Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/o_LM_mJmFpztAGYqxOd2filWhfo.roa
File: o_LM_mJmFpztAGYqxOd2filWhfo.roa (raw, json)
Hash identifier: LRr57BXiFl8hKP3xghLnpcThwTRCZoq6E9YFv5+nGmE=
Subject key identifier: A3:F2:CC:FE:62:66:16:9C:ED:00:66:2A:C4:E7:76:7E:29:56:85:FA
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 460E
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/o_LM_mJmFpztAGYqxOd2filWhfo.roa
Signing time: Sat 23 Aug 2025 18:32:37 +0000
ROA not before: Sat 23 Aug 2025 18:32:37 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 63612
IP address blocks: 103.45.128.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17934 (0x460e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Aug 23 18:32:37 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=A3F2CCFE6266169CED00662AC4E7767E295685FA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:f3:02:b0:eb:4c:88:c3:84:8f:4e:87:0b:2a:
b2:d0:30:ca:fd:18:5a:01:25:98:d9:f0:ab:70:06:
89:6e:d5:43:3d:5e:b5:dc:4b:1a:32:72:41:73:12:
7d:8f:04:30:c0:da:ea:c1:fb:36:1a:d7:7b:2e:e7:
17:1f:bd:eb:2e:ba:47:a1:79:0e:f0:79:59:bc:73:
20:d8:92:5c:23:8f:2d:37:c5:e8:44:7a:d7:e1:2b:
64:5d:9e:de:1e:fe:76:ba:91:7d:0f:0a:02:f1:05:
fa:97:5e:fc:24:7a:94:5c:6b:a6:e7:f7:57:fa:1f:
68:b4:14:12:66:48:83:6f:41:76:36:c8:b3:d4:6e:
54:ad:96:9e:22:40:20:85:35:24:a8:f0:62:26:45:
c8:1e:f7:8d:73:68:d6:a4:4f:58:68:b0:83:8d:e7:
1e:f4:87:e9:8a:36:ae:11:a9:00:b2:79:92:18:09:
b4:69:b7:12:1f:8b:d4:89:2a:1e:4d:61:1a:38:5d:
35:ff:d4:84:c6:75:e9:46:68:e9:bf:43:97:b3:15:
e1:e5:7b:9f:14:48:9a:a6:9e:16:d5:0a:36:2e:5d:
f7:34:d7:32:50:ae:37:31:81:73:15:ca:e7:7d:6d:
a1:06:dd:e1:92:d9:95:c5:81:f6:b1:dc:ab:b4:85:
30:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:F2:CC:FE:62:66:16:9C:ED:00:66:2A:C4:E7:76:7E:29:56:85:FA
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/o_LM_mJmFpztAGYqxOd2filWhfo.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
103.45.128.0/19
Signature Algorithm: sha256WithRSAEncryption
8c:bb:7f:a1:c7:fb:6c:13:7c:61:f3:10:64:40:7d:66:5b:3f:
95:dd:75:b6:8a:ee:d0:fa:20:21:6a:92:a4:b9:e8:4f:46:d7:
56:53:b5:fe:21:98:ad:f0:16:b5:23:db:38:8a:f3:07:6e:ba:
a4:4c:35:39:12:c4:7b:93:46:0c:17:88:b5:5a:10:7e:a0:7c:
44:8a:cb:55:72:2e:a3:49:9e:6c:dd:9e:58:b5:58:21:35:c5:
86:c6:00:10:17:6c:b7:c1:f3:4a:0a:e1:78:f5:5a:b6:68:0b:
f0:6a:2c:40:ed:9b:9f:9c:48:b2:00:0d:46:9e:91:85:13:65:
08:e2:dd:fa:b5:93:f9:10:c3:c4:77:72:c5:4b:eb:98:b1:1b:
ee:d3:72:8e:b7:83:db:57:21:ca:3d:01:7a:73:59:f5:2e:64:
ce:39:6e:c0:ef:53:90:92:d9:72:b8:48:cc:bf:c5:aa:41:eb:
b5:9a:81:ca:aa:fa:80:d5:17:ff:86:16:d2:ff:51:68:e7:71:
4f:1e:5f:0c:4c:22:8b:43:d4:9f:c9:2e:8e:79:6b:b0:1b:fe:
93:59:f8:a9:df:9c:02:36:e7:a3:8d:64:37:a6:1c:58:ea:07:
95:87:06:88:a1:2f:60:5f:0b:3a:1e:91:27:ee:65:59:38:3d:
0a:21:09:1e
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICRg4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOEFF
NENGNzhCNDlERjBCMkMxRDI5RDMyRTQ4QTk0M0FFNEY0MUFDQzAeFw0yNTA4MjMx
ODMyMzdaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEEzRjJDQ0ZFNjI2NjE2
OUNFRDAwNjYyQUM0RTc3NjdFMjk1Njg1RkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJ8wKw60yIw4SPTocLKrLQMMr9GFoBJZjZ8KtwBolu1UM9XrXc
SxoyckFzEn2PBDDA2urB+zYa13su5xcfvesuukeheQ7weVm8cyDYklwjjy03xehE
etfhK2Rdnt4e/na6kX0PCgLxBfqXXvwkepRca6bn91f6H2i0FBJmSINvQXY2yLPU
blStlp4iQCCFNSSo8GImRcge941zaNakT1hosION5x70h+mKNq4RqQCyeZIYCbRp
txIfi9SJKh5NYRo4XTX/1ITGdelGaOm/Q5ezFeHle58USJqmnhbVCjYuXfc01zJQ
rjcxgXMVyud9baEG3eGS2ZXFgfax3Ku0hTCHAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUo/LM/mJmFpztAGYqxOd2filWhfowHwYDVR0jBBgwFoAUiuTPeLSd8LLB0p0y
5IqUOuT0GswwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTY2
My9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2l1VFBlTFNkOExMQjBwMHk1SXFVT3VUMEdzdy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2NjMvb19MTV9tSm1GcHp0
QUdZcXhPZDJmaWxXaGZvLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEBWctgDANBgkqhkiG9w0BAQsFAAOCAQEAjLt/ocf7bBN8YfMQZEB9Zls/ld11
toru0PogIWqSpLnoT0bXVlO1/iGYrfAWtSPbOIrzB266pEw1ORLEe5NGDBeItVoQ
fqB8RIrLVXIuo0mebN2eWLVYITXFhsYAEBdst8HzSgrhePVatmgL8GosQO2bn5xI
sgANRp6RhRNlCOLd+rWT+RDDxHdyxUvrmLEb7tNyjreD21chyj0BenNZ9S5kzjlu
wO9TkJLZcrhIzL/FqkHrtZqByqr6gNUX/4YW0v9RaOdxTx5fDEwii0PUn8kujnlr
sBv+k1n4qd+cAjbno41kN6YcWOoHlYcGiKEvYF8LOh6RJ+5lWTg9CiEJHg==
-----END CERTIFICATE-----
Generated at Sun Aug 24 01:29:09 2025 by rpki-client