Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/aTw_gKrd3Ibpg49TK1M8PqD_Adc.roa
File: aTw_gKrd3Ibpg49TK1M8PqD_Adc.roa (raw, json)
Hash identifier: BPo7l/pnBFecXTQ04O4Ada81VU4ErGwbv8mKwrRweNA=
Subject key identifier: 69:3C:3F:80:AA:DD:DC:86:E9:83:8F:53:2B:53:3C:3E:A0:FF:01:D7
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 99BE
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/aTw_gKrd3Ibpg49TK1M8PqD_Adc.roa
Signing time: Thu 06 Nov 2025 01:42:15 +0000
ROA not before: Thu 06 Nov 2025 01:42:15 +0000
ROA not after: Fri 23 Oct 2026 03:01:03 +0000
asID: 134762
IP address blocks: 43.227.68.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 39358 (0x99be)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Nov 6 01:42:15 2025 GMT
Not After : Oct 23 03:01:03 2026 GMT
Subject: CN=693C3F80AADDDC86E9838F532B533C3EA0FF01D7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:e4:1c:b2:76:ea:5e:57:f5:2c:b9:4a:91:ad:
92:03:0d:53:b6:63:68:ef:d2:74:f7:01:74:ad:99:
18:b4:51:f2:1b:9b:3b:d0:a0:bc:9b:b5:aa:0d:e9:
f4:72:4a:4b:4b:c0:0a:37:e2:82:9b:b6:3a:9b:0a:
c6:f4:e2:05:0d:c6:a9:c4:f0:42:70:16:4d:85:30:
db:e2:01:93:e4:04:fb:27:66:e9:66:51:25:1e:27:
ac:2f:7c:cf:58:33:b1:b4:4e:50:7d:d2:7c:45:d7:
a9:e9:f0:54:3e:91:8e:a4:38:f2:71:99:3b:48:d3:
8c:ad:08:23:b6:1c:05:3c:bf:b7:b0:df:3c:f3:36:
61:41:dc:68:e1:03:13:19:32:3c:4b:40:64:11:97:
7d:38:67:33:6a:41:89:6d:15:fe:6b:dc:70:9d:d6:
ab:93:39:7e:57:a4:3e:b0:4d:ad:e3:ec:de:7a:0e:
e7:e7:c8:9c:2b:66:0a:3a:23:ff:4b:11:25:2f:d3:
3e:30:b9:98:7b:48:6e:51:cd:74:ac:a4:64:7b:03:
9b:1a:12:dd:90:e0:f6:51:64:36:57:7a:a8:e8:9a:
d0:cd:06:53:ef:9b:f0:ad:84:40:02:a0:5a:54:74:
85:b6:bc:83:52:51:50:14:bf:82:01:44:57:f5:97:
0a:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:3C:3F:80:AA:DD:DC:86:E9:83:8F:53:2B:53:3C:3E:A0:FF:01:D7
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/aTw_gKrd3Ibpg49TK1M8PqD_Adc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.227.68.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:8c:3d:99:6d:ed:18:30:a6:59:ce:01:5d:b4:cf:f3:cc:fb:
be:2d:43:2d:93:cf:c2:78:6b:fb:b7:f4:78:d8:b7:ee:28:45:
c1:59:a2:13:ab:b0:23:9f:04:55:12:83:b2:f0:8a:e9:56:3f:
89:cc:62:ea:5b:02:67:20:a0:62:91:77:a9:57:c8:e5:36:3d:
4c:10:6b:9c:6f:c9:cb:42:9a:8f:d2:bd:94:72:ce:7a:23:7a:
76:48:f6:d6:3f:22:82:1f:5b:46:88:29:71:35:b0:12:c5:d9:
9c:cf:ae:be:1d:3f:76:2a:da:81:81:f1:20:80:e1:cd:d3:24:
64:2c:a9:e8:e0:33:70:5b:97:bf:0f:f0:9f:f5:f4:ae:bf:17:
b3:85:b2:2c:9f:cc:3b:6c:f9:df:16:27:c3:33:62:78:fc:a0:
86:b8:b5:fc:6b:63:f2:b0:02:6b:5d:13:26:f0:c1:bd:18:8e:
b2:1a:57:87:30:3b:02:fa:80:95:88:d1:5b:8c:a7:3e:b0:f0:
11:80:8e:ae:8d:e2:27:6b:ce:ba:c9:3a:59:b7:72:29:78:6d:
42:a9:42:ed:42:ac:1e:cf:bd:35:f1:e8:05:bc:85:07:de:69:
01:25:b7:85:cf:f6:d8:9f:15:99:d5:68:08:bf:9b:b4:bb:14:
42:54:c2:46
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIDAJm+MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDhB
RTRDRjc4QjQ5REYwQjJDMUQyOUQzMkU0OEE5NDNBRTRGNDFBQ0MwHhcNMjUxMTA2
MDE0MjE1WhcNMjYxMDIzMDMwMTAzWjAzMTEwLwYDVQQDEyg2OTNDM0Y4MEFBRERE
Qzg2RTk4MzhGNTMyQjUzM0MzRUEwRkYwMUQ3MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAw+QcsnbqXlf1LLlKka2SAw1TtmNo79J09wF0rZkYtFHyG5s7
0KC8m7WqDen0ckpLS8AKN+KCm7Y6mwrG9OIFDcapxPBCcBZNhTDb4gGT5AT7J2bp
ZlElHiesL3zPWDOxtE5QfdJ8Rdep6fBUPpGOpDjycZk7SNOMrQgjthwFPL+3sN88
8zZhQdxo4QMTGTI8S0BkEZd9OGczakGJbRX+a9xwndarkzl+V6Q+sE2t4+zeeg7n
58icK2YKOiP/SxElL9M+MLmYe0huUc10rKRkewObGhLdkOD2UWQ2V3qo6JrQzQZT
75vwrYRAAqBaVHSFtryDUlFQFL+CAURX9ZcKIwIDAQABo4IB8zCCAe8wHQYDVR0O
BBYEFGk8P4Cq3dyG6YOPUytTPD6g/wHXMB8GA1UdIwQYMBaAFIrkz3i0nfCywdKd
MuSKlDrk9BrMMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwXQYDVR0fBFYwVDBS
oFCgToZMcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2
NjMvaXVUUGVMU2Q4TExCMHAweTVJcVVPdVQwR3N3LmNybDBjBggrBgEFBQcBAQRX
MFUwUwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYy
RTNEMDAwMC9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY2VyMA4GA1UdDwEB
/wQEAwIHgDCBnQYIKwYBBQUHAQsEgZAwgY0wWAYIKwYBBQUHMAuGTHJzeW5jOi8v
cnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xNjYzL2FUd19nS3JkM0li
cGc0OVRLMU04UHFEX0FkYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5j
bm5pYy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAr40QwDQYJKoZIhvcNAQELBQADggEBAGuMPZlt7RgwplnOAV20z/PM+74t
Qy2Tz8J4a/u39HjYt+4oRcFZohOrsCOfBFUSg7LwiulWP4nMYupbAmcgoGKRd6lX
yOU2PUwQa5xvyctCmo/SvZRyznojenZI9tY/IoIfW0aIKXE1sBLF2ZzPrr4dP3Yq
2oGB8SCA4c3TJGQsqejgM3Bbl78P8J/19K6/F7OFsiyfzDts+d8WJ8MzYnj8oIa4
tfxrY/KwAmtdEybwwb0YjrIaV4cwOwL6gJWI0VuMpz6w8BGAjq6N4idrzrrJOlm3
cil4bUKpQu1CrB7PvTXx6AW8hQfeaQElt4XP9tifFZnVaAi/m7S7FEJUwkY=
-----END CERTIFICATE-----
Generated at Thu Nov 6 04:40:59 2025 by rpki-client