Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/mPQx4GROueG1Oxu1Zc0z872YBaE.roa
File: mPQx4GROueG1Oxu1Zc0z872YBaE.roa (raw, json)
Hash identifier: DJ3xUn6Mg9y///lzSieRGu3NREyOgdYYccjEMCxKiu0=
Subject key identifier: 98:F4:31:E0:64:4E:B9:E1:B5:3B:1B:B5:65:CD:33:F3:BD:98:05:A1
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 460F
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/mPQx4GROueG1Oxu1Zc0z872YBaE.roa
Signing time: Sat 23 Aug 2025 18:32:37 +0000
ROA not before: Sat 23 Aug 2025 18:32:37 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 134762
IP address blocks: 43.226.72.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17935 (0x460f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Aug 23 18:32:37 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=98F431E0644EB9E1B53B1BB565CD33F3BD9805A1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:fb:7b:1b:65:f9:d2:a9:93:e9:44:24:4c:1f:
84:19:69:3f:6e:b7:c0:7b:b8:12:92:bd:5d:27:6c:
2e:ac:8e:4d:0c:3c:98:08:3e:ad:12:c7:b4:ef:48:
f6:92:1e:67:44:7d:f2:74:87:66:69:4b:6c:7e:92:
6c:e5:c3:9a:32:d2:c4:63:83:08:a4:0f:43:3d:e8:
bf:79:19:10:eb:73:a8:e2:fc:c6:99:4f:a9:b3:be:
d5:34:d6:1c:22:0d:e7:03:e3:a0:a5:20:18:65:2f:
5e:c4:c0:f0:ba:cb:8b:9e:89:62:bb:9a:a1:25:8b:
2d:0c:42:6f:ec:81:f0:4a:58:ec:c8:3f:97:a6:aa:
18:be:69:1b:fe:c1:bc:89:8f:51:1c:1a:ad:11:d1:
5a:6d:6f:90:42:16:6e:c7:5c:56:ac:9d:4a:fa:7d:
e0:90:f8:f4:5a:c4:42:42:44:9d:46:c7:9e:f9:01:
8d:67:32:02:e2:30:eb:61:2c:24:f8:d7:cd:af:01:
55:26:2e:a8:d5:23:a4:cd:9e:b9:8e:69:fc:89:e4:
f9:f4:e4:c1:44:75:af:db:0e:2a:dc:a8:5d:38:c8:
aa:4c:e6:5b:f9:8c:9c:a1:21:d4:2e:6d:1f:8e:af:
51:fc:5c:35:9a:c1:55:da:e0:17:b1:04:db:d5:6e:
60:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:F4:31:E0:64:4E:B9:E1:B5:3B:1B:B5:65:CD:33:F3:BD:98:05:A1
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/mPQx4GROueG1Oxu1Zc0z872YBaE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.226.72.0/22
Signature Algorithm: sha256WithRSAEncryption
ab:47:4f:19:0b:9b:fb:3b:6d:d0:75:67:c1:5e:45:4f:98:c4:
d4:45:2b:55:e4:db:73:1a:8e:46:3f:8d:cf:cc:d5:f4:21:6b:
a2:a8:f9:8f:8e:c2:2b:0e:e4:16:b1:65:d7:30:97:6b:09:1b:
a6:55:ee:e7:a0:75:c3:37:70:c5:eb:e6:db:75:b7:be:ea:6e:
6c:a7:bf:f6:e6:0b:22:a8:05:56:f9:aa:c2:c8:f2:fc:7c:a4:
57:16:74:b8:84:95:ca:a5:9f:0d:7c:58:d2:63:57:b6:45:89:
66:66:3a:48:d5:76:1d:ef:d1:d0:22:93:e0:fa:32:58:f9:01:
a0:69:98:a5:8f:b4:ce:1f:ee:f9:f4:64:6f:4e:11:90:1e:7e:
43:55:11:60:ae:a5:fb:60:88:f7:4f:9b:57:bc:aa:91:50:ed:
c8:54:31:4e:6f:bd:a4:06:f1:32:b9:27:0d:4a:9f:cf:fc:f6:
bc:87:c2:31:ba:10:bf:c8:b5:10:84:32:f8:52:1a:58:75:3a:
2f:f7:af:c0:74:14:e5:0e:8e:11:68:c5:5a:36:69:a5:07:fd:
f9:b1:2d:07:2e:bb:d0:8a:c7:d8:0c:27:b3:5f:c4:c9:bb:92:
b9:e8:3f:1e:97:d1:e4:11:55:42:6f:7b:8a:13:7d:7b:cc:8e:
cb:ed:46:f5
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICRg8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOEFF
NENGNzhCNDlERjBCMkMxRDI5RDMyRTQ4QTk0M0FFNEY0MUFDQzAeFw0yNTA4MjMx
ODMyMzdaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDk4RjQzMUUwNjQ0RUI5
RTFCNTNCMUJCNTY1Q0QzM0YzQkQ5ODA1QTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCw+3sbZfnSqZPpRCRMH4QZaT9ut8B7uBKSvV0nbC6sjk0MPJgI
Pq0Sx7TvSPaSHmdEffJ0h2ZpS2x+kmzlw5oy0sRjgwikD0M96L95GRDrc6ji/MaZ
T6mzvtU01hwiDecD46ClIBhlL17EwPC6y4ueiWK7mqEliy0MQm/sgfBKWOzIP5em
qhi+aRv+wbyJj1EcGq0R0Vptb5BCFm7HXFasnUr6feCQ+PRaxEJCRJ1Gx575AY1n
MgLiMOthLCT4182vAVUmLqjVI6TNnrmOafyJ5Pn05MFEda/bDircqF04yKpM5lv5
jJyhIdQubR+Or1H8XDWawVXa4BexBNvVbmAlAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUmPQx4GROueG1Oxu1Zc0z872YBaEwHwYDVR0jBBgwFoAUiuTPeLSd8LLB0p0y
5IqUOuT0GswwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTY2
My9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2l1VFBlTFNkOExMQjBwMHk1SXFVT3VUMEdzdy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2NjMvbVBReDRHUk91ZUcx
T3h1MVpjMHo4NzJZQmFFLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAiviSDANBgkqhkiG9w0BAQsFAAOCAQEAq0dPGQub+ztt0HVnwV5FT5jE1EUr
VeTbcxqORj+Nz8zV9CFroqj5j47CKw7kFrFl1zCXawkbplXu56B1wzdwxevm23W3
vupubKe/9uYLIqgFVvmqwsjy/HykVxZ0uISVyqWfDXxY0mNXtkWJZmY6SNV2He/R
0CKT4PoyWPkBoGmYpY+0zh/u+fRkb04RkB5+Q1URYK6l+2CI90+bV7yqkVDtyFQx
Tm+9pAbxMrknDUqfz/z2vIfCMboQv8i1EIQy+FIaWHU6L/evwHQU5Q6OEWjFWjZp
pQf9+bEtBy670IrH2Awns1/EybuSueg/HpfR5BFVQm97ihN9e8yOy+1G9Q==
-----END CERTIFICATE-----
Generated at Sun Aug 24 02:41:29 2025 by rpki-client