Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/ajvU5S4T0qZxIeqQZMZh-9dQI5g.roa
File: ajvU5S4T0qZxIeqQZMZh-9dQI5g.roa (raw, json)
Hash identifier: ZvSvVR336t9Yrnzs6AeW4OSdc+pxliwdiqaIoFrErmc=
Subject key identifier: 6A:3B:D4:E5:2E:13:D2:A6:71:21:EA:90:64:C6:61:FB:D7:50:23:98
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 997A
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/ajvU5S4T0qZxIeqQZMZh-9dQI5g.roa
Signing time: Wed 05 Nov 2025 20:12:15 +0000
ROA not before: Wed 05 Nov 2025 20:12:15 +0000
ROA not after: Fri 23 Oct 2026 03:01:03 +0000
asID: 63612
IP address blocks: 43.227.80.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 39290 (0x997a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Nov 5 20:12:15 2025 GMT
Not After : Oct 23 03:01:03 2026 GMT
Subject: CN=6A3BD4E52E13D2A67121EA9064C661FBD7502398
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:e3:b7:ba:e5:b3:70:c4:01:a0:7a:17:ac:c5:
98:57:bb:cc:74:f3:72:4f:95:a9:5a:a8:7d:c6:13:
7f:f0:0e:e6:db:39:ba:ae:9f:01:63:08:44:ed:8e:
9a:46:1a:aa:cb:b8:ff:6a:d7:1a:4a:b5:6e:da:d9:
8e:b6:92:b4:76:3f:d1:b4:10:6e:b1:ca:e9:92:0f:
67:84:3f:cf:59:b6:5b:ed:3e:3e:5d:25:fa:aa:ca:
75:d1:dd:8e:1a:4d:af:e2:13:3e:45:ef:66:ef:8d:
72:09:a6:f3:fb:b1:8e:86:c5:c8:c1:ee:57:db:15:
b6:71:43:20:d0:52:c4:ad:d6:13:73:95:7e:c9:f0:
b1:6f:71:78:b8:7e:61:cc:17:ac:e3:91:10:82:96:
e1:f0:9e:8f:bb:15:67:3e:ee:ce:3c:c7:ff:49:94:
07:35:d7:38:8e:a6:32:09:f9:6b:4e:b4:33:f0:8a:
78:4b:81:a5:6b:92:7d:47:8f:25:a6:82:9e:26:75:
40:19:f8:77:6e:93:34:0f:75:ec:0b:19:41:a8:56:
59:a6:d8:53:fa:02:24:eb:88:10:c8:59:ea:82:97:
c9:99:d9:42:fe:91:39:ec:de:e0:90:65:27:7f:fa:
6a:89:fe:fc:d3:75:d8:1c:1b:b6:4f:62:ce:8d:1e:
c1:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:3B:D4:E5:2E:13:D2:A6:71:21:EA:90:64:C6:61:FB:D7:50:23:98
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/ajvU5S4T0qZxIeqQZMZh-9dQI5g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.227.80.0/20
Signature Algorithm: sha256WithRSAEncryption
a8:34:e9:6e:70:5a:15:18:e9:6d:e7:7a:86:03:f1:ad:bb:e4:
d1:7b:12:40:ce:51:f6:1d:f7:1c:83:86:06:42:43:f2:0b:c2:
d6:1d:a7:07:5e:e6:bc:2d:10:23:ae:06:7b:5b:25:ba:6b:89:
f0:8d:77:b0:f6:bc:ff:be:a0:10:74:36:47:60:53:5e:3b:b4:
95:1d:ba:c7:23:16:d4:52:73:51:dd:21:5e:8e:5b:11:e3:0e:
c1:c5:12:d1:bc:62:14:ef:3b:58:02:db:85:49:13:93:f7:48:
95:59:5b:62:63:ad:3f:a8:91:10:ad:73:d4:05:39:db:5c:eb:
e2:b6:aa:48:40:9c:c0:f2:2f:d1:ba:09:fb:af:22:f5:1a:78:
54:18:5e:00:5d:58:b5:6f:79:12:7e:99:a9:ff:60:3b:bb:2b:
15:0e:eb:e1:17:68:07:a5:5b:d0:c2:5e:2b:9b:7b:bf:a4:c2:
66:97:df:65:ef:01:1e:9e:46:26:df:76:d1:13:be:a6:df:ec:
41:62:8c:8b:01:10:e7:e2:c3:05:95:58:8d:dc:c3:28:63:de:
6e:6a:62:85:41:63:b2:90:01:4a:14:11:e0:18:df:4f:f4:3e:
23:b6:e5:21:3d:1b:df:37:58:63:07:31:08:9d:4e:8e:7c:f1:
5c:8f:f4:8c
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIDAJl6MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDhB
RTRDRjc4QjQ5REYwQjJDMUQyOUQzMkU0OEE5NDNBRTRGNDFBQ0MwHhcNMjUxMTA1
MjAxMjE1WhcNMjYxMDIzMDMwMTAzWjAzMTEwLwYDVQQDEyg2QTNCRDRFNTJFMTNE
MkE2NzEyMUVBOTA2NEM2NjFGQkQ3NTAyMzk4MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA0eO3uuWzcMQBoHoXrMWYV7vMdPNyT5WpWqh9xhN/8A7m2zm6
rp8BYwhE7Y6aRhqqy7j/atcaSrVu2tmOtpK0dj/RtBBuscrpkg9nhD/PWbZb7T4+
XSX6qsp10d2OGk2v4hM+Re9m741yCabz+7GOhsXIwe5X2xW2cUMg0FLErdYTc5V+
yfCxb3F4uH5hzBes45EQgpbh8J6PuxVnPu7OPMf/SZQHNdc4jqYyCflrTrQz8Ip4
S4Gla5J9R48lpoKeJnVAGfh3bpM0D3XsCxlBqFZZpthT+gIk64gQyFnqgpfJmdlC
/pE57N7gkGUnf/pqif7803XYHBu2T2LOjR7BaQIDAQABo4IB8zCCAe8wHQYDVR0O
BBYEFGo71OUuE9KmcSHqkGTGYfvXUCOYMB8GA1UdIwQYMBaAFIrkz3i0nfCywdKd
MuSKlDrk9BrMMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwXQYDVR0fBFYwVDBS
oFCgToZMcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2
NjMvaXVUUGVMU2Q4TExCMHAweTVJcVVPdVQwR3N3LmNybDBjBggrBgEFBQcBAQRX
MFUwUwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYy
RTNEMDAwMC9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY2VyMA4GA1UdDwEB
/wQEAwIHgDCBnQYIKwYBBQUHAQsEgZAwgY0wWAYIKwYBBQUHMAuGTHJzeW5jOi8v
cnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xNjYzL2FqdlU1UzRUMHFa
eEllcVFaTVpoLTlkUUk1Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5j
bm5pYy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQr41AwDQYJKoZIhvcNAQELBQADggEBAKg06W5wWhUY6W3neoYD8a275NF7
EkDOUfYd9xyDhgZCQ/ILwtYdpwde5rwtECOuBntbJbprifCNd7D2vP++oBB0Nkdg
U147tJUduscjFtRSc1HdIV6OWxHjDsHFEtG8YhTvO1gC24VJE5P3SJVZW2JjrT+o
kRCtc9QFOdtc6+K2qkhAnMDyL9G6CfuvIvUaeFQYXgBdWLVveRJ+man/YDu7KxUO
6+EXaAelW9DCXiube7+kwmaX32XvAR6eRibfdtETvqbf7EFijIsBEOfiwwWVWI3c
wyhj3m5qYoVBY7KQAUoUEeAY30/0PiO25SE9G983WGMHMQidTo588VyP9Iw=
-----END CERTIFICATE-----
Generated at Thu Nov 6 01:30:19 2025 by rpki-client