Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/rWfnXmyujqGe62XIXvCbTLmHPRg.roa
File: rWfnXmyujqGe62XIXvCbTLmHPRg.roa (raw, json)
Hash identifier: Lzip61PewdfC7X/Cyre3K+GrZ9dRiChkpVQtbYeSjTE=
Subject key identifier: AD:67:E7:5E:6C:AE:8E:A1:9E:EB:65:C8:5E:F0:9B:4C:B9:87:3D:18
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 586C
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/rWfnXmyujqGe62XIXvCbTLmHPRg.roa
Signing time: Tue 09 Sep 2025 02:33:21 +0000
ROA not before: Tue 09 Sep 2025 02:33:21 +0000
ROA not after: Mon 03 Aug 2026 08:44:40 +0000
asID: 134762
IP address blocks: 43.226.49.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 22636 (0x586c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Sep 9 02:33:21 2025 GMT
Not After : Aug 3 08:44:40 2026 GMT
Subject: CN=AD67E75E6CAE8EA19EEB65C85EF09B4CB9873D18
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:f1:95:a2:4e:37:3b:5c:04:b6:d3:9a:d5:f9:
30:97:32:3d:7e:47:d6:8b:32:81:ab:8b:8c:ba:99:
16:45:9b:d5:89:05:1c:7f:21:9e:fb:b1:21:c6:14:
8a:d5:c5:b5:71:70:69:60:c7:29:b2:aa:71:09:a9:
7a:a2:ee:98:c0:51:73:ab:2e:c1:9d:87:c7:fe:cc:
bc:2d:79:5f:8c:b4:d6:d9:1e:fc:bb:09:ce:89:04:
01:e0:7d:85:2a:39:df:7b:51:72:44:57:8e:8d:94:
35:a4:6b:49:52:53:75:87:9e:de:a2:d7:0d:64:02:
ac:2b:a7:28:8e:7a:97:78:20:fd:1c:ba:c3:b9:5b:
1f:da:bf:8c:50:02:6d:39:4a:17:bc:bb:ab:f3:09:
0c:40:b8:be:4f:23:28:7b:ec:93:a7:ae:51:09:96:
c6:ef:10:9b:08:5c:8a:be:e6:5a:6b:bc:ca:0d:83:
bc:de:7e:51:d4:9e:2c:69:02:2e:85:c3:1f:0d:d1:
cd:ee:4b:9a:1c:fd:41:7b:ad:32:d2:72:67:a7:49:
91:cc:a1:9f:d9:96:fe:a8:08:ef:1c:47:74:12:fa:
e2:b8:8b:83:23:7f:55:36:84:e6:26:7f:75:cd:1c:
18:88:3b:c0:e6:f3:8b:71:6f:6b:9a:d3:a9:b7:98:
36:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:67:E7:5E:6C:AE:8E:A1:9E:EB:65:C8:5E:F0:9B:4C:B9:87:3D:18
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/rWfnXmyujqGe62XIXvCbTLmHPRg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.226.49.0/24
Signature Algorithm: sha256WithRSAEncryption
5d:e9:5e:99:12:13:76:87:b4:43:06:4b:f3:c2:c9:f3:55:97:
2a:18:73:48:08:df:21:47:09:e6:5a:8b:66:85:f3:45:6f:07:
a2:92:37:dc:7d:e1:73:d5:72:6b:64:87:2f:2b:bd:cd:97:5f:
8f:8f:a2:a2:15:97:97:ad:c5:f2:50:fa:79:35:ed:1e:b5:6d:
b4:f2:62:a1:6d:2d:61:85:15:6b:b8:02:61:d4:07:3f:f4:be:
29:8c:64:1d:a7:75:26:6f:81:14:4e:47:0d:48:49:b3:61:4b:
c4:91:08:f9:a1:1d:01:a6:4b:a9:d9:c0:5a:65:ef:83:c7:f8:
2d:40:e0:24:4a:cf:86:79:80:b2:26:5b:6f:bb:38:eb:6b:3f:
fe:69:9a:67:f4:67:8e:62:dd:a6:5f:0d:35:41:fe:b9:99:1b:
75:bf:05:35:68:ae:f0:72:14:e2:97:ba:7b:3e:d3:21:15:d5:
33:d7:30:b0:a2:78:ce:d8:5b:92:4e:1a:5c:e7:6d:77:cb:1f:
00:b7:ad:c3:f0:97:2b:ec:9b:20:60:5c:b7:b5:d8:55:84:ea:
04:71:91:16:7b:c6:1a:66:88:0c:df:89:d0:80:87:f4:89:bd:
c0:5d:80:af:5d:c9:0d:3c:de:6c:21:a6:97:4a:fb:cd:56:46:
3e:29:89:70
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICWGwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOEFF
NENGNzhCNDlERjBCMkMxRDI5RDMyRTQ4QTk0M0FFNEY0MUFDQzAeFw0yNTA5MDkw
MjMzMjFaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEFENjdFNzVFNkNBRThF
QTE5RUVCNjVDODVFRjA5QjRDQjk4NzNEMTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDB8ZWiTjc7XAS205rV+TCXMj1+R9aLMoGri4y6mRZFm9WJBRx/
IZ77sSHGFIrVxbVxcGlgxymyqnEJqXqi7pjAUXOrLsGdh8f+zLwteV+MtNbZHvy7
Cc6JBAHgfYUqOd97UXJEV46NlDWka0lSU3WHnt6i1w1kAqwrpyiOepd4IP0cusO5
Wx/av4xQAm05She8u6vzCQxAuL5PIyh77JOnrlEJlsbvEJsIXIq+5lprvMoNg7ze
flHUnixpAi6Fwx8N0c3uS5oc/UF7rTLScmenSZHMoZ/Zlv6oCO8cR3QS+uK4i4Mj
f1U2hOYmf3XNHBiIO8Dm84txb2ua06m3mDY1AgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUrWfnXmyujqGe62XIXvCbTLmHPRgwHwYDVR0jBBgwFoAUiuTPeLSd8LLB0p0y
5IqUOuT0GswwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTY2
My9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL2l1VFBlTFNkOExMQjBwMHk1SXFVT3VUMEdzdy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2NjMvcldmblhteXVqcUdl
NjJYSVh2Q2JUTG1IUFJnLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEACviMTANBgkqhkiG9w0BAQsFAAOCAQEAXelemRITdoe0QwZL88LJ81WXKhhz
SAjfIUcJ5lqLZoXzRW8HopI33H3hc9Vya2SHLyu9zZdfj4+iohWXl63F8lD6eTXt
HrVttPJioW0tYYUVa7gCYdQHP/S+KYxkHad1Jm+BFE5HDUhJs2FLxJEI+aEdAaZL
qdnAWmXvg8f4LUDgJErPhnmAsiZbb7s462s//mmaZ/RnjmLdpl8NNUH+uZkbdb8F
NWiu8HIU4pe6ez7TIRXVM9cwsKJ4zthbkk4aXOdtd8sfALetw/CXK+ybIGBct7XY
VYTqBHGRFnvGGmaIDN+J0ICH9Im9wF2Ar13JDTzebCGml0r7zVZGPimJcA==
-----END CERTIFICATE-----
Generated at Tue Sep 9 10:12:45 2025 by rpki-client