:b4:a6:87:fd:4b:
e5:7a:d9:4b:24:d5:86:fb:c7:e4:e6:89:9a:6b:9e:
74:61:87:fd:41:1c:ac:cf:45:29:a2:c5:5a:e3:a4:
9b:ca:2b:39:c1:04:44:62:08:77:06:36:48:e8:70:
dc:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:E3:69:BF:2A:D6:8C:DA:80:49:A4:5B:40:FB:5A:8D:53:EA:CB:A9
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/fuNpvyrWjNqASaRbQPtajVPqy6k.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.227.68.0/24
Signature Algorithm: sha256WithRSAEncryption
0b:4c:8d:25:29:72:c9:ec:9a:da:fe:5d:52:54:a7:50:24:a7:
d3:ab:f1:c2:69:d7:38:ad:39:9e:a9:d9:b6:d8:fe:7d:c5:c7:
25:7d:5a:65:cf:7c:3c:9d:3b:51:44:8c:fd:07:c6:5b:7e:3f:
d9:ad:e9:12:fb:05:90:e5:99:9c:03:20:0f:3f:ba:86:95:05:
e7:87:c7:f2:67:68:d0:e5:18:c9:43:8d:e2:0c:0b:4c:04:24:
19:4c:ed:59:b8:37:ff:7d:c3:56:80:10:6b:bf:1b:d2:dc:57:
0b:76:94:74:43:49:28:2a:c4:90:db:50:41:e5:34:8c:bc:d3:
37:42:87:1b:4d:16:28:2d:44:c3:e2:62:69:c2:4d:1e:8d:66:
06:2a:30:9b:8a:6b:57:63:8f:af:7a:b8:da:d9:3e:b3:d4:88:
34:b0:1a:90:17:5c:11:03:1c:3b:42:54:74:98:b2:e6:49:8a:
5b:7d:a7:e4:d2:05:3f:43:b9:32:68:da:f9:76:af:9f:27:75:
b2:cc:05:51:63:1d:bb:0c:3c:5b:10:de:a1:eb:1c:ff:b5:89:
c0:0f:64:d9:d4:25:af:f4:97:52:ea:09:ee:46:ce:4a:70:01:
41:96:dc:e9:fc:e1:27:b8:6c:a6:41:e6:8b:d1:21:ff:bf:cb:
c7:f8:d3:bb
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIDAIaqMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDhB
RTRDRjc4QjQ5REYwQjJDMUQyOUQzMkU0OEE5NDNBRTRGNDFBQ0MwHhcNMjUxMDIw
MDMzNTEyWhcNMjYwODAzMDg0NDQwWjAzMTEwLwYDVQQDEyg3RUUzNjlCRjJBRDY4
Q0RBODA0OUE0NUI0MEZCNUE4RDUzRUFDQkE5MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA4T0kP5SNB+QckwGalnisLtP7UOR7xoC6ImMHjVYNiRJG73b2
YN34NbAhXO07lPxU8p94Y0CjrcTYbjhnNW6WM6hhW81Rv2tge7ILcboS8wBXxu8V
npsG3lE1dLnEximuAdvaxZtUevep4YtHWBSUTq0KaClX+v+OCg8JRm6inb5NbiLb
5CdIjVgb0DrDHrxvQwaattLuFdxzXQpeGV88gObD0pRQDOlFLoS2PFamYZyHadzu
Zq23oDtVrIsB6siguGo5GYbevUAFvJ7dtKaH/UvletlLJNWG+8fk5omaa550YYf9
QRysz0UposVa46Sbyis5wQREYgh3BjZI6HDcAQIDAQABo4IB8zCCAe8wHQYDVR0O
BBYEFH7jab8q1ozagEmkW0D7Wo1T6supMB8GA1UdIwQYMBaAFIrkz3i0nfCywdKd
MuSKlDrk9BrMMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwXQYDVR0fBFYwVDBS
oFCgToZMcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2
NjMvaXVUUGVMU2Q4TExCMHAweTVJcVVPdVQwR3N3LmNybDBjBggrBgEFBQcBAQRX
MFUwUwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYy
RTNEMDAwMC9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY2VyMA4GA1UdDwEB
/wQEAwIHgDCBnQYIKwYBBQUHAQsEgZAwgY0wWAYIKwYBBQUHMAuGTHJzeW5jOi8v
cnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xNjYzL2Z1TnB2eXJXak5x
QVNhUmJRUHRhalZQcXk2ay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5j
bm5pYy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAr40QwDQYJKoZIhvcNAQELBQADggEBAAtMjSUpcsnsmtr+XVJUp1Akp9Or
8cJp1zitOZ6p2bbY/n3FxyV9WmXPfDydO1FEjP0Hxlt+P9mt6RL7BZDlmZwDIA8/
uoaVBeeHx/JnaNDlGMlDjeIMC0wEJBlM7Vm4N/99w1aAEGu/G9LcVwt2lHRDSSgq
xJDbUEHlNIy80zdChxtNFigtRMPiYmnCTR6NZgYqMJuKa1djj696uNrZPrPUiDSw
GpAXXBEDHDtCVHSYsuZJilt9p+TSBT9DuTJo2vl2r58ndbLMBVFjHbsMPFsQ3qHr
HP+1icAPZNnUJa/0l1LqCe5GzkpwAUGW3On84Se4bKZB5ovRIf+/y8f407s=
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:42:46 2025 by rpki-client