Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/53NOHaDqiLVQPwemAA9Am8vl_Kg.roa
File: 53NOHaDqiLVQPwemAA9Am8vl_Kg.roa (raw, json)
Hash identifier: O20FDHmD7LzI5lW0NxOzxqyAzXstCglRjK22XQKQ9Es=
Subject key identifier: E7:73:4E:1D:A0:EA:88:B5:50:3F:07:A6:00:0F:40:9B:CB:E5:FC:A8
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 5767
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/53NOHaDqiLVQPwemAA9Am8vl_Kg.roa
Signing time: Mon 08 Sep 2025 04:33:24 +0000
ROA not before: Mon 08 Sep 2025 04:33:24 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 134762
IP address blocks: 43.226.72.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22375 (0x5767)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Sep 8 04:33:24 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=E7734E1DA0EA88B5503F07A6000F409BCBE5FCA8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:e6:21:48:14:e3:b4:98:aa:99:0f:35:b9:a2:
98:25:1c:25:d4:ce:f1:37:c0:c1:2b:a0:48:21:4f:
6b:63:ef:09:25:10:d0:79:76:37:fe:5e:8a:40:f9:
21:77:6e:b2:14:47:fe:d0:c8:d5:f4:de:ab:fc:9c:
90:58:53:29:db:31:e4:22:65:9c:b2:49:ff:40:25:
b1:71:13:ad:ea:e1:de:d7:21:fa:49:02:7e:89:03:
dc:6b:21:09:7b:35:6b:83:b0:06:4c:00:1b:28:54:
29:7e:d5:f4:a7:d3:10:64:cb:0e:36:2f:83:22:26:
a1:56:dd:a6:30:a2:4c:2b:7c:38:bf:30:92:6a:d9:
f6:90:2b:1b:11:17:e1:ab:87:03:e6:72:b6:29:37:
b2:0f:cd:5d:8f:68:2b:26:70:da:ad:02:14:0d:0f:
99:7e:48:68:c4:77:b6:9c:71:a3:7b:7a:f7:ce:e6:
76:b8:1d:f9:43:92:f8:21:cb:7e:0d:9a:8f:b7:a1:
78:6b:37:2c:2c:60:4c:d4:73:29:4e:0d:1f:69:30:
c0:35:20:38:36:a6:93:ae:94:1e:45:e2:77:4a:55:
a3:e2:23:97:75:80:35:50:cb:43:85:22:3a:7c:c4:
df:11:d9:4f:70:c3:5e:e5:9a:ac:db:c1:52:8c:63:
1b:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:73:4E:1D:A0:EA:88:B5:50:3F:07:A6:00:0F:40:9B:CB:E5:FC:A8
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/53NOHaDqiLVQPwemAA9Am8vl_Kg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.226.72.0/22
Signature Algorithm: sha256WithRSAEncryption
41:ba:e3:2a:db:77:b4:c9:60:ff:5a:e4:82:e8:be:69:72:65:
53:65:48:d8:89:46:69:b1:51:90:72:0f:15:e5:26:02:ab:6a:
f0:c0:95:b4:fe:3c:41:25:82:ca:22:87:51:5b:ea:ca:30:4b:
a9:25:0e:0f:9e:3d:72:01:17:44:d9:d1:fe:6e:dc:05:62:e4:
55:e6:c7:f4:13:23:49:f3:a4:b5:e9:f1:15:08:16:ca:d1:77:
e5:87:b7:c4:62:9c:52:b8:ed:4b:76:b4:b5:1c:e3:60:cf:80:
5d:8c:67:ab:7d:33:44:6c:eb:68:0b:25:e0:93:3d:44:3a:c7:
14:83:eb:a5:b4:20:69:31:6f:d8:fc:69:39:ea:df:58:07:2a:
e9:54:58:1e:b4:02:48:f3:36:62:ff:90:a7:08:fa:86:4c:d0:
ff:ca:81:53:44:48:ee:c1:ab:1e:68:06:49:fc:97:f8:47:30:
67:6c:26:1f:9e:2d:c0:dc:de:e7:5f:62:80:cf:a0:b5:fb:b8:
fa:47:52:48:41:89:3e:c6:bd:53:f6:57:db:80:a2:99:e0:21:
17:93:82:c0:fc:4c:24:c6:f4:a3:8b:59:47:ed:60:84:c5:b1:
b8:be:24:da:ce:6b:97:d4:84:10:83:00:a1:79:96:7e:b3:32:
8e:95:fd:33
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICV2cwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOEFF
NENGNzhCNDlERjBCMkMxRDI5RDMyRTQ4QTk0M0FFNEY0MUFDQzAeFw0yNTA5MDgw
NDMzMjRaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEU3NzM0RTFEQTBFQTg4
QjU1MDNGMDdBNjAwMEY0MDlCQ0JFNUZDQTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCx5iFIFOO0mKqZDzW5opglHCXUzvE3wMEroEghT2tj7wklENB5
djf+XopA+SF3brIUR/7QyNX03qv8nJBYUynbMeQiZZyySf9AJbFxE63q4d7XIfpJ
An6JA9xrIQl7NWuDsAZMABsoVCl+1fSn0xBkyw42L4MiJqFW3aYwokwrfDi/MJJq
2faQKxsRF+GrhwPmcrYpN7IPzV2PaCsmcNqtAhQND5l+SGjEd7accaN7evfO5na4
HflDkvghy34Nmo+3oXhrNywsYEzUcylODR9pMMA1IDg2ppOulB5F4ndKVaPiI5d1
gDVQy0OFIjp8xN8R2U9ww17lmqzbwVKMYxsNAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQU53NOHaDqiLVQPwemAA9Am8vl/KgwHwYDVR0jBBgwFoAUiuTPeLSd8LLB0p0y
5IqUOuT0GswwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTY2
My9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2l1VFBlTFNkOExMQjBwMHk1SXFVT3VUMEdzdy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2NjMvNTNOT0hhRHFpTFZR
UHdlbUFBOUFtOHZsX0tnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAiviSDANBgkqhkiG9w0BAQsFAAOCAQEAQbrjKtt3tMlg/1rkgui+aXJlU2VI
2IlGabFRkHIPFeUmAqtq8MCVtP48QSWCyiKHUVvqyjBLqSUOD549cgEXRNnR/m7c
BWLkVebH9BMjSfOktenxFQgWytF35Ye3xGKcUrjtS3a0tRzjYM+AXYxnq30zRGzr
aAsl4JM9RDrHFIPrpbQgaTFv2PxpOerfWAcq6VRYHrQCSPM2Yv+Qpwj6hkzQ/8qB
U0RI7sGrHmgGSfyX+EcwZ2wmH54twNze519igM+gtfu4+kdSSEGJPsa9U/ZX24Ci
meAhF5OCwPxMJMb0o4tZR+1ghMWxuL4k2s5rl9SEEIMAoXmWfrMyjpX9Mw==
-----END CERTIFICATE-----
Generated at Mon Sep 8 22:17:12 2025 by rpki-client