Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/jTFQ1n0fMuXOy7LZoxpJB2Db3GE.roa
File: jTFQ1n0fMuXOy7LZoxpJB2Db3GE.roa (raw, json)
Hash identifier: ez+cNO8bVyn5/0f4j1Pgn61btG0pRs23WletSzUmt3E=
Subject key identifier: 8D:31:50:D6:7D:1F:32:E5:CE:CB:B2:D9:A3:1A:49:07:60:DB:DC:61
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 4679
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/jTFQ1n0fMuXOy7LZoxpJB2Db3GE.roa
Signing time: Sun 24 Aug 2025 03:32:41 +0000
ROA not before: Sun 24 Aug 2025 03:32:41 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 134762
IP address blocks: 43.227.68.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 18041 (0x4679)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Aug 24 03:32:41 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=8D3150D67D1F32E5CECBB2D9A31A490760DBDC61
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:5e:d0:28:e6:1a:bd:01:ed:d3:75:c2:98:7e:
74:22:2f:ba:51:39:45:b1:b3:39:d9:7f:cb:c8:d4:
b4:ed:41:e2:95:b9:db:6e:50:e3:b6:6f:cd:f6:15:
9d:c4:4b:ed:46:a3:43:54:b7:5a:25:0e:0f:b0:95:
47:78:df:a2:9c:35:73:56:fe:99:40:cd:e1:cc:ca:
05:15:8f:71:52:e3:4c:05:08:1b:4f:80:2d:ab:66:
91:98:b7:98:f4:68:4d:83:96:0b:ae:a6:ec:b7:a0:
84:6d:c9:12:f0:32:00:b8:97:6f:db:1e:43:02:e1:
02:61:2a:c0:b5:42:86:08:48:c1:b2:7a:e8:93:43:
20:a3:3d:7a:f1:12:00:63:d7:c9:33:56:2f:13:31:
31:38:eb:b0:4f:cf:2e:cb:f1:a5:3f:5a:87:bb:43:
49:98:55:b8:e1:39:54:59:e9:c2:63:02:95:fd:36:
e6:b0:52:52:90:83:d8:77:10:38:a5:03:fa:35:66:
9c:14:89:13:45:4f:41:c4:86:e7:17:f9:20:ac:76:
f5:6f:01:11:12:bd:8e:dd:94:a5:ad:43:f0:98:f0:
3f:c2:dd:ec:5c:bb:91:59:22:ad:1f:5c:ae:5d:01:
49:f9:b8:db:8b:ff:68:b2:86:21:fd:93:5a:3e:4f:
eb:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:31:50:D6:7D:1F:32:E5:CE:CB:B2:D9:A3:1A:49:07:60:DB:DC:61
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/jTFQ1n0fMuXOy7LZoxpJB2Db3GE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.227.68.0/24
Signature Algorithm: sha256WithRSAEncryption
0c:c0:bb:9a:a1:5b:11:ec:85:87:28:92:e6:78:64:f9:d8:bd:
51:2a:47:1a:03:e0:ae:ff:8c:45:ef:b9:50:f8:f3:63:9a:65:
b4:c4:d0:91:5a:8c:a9:70:71:db:f9:d2:c2:ff:75:e9:ac:06:
4b:ec:44:d1:e5:26:00:52:95:45:c3:58:91:2a:b5:91:03:53:
87:af:f5:0d:77:ec:8a:81:74:8e:67:d5:02:e8:05:ac:5d:8b:
74:fc:ba:6f:78:f0:d4:1f:38:6b:c8:c6:bb:71:c6:5c:19:38:
7e:30:e1:fc:81:2e:e7:f8:86:74:88:95:5e:47:01:4a:56:75:
3a:14:e1:19:d0:0a:28:e9:db:6c:81:b2:93:44:b9:0c:6b:9f:
c5:6d:16:37:c9:f3:70:94:76:b9:7c:a1:7f:fb:85:a9:a4:fd:
0b:d3:8c:ca:ea:a1:1e:f7:3d:50:ed:36:39:03:91:4e:87:c3:
7f:65:95:73:e7:90:6e:fc:eb:a4:d6:dc:48:5f:c3:a3:c4:5e:
d6:a6:96:f3:bd:dd:fb:8a:dd:22:dc:60:3b:39:31:6b:81:94:
2f:ce:a2:99:82:72:32:e4:0c:56:21:f9:84:74:d6:ce:96:a1:
03:a1:e0:58:63:57:ef:bd:2b:9a:46:20:38:18:6c:ac:4f:82:
06:dd:50:8e
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICRnkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOEFF
NENGNzhCNDlERjBCMkMxRDI5RDMyRTQ4QTk0M0FFNEY0MUFDQzAeFw0yNTA4MjQw
MzMyNDFaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDhEMzE1MEQ2N0QxRjMy
RTVDRUNCQjJEOUEzMUE0OTA3NjBEQkRDNjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDXtAo5hq9Ae3TdcKYfnQiL7pROUWxsznZf8vI1LTtQeKVudtu
UOO2b832FZ3ES+1Go0NUt1olDg+wlUd436KcNXNW/plAzeHMygUVj3FS40wFCBtP
gC2rZpGYt5j0aE2Dlguupuy3oIRtyRLwMgC4l2/bHkMC4QJhKsC1QoYISMGyeuiT
QyCjPXrxEgBj18kzVi8TMTE467BPzy7L8aU/Woe7Q0mYVbjhOVRZ6cJjApX9Nuaw
UlKQg9h3EDilA/o1ZpwUiRNFT0HEhucX+SCsdvVvARESvY7dlKWtQ/CY8D/C3exc
u5FZIq0fXK5dAUn5uNuL/2iyhiH9k1o+T+uRAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUjTFQ1n0fMuXOy7LZoxpJB2Db3GEwHwYDVR0jBBgwFoAUiuTPeLSd8LLB0p0y
5IqUOuT0GswwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTY2
My9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2l1VFBlTFNkOExMQjBwMHk1SXFVT3VUMEdzdy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2NjMvalRGUTFuMGZNdVhP
eTdMWm94cEpCMkRiM0dFLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEACvjRDANBgkqhkiG9w0BAQsFAAOCAQEADMC7mqFbEeyFhyiS5nhk+di9USpH
GgPgrv+MRe+5UPjzY5pltMTQkVqMqXBx2/nSwv916awGS+xE0eUmAFKVRcNYkSq1
kQNTh6/1DXfsioF0jmfVAugFrF2LdPy6b3jw1B84a8jGu3HGXBk4fjDh/IEu5/iG
dIiVXkcBSlZ1OhThGdAKKOnbbIGyk0S5DGufxW0WN8nzcJR2uXyhf/uFqaT9C9OM
yuqhHvc9UO02OQORTofDf2WVc+eQbvzrpNbcSF/Do8Re1qaW873d+4rdItxgOzkx
a4GUL86imYJyMuQMViH5hHTWzpahA6HgWGNX770rmkYgOBhsrE+CBt1Qjg==
-----END CERTIFICATE-----
Generated at Sun Aug 24 09:39:37 2025 by rpki-client