Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/9ahlmW335t14exXX4PK9NGzmCxg.roa
File: 9ahlmW335t14exXX4PK9NGzmCxg.roa (raw, json)
Hash identifier: JYHaFG4oADnuJ3cqNJXkwbD/qk3QpW62210Xw4RMURQ=
Subject key identifier: F5:A8:65:99:6D:F7:E6:DD:78:7B:15:D7:E0:F2:BD:34:6C:E6:0B:18
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 586D
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/9ahlmW335t14exXX4PK9NGzmCxg.roa
Signing time: Tue 09 Sep 2025 02:33:22 +0000
ROA not before: Tue 09 Sep 2025 02:33:22 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 134762
IP address blocks: 43.227.68.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22637 (0x586d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Sep 9 02:33:22 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=F5A865996DF7E6DD787B15D7E0F2BD346CE60B18
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:4d:a8:90:c8:68:a4:ab:35:a3:8a:cf:05:fa:
8c:70:6e:7d:7a:76:ba:ab:d7:9a:41:63:05:96:bc:
0a:31:4f:34:26:18:6f:eb:df:66:6a:ed:8a:b5:99:
15:52:5b:3a:dc:de:27:d7:f2:cf:cd:57:13:a3:74:
37:7a:c1:36:67:f0:13:6f:9c:ab:4e:1e:e4:5a:ed:
f7:7f:e7:8e:74:be:77:0d:ea:92:cb:f3:62:78:fe:
d7:10:28:73:4f:35:d9:12:1c:9d:0b:a2:a0:c0:49:
16:f6:05:e5:4f:0b:ad:ea:38:90:d6:3f:a1:94:3e:
57:88:59:8a:d9:54:bc:a0:4e:7f:98:52:9c:16:0e:
f8:00:45:bb:c3:32:3f:8a:78:ec:43:c5:e4:6f:b1:
0a:17:b6:b3:46:8a:56:50:a6:bc:d2:f2:50:2d:ad:
03:d7:75:93:6e:fd:f8:02:ee:d8:18:4b:62:db:79:
73:68:0b:72:8b:e1:28:eb:62:d5:17:09:82:13:28:
ff:38:ac:4f:d9:c4:83:dc:83:be:cb:0d:a7:32:c4:
89:b2:50:9d:4e:a1:df:d4:3b:6b:a5:22:61:e1:42:
06:74:50:98:93:6b:dd:5b:b9:c0:eb:a1:75:0b:b5:
19:94:cf:6c:dc:ff:8a:64:24:d9:bb:1a:e6:12:6a:
bc:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:A8:65:99:6D:F7:E6:DD:78:7B:15:D7:E0:F2:BD:34:6C:E6:0B:18
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/9ahlmW335t14exXX4PK9NGzmCxg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.227.68.0/24
Signature Algorithm: sha256WithRSAEncryption
2a:88:c0:7e:3b:8f:4a:da:e0:dc:29:14:d4:33:b8:5e:53:20:
1d:51:53:23:5c:36:63:59:7a:0f:82:fe:68:e5:18:ec:89:72:
0c:f0:b6:b4:8f:09:1f:e1:59:6a:1c:fe:90:7a:c9:ab:ce:a2:
6f:6d:c2:2a:9d:77:d1:e8:ff:2d:30:5e:fe:2b:36:4e:ca:cd:
cf:97:91:a3:49:30:52:74:29:be:4a:36:d4:7b:27:6b:9a:f6:
3a:e6:26:ee:fe:e7:e4:8b:82:c3:c5:17:ba:5d:e4:b8:d7:aa:
5b:c0:66:94:01:d0:ef:62:a7:30:70:71:a8:d9:1d:3b:72:9c:
71:a3:a6:38:10:79:76:3f:11:fc:13:c5:25:03:bf:9d:5d:ee:
be:c8:09:ab:1a:9a:f5:c1:4f:84:5a:e4:43:69:04:75:46:ca:
c1:26:e5:5a:03:7b:ea:aa:97:fa:60:97:4d:55:ed:dc:07:69:
e4:d9:dc:22:1e:ae:2e:fc:a1:9c:8a:54:04:03:19:ea:5a:7e:
d6:39:1f:0d:7d:26:03:8b:a1:50:9b:04:23:07:75:56:37:6f:
89:32:ac:80:84:57:16:24:3c:2a:0d:d1:22:00:72:92:78:ea:
58:f0:31:43:4c:41:c4:07:2e:5b:0d:05:24:18:47:42:1d:04:
f9:a2:18:37
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICWG0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOEFF
NENGNzhCNDlERjBCMkMxRDI5RDMyRTQ4QTk0M0FFNEY0MUFDQzAeFw0yNTA5MDkw
MjMzMjJaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEY1QTg2NTk5NkRGN0U2
REQ3ODdCMTVEN0UwRjJCRDM0NkNFNjBCMTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC6TaiQyGikqzWjis8F+oxwbn16drqr15pBYwWWvAoxTzQmGG/r
32Zq7Yq1mRVSWzrc3ifX8s/NVxOjdDd6wTZn8BNvnKtOHuRa7fd/5450vncN6pLL
82J4/tcQKHNPNdkSHJ0LoqDASRb2BeVPC63qOJDWP6GUPleIWYrZVLygTn+YUpwW
DvgARbvDMj+KeOxDxeRvsQoXtrNGilZQprzS8lAtrQPXdZNu/fgC7tgYS2LbeXNo
C3KL4SjrYtUXCYITKP84rE/ZxIPcg77LDacyxImyUJ1Ood/UO2ulImHhQgZ0UJiT
a91bucDroXULtRmUz2zc/4pkJNm7GuYSarxpAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQU9ahlmW335t14exXX4PK9NGzmCxgwHwYDVR0jBBgwFoAUiuTPeLSd8LLB0p0y
5IqUOuT0GswwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTY2
My9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2l1VFBlTFNkOExMQjBwMHk1SXFVT3VUMEdzdy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2NjMvOWFobG1XMzM1dDE0
ZXhYWDRQSzlOR3ptQ3hnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEACvjRDANBgkqhkiG9w0BAQsFAAOCAQEAKojAfjuPStrg3CkU1DO4XlMgHVFT
I1w2Y1l6D4L+aOUY7IlyDPC2tI8JH+FZahz+kHrJq86ib23CKp130ej/LTBe/is2
TsrNz5eRo0kwUnQpvko21Hsna5r2OuYm7v7n5IuCw8UXul3kuNeqW8BmlAHQ72Kn
MHBxqNkdO3KccaOmOBB5dj8R/BPFJQO/nV3uvsgJqxqa9cFPhFrkQ2kEdUbKwSbl
WgN76qqX+mCXTVXt3Adp5NncIh6uLvyhnIpUBAMZ6lp+1jkfDX0mA4uhUJsEIwd1
VjdviTKsgIRXFiQ8Kg3RIgByknjqWPAxQ0xBxAcuWw0FJBhHQh0E+aIYNw==
-----END CERTIFICATE-----
Generated at Tue Sep 9 10:18:57 2025 by rpki-client