Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/hV2HAFUrLvOqb5nDV2l64md3MjA.roa
File: hV2HAFUrLvOqb5nDV2l64md3MjA.roa (raw, json)
Hash identifier: r1gygJ2i80NeBn02gVM1113oR0vl6lcHnbGRoVNpePo=
Subject key identifier: 85:5D:87:00:55:2B:2E:F3:AA:6F:99:C3:57:69:7A:E2:67:77:32:30
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 870F
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/hV2HAFUrLvOqb5nDV2l64md3MjA.roa
Signing time: Mon 20 Oct 2025 12:06:30 +0000
ROA not before: Mon 20 Oct 2025 12:06:30 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 134762
IP address blocks: 43.226.49.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 34575 (0x870f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Oct 20 12:06:30 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=855D8700552B2EF3AA6F99C357697AE267773230
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:7f:0a:75:1f:b2:22:e3:05:ae:58:e4:d2:28:
b3:95:c9:20:73:90:ae:fc:e7:85:3b:6b:fd:3a:89:
22:a6:56:d0:bf:da:56:bd:d3:9c:73:a5:c5:be:54:
85:46:43:3f:c4:39:f5:a1:1f:f3:fd:e7:f0:88:10:
c3:42:e5:14:d5:71:51:07:10:7e:44:d2:d4:05:ab:
a4:4a:3c:eb:b9:b1:c9:d6:3f:4e:4b:a8:82:76:13:
25:a6:50:a5:19:40:b0:9e:71:e6:e7:2e:fe:fc:9b:
b6:e9:e6:ca:a0:80:0b:ef:09:c1:07:8b:d3:da:b6:
d7:bd:36:54:0e:3d:36:4d:a1:54:9e:ce:b0:9b:a8:
fc:e6:7f:2f:51:80:4c:a2:55:ed:51:f4:2c:73:a1:
da:4c:1e:88:a9:03:75:e7:8f:19:49:b7:0b:70:c2:
21:f6:7c:96:f5:d6:35:49:77:7f:3b:a8:64:32:fa:
84:e9:98:1a:8e:0b:e6:79:d4:16:27:da:56:a7:a8:
c7:37:46:93:db:cc:ee:c5:0f:29:50:39:14:37:76:
f8:65:23:ba:a5:ce:cb:1e:91:b5:f1:8a:1a:c8:8d:
a0:e3:b8:1b:91:4c:e4:c1:c6:d8:7f:37:9c:c0:84:
44:5c:69:c3:a9:e9:cc:27:d2:78:97:c2:85:75:38:
9c:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:5D:87:00:55:2B:2E:F3:AA:6F:99:C3:57:69:7A:E2:67:77:32:30
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/hV2HAFUrLvOqb5nDV2l64md3MjA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.226.49.0/24
Signature Algorithm: sha256WithRSAEncryption
b2:a2:63:85:d5:e2:72:d5:2e:44:d9:f8:97:f1:15:c8:71:33:
5a:01:1e:0e:25:44:4f:c9:fa:80:fd:21:0e:9d:21:a9:cd:68:
f7:55:19:bc:98:e7:60:a3:96:c7:41:34:2b:01:47:99:9b:39:
c6:5f:b1:8d:f0:ee:9a:5b:aa:e7:5f:5f:03:5a:a2:30:73:16:
94:fa:eb:0f:e1:05:33:07:70:bb:3e:e0:6f:bf:2f:a2:2d:85:
df:77:7d:40:a3:b8:bc:84:46:9a:86:83:7d:1a:fd:e5:b0:b9:
4b:ae:83:43:64:c2:d3:c5:52:73:ba:71:ec:fa:c2:2b:8d:05:
e6:b8:f5:ca:8a:a7:f7:ed:bc:4b:35:d1:5b:d8:20:ee:a2:31:
7f:73:2f:cc:24:1a:1b:04:e0:a0:d6:d4:64:18:7f:08:6f:b3:
68:37:0a:6e:ab:a3:98:9d:1a:47:e2:31:05:84:31:2a:69:31:
7b:79:b8:26:ab:5d:3f:86:1c:83:03:af:4d:bf:15:01:4a:bc:
87:bb:11:0e:64:65:0b:fb:27:7f:45:05:35:3f:3e:8a:74:ea:
26:c6:19:32:46:c5:36:b3:39:d8:fe:9a:6d:0d:40:f2:a0:c5:
84:76:fa:54:0b:87:bd:ab:c9:ec:de:6a:b9:e7:6e:5a:e0:21:
54:49:e9:05
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIDAIcPMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDhB
RTRDRjc4QjQ5REYwQjJDMUQyOUQzMkU0OEE5NDNBRTRGNDFBQ0MwHhcNMjUxMDIw
MTIwNjMwWhcNMjYwODAzMDg0NDQwWjAzMTEwLwYDVQQDEyg4NTVEODcwMDU1MkIy
RUYzQUE2Rjk5QzM1NzY5N0FFMjY3NzczMjMwMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAuX8KdR+yIuMFrljk0iizlckgc5Cu/OeFO2v9OokiplbQv9pW
vdOcc6XFvlSFRkM/xDn1oR/z/efwiBDDQuUU1XFRBxB+RNLUBaukSjzrubHJ1j9O
S6iCdhMlplClGUCwnnHm5y7+/Ju26ebKoIAL7wnBB4vT2rbXvTZUDj02TaFUns6w
m6j85n8vUYBMolXtUfQsc6HaTB6IqQN1548ZSbcLcMIh9nyW9dY1SXd/O6hkMvqE
6ZgajgvmedQWJ9pWp6jHN0aT28zuxQ8pUDkUN3b4ZSO6pc7LHpG18YoayI2g47gb
kUzkwcbYfzecwIREXGnDqenMJ9J4l8KFdTicBwIDAQABo4IB8zCCAe8wHQYDVR0O
BBYEFIVdhwBVKy7zqm+Zw1dpeuJndzIwMB8GA1UdIwQYMBaAFIrkz3i0nfCywdKd
MuSKlDrk9BrMMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwXQYDVR0fBFYwVDBS
oFCgToZMcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2
NjMvaXVUUGVMU2Q4TExCMHAweTVJcVVPdVQwR3N3LmNybDBjBggrBgEFBQcBAQRX
MFUwUwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYy
RTNEMDAwMC9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY2VyMA4GA1UdDwEB
/wQEAwIHgDCBnQYIKwYBBQUHAQsEgZAwgY0wWAYIKwYBBQUHMAuGTHJzeW5jOi8v
cnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xNjYzL2hWMkhBRlVyTHZP
cWI1bkRWMmw2NG1kM01qQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5j
bm5pYy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAr4jEwDQYJKoZIhvcNAQELBQADggEBALKiY4XV4nLVLkTZ+JfxFchxM1oB
Hg4lRE/J+oD9IQ6dIanNaPdVGbyY52CjlsdBNCsBR5mbOcZfsY3w7ppbqudfXwNa
ojBzFpT66w/hBTMHcLs+4G+/L6Ithd93fUCjuLyERpqGg30a/eWwuUuug0NkwtPF
UnO6cez6wiuNBea49cqKp/ftvEs10VvYIO6iMX9zL8wkGhsE4KDW1GQYfwhvs2g3
Cm6ro5idGkfiMQWEMSppMXt5uCarXT+GHIMDr02/FQFKvIe7EQ5kZQv7J39FBTU/
Pop06ibGGTJGxTazOdj+mm0NQPKgxYR2+lQLh72ryezearnnblrgIVRJ6QU=
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:52:20 2025 by rpki-client