Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/nU7tzOpp5etg0qt33zWMXgM81NI.roa
File: nU7tzOpp5etg0qt33zWMXgM81NI.roa (raw, json)
Hash identifier: WrK3YZjq6iTI2twN1aVCgC578OIqUhG2Yx4qZZAWq/Q=
Subject key identifier: 9D:4E:ED:CC:EA:69:E5:EB:60:D2:AB:77:DF:35:8C:5E:03:3C:D4:D2
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 8712
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/nU7tzOpp5etg0qt33zWMXgM81NI.roa
Signing time: Mon 20 Oct 2025 12:06:31 +0000
ROA not before: Mon 20 Oct 2025 12:06:31 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 134762
IP address blocks: 43.226.72.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 34578 (0x8712)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Oct 20 12:06:31 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=9D4EEDCCEA69E5EB60D2AB77DF358C5E033CD4D2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:e6:91:10:f0:de:b6:e6:b9:ce:da:6b:38:90:
d8:56:ac:e0:6b:a0:d4:b0:ad:31:ad:9b:5d:5e:80:
ad:99:72:f5:24:9e:10:12:99:8a:a7:ff:be:c0:d7:
46:fb:44:67:3c:a8:2e:2a:81:e8:35:1e:46:7a:5f:
9d:be:04:83:c3:c5:1f:05:b8:e4:d3:da:b5:7f:32:
bb:a1:45:5a:ef:89:75:d0:2c:af:3d:c6:c1:41:15:
82:03:d3:62:17:60:ec:41:5d:ce:3c:1f:41:c2:d8:
fd:2a:e6:5d:75:5a:da:a4:77:a2:65:de:11:a4:d7:
c4:6f:23:56:36:f6:ce:be:14:73:bd:17:19:9a:d9:
ad:a1:b1:0d:0a:b4:63:0d:ce:4d:ca:7e:c4:d7:e4:
ee:5a:ce:23:c1:5e:67:bb:60:1a:02:84:c2:8d:42:
62:c9:b5:2e:e1:37:46:b8:e6:80:de:37:c9:12:b0:
57:bb:99:99:a8:a0:17:8b:06:2b:75:4b:1c:a7:c0:
3b:a6:44:05:62:80:bd:1e:c0:09:e9:6c:ce:ec:d5:
91:36:f0:38:69:be:c3:05:18:76:71:5a:2b:0a:40:
cb:82:bf:09:1e:b6:9a:e7:07:73:9b:40:89:02:35:
83:02:9f:36:20:55:52:fb:3c:6d:b0:9a:5e:63:1c:
a6:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:4E:ED:CC:EA:69:E5:EB:60:D2:AB:77:DF:35:8C:5E:03:3C:D4:D2
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/nU7tzOpp5etg0qt33zWMXgM81NI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.226.72.0/22
Signature Algorithm: sha256WithRSAEncryption
0f:f0:48:3a:25:a1:49:b2:30:9d:a3:62:71:4e:da:f8:c9:34:
00:10:3f:5c:78:43:dc:48:49:6e:a3:35:d2:ad:22:b8:fc:91:
f8:8a:c2:86:fc:c8:96:89:b5:f3:f3:59:34:28:44:31:4c:36:
b1:78:59:33:9f:67:d8:f5:e6:13:5b:e7:c8:17:e0:4c:b3:0a:
61:ee:da:75:73:56:4e:76:67:28:ee:33:62:c8:5c:f4:13:67:
87:8b:a4:47:2d:12:10:5b:e7:ec:5a:96:63:b4:a9:2e:9a:ef:
dd:60:da:f5:98:95:d6:d8:67:56:b8:6f:4b:78:04:8a:1a:35:
70:c1:67:f0:6b:a8:8f:ac:7c:a9:5c:fe:f9:cb:d6:5a:14:43:
28:ff:e1:8c:c3:8d:27:f9:e2:2b:d0:f1:4f:79:67:a5:af:b4:
31:78:11:6d:81:3c:eb:7b:e6:cf:fe:67:65:d9:c1:70:bd:bd:
9e:f9:4f:84:6d:b4:4f:1d:eb:1c:a0:d7:2a:e2:d6:e1:b8:a7:
7e:8a:5e:d0:fe:26:77:3e:79:35:ff:06:29:fa:cf:25:c6:6e:
c0:3b:34:5e:ba:23:b4:24:60:ee:88:e6:15:71:1f:82:5b:d2:
12:ba:0e:e6:4f:f7:ef:98:03:24:e5:06:54:31:98:16:db:39:
c9:b0:35:7e
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIDAIcSMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDhB
RTRDRjc4QjQ5REYwQjJDMUQyOUQzMkU0OEE5NDNBRTRGNDFBQ0MwHhcNMjUxMDIw
MTIwNjMxWhcNMjYwODAzMDg0NDQwWjAzMTEwLwYDVQQDEyg5RDRFRURDQ0VBNjlF
NUVCNjBEMkFCNzdERjM1OEM1RTAzM0NENEQyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAvuaREPDetua5ztprOJDYVqzga6DUsK0xrZtdXoCtmXL1JJ4Q
EpmKp/++wNdG+0RnPKguKoHoNR5Gel+dvgSDw8UfBbjk09q1fzK7oUVa74l10Cyv
PcbBQRWCA9NiF2DsQV3OPB9Bwtj9KuZddVrapHeiZd4RpNfEbyNWNvbOvhRzvRcZ
mtmtobENCrRjDc5Nyn7E1+TuWs4jwV5nu2AaAoTCjUJiybUu4TdGuOaA3jfJErBX
u5mZqKAXiwYrdUscp8A7pkQFYoC9HsAJ6WzO7NWRNvA4ab7DBRh2cVorCkDLgr8J
Hraa5wdzm0CJAjWDAp82IFVS+zxtsJpeYxym+wIDAQABo4IB8zCCAe8wHQYDVR0O
BBYEFJ1O7czqaeXrYNKrd981jF4DPNTSMB8GA1UdIwQYMBaAFIrkz3i0nfCywdKd
MuSKlDrk9BrMMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwXQYDVR0fBFYwVDBS
oFCgToZMcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2
NjMvaXVUUGVMU2Q4TExCMHAweTVJcVVPdVQwR3N3LmNybDBjBggrBgEFBQcBAQRX
MFUwUwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYy
RTNEMDAwMC9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY2VyMA4GA1UdDwEB
/wQEAwIHgDCBnQYIKwYBBQUHAQsEgZAwgY0wWAYIKwYBBQUHMAuGTHJzeW5jOi8v
cnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xNjYzL25VN3R6T3BwNWV0
ZzBxdDMzeldNWGdNODFOSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5j
bm5pYy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIr4kgwDQYJKoZIhvcNAQELBQADggEBAA/wSDoloUmyMJ2jYnFO2vjJNAAQ
P1x4Q9xISW6jNdKtIrj8kfiKwob8yJaJtfPzWTQoRDFMNrF4WTOfZ9j15hNb58gX
4EyzCmHu2nVzVk52ZyjuM2LIXPQTZ4eLpEctEhBb5+xalmO0qS6a791g2vWYldbY
Z1a4b0t4BIoaNXDBZ/BrqI+sfKlc/vnL1loUQyj/4YzDjSf54ivQ8U95Z6WvtDF4
EW2BPOt75s/+Z2XZwXC9vZ75T4RttE8d6xyg1yri1uG4p36KXtD+Jnc+eTX/Bin6
zyXGbsA7NF66I7QkYO6I5hVxH4Jb0hK6DuZP9++YAyTlBlQxmBbbOcmwNX4=
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:52:08 2025 by rpki-client