Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1663/qqLpxTXjC1mFNFdNCiO5FP7M7wM.roa
File: qqLpxTXjC1mFNFdNCiO5FP7M7wM.roa (raw, json)
Hash identifier: C35hzLv8qqewrROZ2C8M17tWTqKwFApCVxMgMxM5Q4Y=
Subject key identifier: AA:A2:E9:C5:35:E3:0B:59:85:34:57:4D:0A:23:B9:14:FE:CC:EF:03
Certificate issuer: /CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Certificate serial: 99BF
Authority key identifier: 8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/qqLpxTXjC1mFNFdNCiO5FP7M7wM.roa
Signing time: Thu 06 Nov 2025 01:42:15 +0000
ROA not before: Thu 06 Nov 2025 01:42:15 +0000
ROA not after: Fri 23 Oct 2026 03:01:03 +0000
asID: 63612
IP address blocks: 103.45.128.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 39359 (0x99bf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8AE4CF78B49DF0B2C1D29D32E48A943AE4F41ACC
Validity
Not Before: Nov 6 01:42:15 2025 GMT
Not After : Oct 23 03:01:03 2026 GMT
Subject: CN=AAA2E9C535E30B598534574D0A23B914FECCEF03
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:88:87:b2:52:d2:6d:14:0b:c1:c7:bb:9b:dc:
26:d1:50:53:29:7c:c5:e8:49:3a:2c:07:7d:83:a2:
d1:6f:1e:d8:a4:4c:81:e5:16:ab:65:15:58:98:7d:
21:c2:ee:df:98:26:d6:9d:43:41:d6:fd:24:11:24:
54:f5:66:41:b0:19:ef:ca:33:49:c0:f7:24:aa:fb:
43:d6:84:22:b4:70:09:7d:65:62:83:e8:dd:4c:78:
bb:90:4e:ce:26:c9:b6:3b:c0:50:fd:e3:59:67:ad:
a6:78:7e:f7:b0:d3:fb:d9:11:e8:fc:7d:4a:86:0d:
e7:5f:fe:f5:16:6d:f6:df:7c:f6:43:57:42:05:07:
17:7c:6a:3e:e6:fe:02:9e:3b:2d:30:1a:7f:71:09:
ae:92:25:f1:b0:62:7b:f5:da:bf:99:4d:db:17:f2:
07:05:c0:26:b8:bb:73:a8:d1:f0:5a:d8:7e:c7:79:
ac:e4:df:5d:50:1c:35:d2:a5:62:92:c9:cb:6d:01:
3e:fc:5a:dc:56:be:18:5b:59:b0:fc:41:bc:1b:27:
81:4c:92:d3:36:52:0c:d8:e2:3f:87:02:11:6d:11:
a6:52:90:ee:95:e0:f4:91:e4:31:e1:0c:ac:4b:3c:
bb:ba:4a:5d:05:05:62:ac:16:2a:c2:84:88:a2:9f:
42:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:A2:E9:C5:35:E3:0B:59:85:34:57:4D:0A:23:B9:14:FE:CC:EF:03
X509v3 Authority Key Identifier:
keyid:8A:E4:CF:78:B4:9D:F0:B2:C1:D2:9D:32:E4:8A:94:3A:E4:F4:1A:CC
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iuTPeLSd8LLB0p0y5IqUOuT0Gsw.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1663/qqLpxTXjC1mFNFdNCiO5FP7M7wM.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
103.45.128.0/19
Signature Algorithm: sha256WithRSAEncryption
71:21:d6:ef:3d:63:53:c8:26:d2:2d:98:89:11:f9:73:86:4e:
b3:d5:b9:72:79:e1:f3:4f:ca:5c:0f:7e:37:0e:02:15:6f:ad:
a7:0b:8d:86:9e:30:9a:f7:19:9b:58:08:1c:7a:55:81:35:30:
e2:f8:f4:84:c0:d1:34:21:ac:a3:07:d1:af:d4:82:84:e9:2d:
31:04:5d:37:4e:ec:4f:62:ba:c7:ed:cc:97:75:e1:ab:79:79:
76:70:a7:4e:2f:38:73:1d:46:77:2e:18:de:84:d1:b5:34:6c:
76:96:56:3f:c9:03:46:a2:7a:9f:be:37:04:94:c7:79:ff:ae:
82:90:a5:13:c0:c5:32:3f:c3:ff:d1:03:49:4e:37:33:5a:f9:
f9:0c:37:c1:9d:f4:68:cc:02:47:6f:56:a8:8f:02:33:91:14:
57:11:c6:2e:20:11:c1:46:c9:e5:79:00:e9:12:01:39:ea:53:
69:f2:0a:6c:9b:a4:87:c6:5c:80:91:d7:e6:5d:77:97:40:bc:
70:b6:d5:8e:55:3c:94:78:b6:61:ec:de:d4:0d:1c:1a:95:af:
24:97:a4:05:42:e8:c1:60:e4:7f:34:e0:fe:2a:ca:2d:48:5a:
d9:4e:a0:ec:40:6d:de:e3:6d:8b:08:f9:ab:00:f2:cc:7a:98:
f2:a0:d3:e4
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgIDAJm/MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDhB
RTRDRjc4QjQ5REYwQjJDMUQyOUQzMkU0OEE5NDNBRTRGNDFBQ0MwHhcNMjUxMTA2
MDE0MjE1WhcNMjYxMDIzMDMwMTAzWjAzMTEwLwYDVQQDEyhBQUEyRTlDNTM1RTMw
QjU5ODUzNDU3NEQwQTIzQjkxNEZFQ0NFRjAzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEArYiHslLSbRQLwce7m9wm0VBTKXzF6Ek6LAd9g6LRbx7YpEyB
5RarZRVYmH0hwu7fmCbWnUNB1v0kESRU9WZBsBnvyjNJwPckqvtD1oQitHAJfWVi
g+jdTHi7kE7OJsm2O8BQ/eNZZ62meH73sNP72RHo/H1Khg3nX/71Fm3233z2Q1dC
BQcXfGo+5v4CnjstMBp/cQmukiXxsGJ79dq/mU3bF/IHBcAmuLtzqNHwWth+x3ms
5N9dUBw10qViksnLbQE+/FrcVr4YW1mw/EG8GyeBTJLTNlIM2OI/hwIRbRGmUpDu
leD0keQx4QysSzy7ukpdBQVirBYqwoSIop9CUQIDAQABo4IB8zCCAe8wHQYDVR0O
BBYEFKqi6cU14wtZhTRXTQojuRT+zO8DMB8GA1UdIwQYMBaAFIrkz3i0nfCywdKd
MuSKlDrk9BrMMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwXQYDVR0fBFYwVDBS
oFCgToZMcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE2
NjMvaXVUUGVMU2Q4TExCMHAweTVJcVVPdVQwR3N3LmNybDBjBggrBgEFBQcBAQRX
MFUwUwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYy
RTNEMDAwMC9pdVRQZUxTZDhMTEIwcDB5NUlxVU91VDBHc3cuY2VyMA4GA1UdDwEB
/wQEAwIHgDCBnQYIKwYBBQUHAQsEgZAwgY0wWAYIKwYBBQUHMAuGTHJzeW5jOi8v
cnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC8xNjYzL3FxTHB4VFhqQzFt
Rk5GZE5DaU81RlA3TTd3TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5j
bm5pYy5jbi9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVnLYAwDQYJKoZIhvcNAQELBQADggEBAHEh1u89Y1PIJtItmIkR+XOGTrPV
uXJ54fNPylwPfjcOAhVvracLjYaeMJr3GZtYCBx6VYE1MOL49ITA0TQhrKMH0a/U
goTpLTEEXTdO7E9iusftzJd14at5eXZwp04vOHMdRncuGN6E0bU0bHaWVj/JA0ai
ep++NwSUx3n/roKQpRPAxTI/w//RA0lONzNa+fkMN8Gd9GjMAkdvVqiPAjORFFcR
xi4gEcFGyeV5AOkSATnqU2nyCmybpIfGXICR1+Zdd5dAvHC21Y5VPJR4tmHs3tQN
HBqVrySXpAVC6MFg5H804P4qyi1IWtlOoOxAbd7jbYsI+asA8sx6mPKg0+Q=
-----END CERTIFICATE-----
Generated at Thu Nov 6 04:42:22 2025 by rpki-client