Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/MRoR3lpzT-JUU350HGqz4qa3TXQ.roa
File: MRoR3lpzT-JUU350HGqz4qa3TXQ.roa (raw, json)
Hash identifier: j2fNJnKo1osVE51GY7UEQEQZkXy2/uw7RMC/WV6unRs=
Subject key identifier: 31:1A:11:DE:5A:73:4F:E2:54:53:7E:74:1C:6A:B3:E2:A6:B7:4D:74
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 586F
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/MRoR3lpzT-JUU350HGqz4qa3TXQ.roa
Signing time: Tue 09 Sep 2025 02:33:22 +0000
ROA not before: Tue 09 Sep 2025 02:33:22 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 134762
IP address blocks: 43.226.72.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22639 (0x586f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Sep 9 02:33:22 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=311A11DE5A734FE254537E741C6AB3E2A6B74D74
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:25:7d:1f:33:2c:49:53:e8:12:35:a7:56:89:
c9:d4:f5:cd:f8:2d:94:ff:aa:2a:e0:bf:39:bd:11:
08:c0:3a:10:dc:28:89:2e:17:fc:98:36:b2:ee:a5:
75:4f:d4:cb:c2:f5:fd:2c:5b:85:a2:6e:c0:40:61:
7d:05:57:fa:f6:2e:24:fe:bf:46:24:63:32:1b:65:
b3:b4:36:4d:7d:d6:45:d8:56:c8:36:d5:96:d2:cb:
1a:a0:6c:65:27:36:94:75:35:07:9e:25:aa:b9:8d:
be:49:ee:94:22:55:2c:47:e6:0e:f3:fb:42:23:39:
55:a4:46:83:11:4f:98:62:33:ee:01:0a:56:05:41:
4d:3f:c6:9e:f3:cd:6e:b1:6e:39:80:2e:59:36:89:
11:29:45:23:e6:34:55:24:54:30:4b:14:92:5a:0f:
f9:30:9a:d7:17:0a:0e:90:c7:35:06:4e:7a:20:9f:
8c:70:64:c0:a1:10:45:ad:2f:aa:e9:52:1c:54:f6:
95:49:5d:27:8b:66:a7:ce:95:0e:52:dc:c5:84:21:
27:6e:15:9c:e6:9c:fb:29:b0:9b:fb:e2:7d:64:b6:
bc:89:99:9a:cc:b5:7e:09:52:ad:fd:49:a3:42:bb:
ce:56:b1:66:db:4a:df:d2:3b:f3:b9:e2:98:06:56:
4f:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:1A:11:DE:5A:73:4F:E2:54:53:7E:74:1C:6A:B3:E2:A6:B7:4D:74
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/MRoR3lpzT-JUU350HGqz4qa3TXQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.226.72.0/22
Signature Algorithm: sha256WithRSAEncryption
5a:e8:3f:9b:74:23:db:ff:1e:6f:ff:af:0c:89:8d:30:a1:02:
eb:3d:d2:e7:76:5a:45:a6:98:67:07:83:c6:02:4d:35:be:43:
63:2f:dc:48:26:0f:fe:5a:a6:23:7f:7c:c7:92:2f:c8:c7:a2:
51:ff:4b:b6:c7:c5:3f:3d:03:82:5f:ec:55:41:4d:50:ea:6c:
3a:bd:b1:c9:cc:b8:61:ec:d7:1b:e9:de:d4:4e:1b:2d:44:c2:
ad:20:6d:75:4f:c9:90:54:60:f2:69:8c:f1:f8:4a:3e:8d:b5:
45:35:73:be:95:1a:7d:87:5e:bd:f5:83:7e:40:04:6b:9f:30:
78:45:e5:51:12:3b:99:14:90:f4:b8:ac:cb:8d:8a:36:0c:a5:
7d:ae:a4:19:bf:79:b0:7e:b7:a6:9e:a9:d9:cf:d3:a5:8f:ab:
08:ae:1b:30:d0:02:b8:f7:cb:f7:7b:0b:d1:fd:2e:d2:c9:09:
63:6f:65:3b:d8:60:0c:e6:6b:be:d0:86:ff:d7:77:02:b9:7f:
15:65:3b:1e:dc:da:5c:f8:e7:98:66:aa:80:f1:73:b0:09:44:
e1:76:6c:06:07:52:bd:2b:66:f1:23:3b:13:35:b9:b6:39:d6:
15:24:40:55:05:4c:14:85:3e:a4:3b:10:2e:a8:8c:3d:86:35:
91:da:4b:cb
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICWG8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOEFF
NENGNzhCNDlERjBCMkMxRDI5RDMyRTQ4QTk0M0FFNEY0MUFDQzAeFw0yNTA5MDkw
MjMzMjJaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKDMxMUExMURFNUE3MzRG
RTI1NDUzN0U3NDFDNkFCM0UyQTZCNzRENzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXJX0fMyxJU+gSNadWicnU9c34LZT/qirgvzm9EQjAOhDcKIku
F/yYNrLupXVP1MvC9f0sW4WibsBAYX0FV/r2LiT+v0YkYzIbZbO0Nk191kXYVsg2
1ZbSyxqgbGUnNpR1NQeeJaq5jb5J7pQiVSxH5g7z+0IjOVWkRoMRT5hiM+4BClYF
QU0/xp7zzW6xbjmALlk2iREpRSPmNFUkVDBLFJJaD/kwmtcXCg6QxzUGTnogn4xw
ZMChEEWtL6rpUhxU9pVJXSeLZqfOlQ5S3MWEISduFZzmnPspsJv74n1ktryJmZrM
tX4JUq39SaNCu85WsWbbSt/SO/O54pgGVk99AgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUMRoR3lpzT+JUU350HGqz4qa3TXQwHwYDVR0jBBgwFoAUiuTPeLSd8LLB0p0y
5IqUOuT0GswwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTY2
My9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2l1VFBlTFNkOExMQjBwMHk1SXFVT3VUMEdzdy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2NjMvTVJvUjNscHpULUpV
VTM1MEhHcXo0cWEzVFhRLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAiviSDANBgkqhkiG9w0BAQsFAAOCAQEAWug/m3Qj2/8eb/+vDImNMKEC6z3S
53ZaRaaYZweDxgJNNb5DYy/cSCYP/lqmI398x5IvyMeiUf9LtsfFPz0Dgl/sVUFN
UOpsOr2xycy4YezXG+ne1E4bLUTCrSBtdU/JkFRg8mmM8fhKPo21RTVzvpUafYde
vfWDfkAEa58weEXlURI7mRSQ9Lisy42KNgylfa6kGb95sH63pp6p2c/TpY+rCK4b
MNACuPfL93sL0f0u0skJY29lO9hgDOZrvtCG/9d3Arl/FWU7HtzaXPjnmGaqgPFz
sAlE4XZsBgdSvStm8SM7EzW5tjnWFSRAVQVMFIU+pDsQLqiMPYY1kdpLyw==
-----END CERTIFICATE-----
Generated at Tue Sep 9 10:18:57 2025 by rpki-client