Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0bFaMZh2u9vnRoQWZN4aJ_-rI00.roa
File: 0bFaMZh2u9vnRoQWZN4aJ_-rI00.roa (raw, json)
Hash identifier: CsyoHFkJPSjBvZzLb1bf71sP9PTQDRx7J3ClDC1+JPM=
Subject key identifier: D1:B1:5A:31:98:76:BB:DB:E7:46:84:16:64:DE:1A:27:FF:AB:23:4D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 699A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0bFaMZh2u9vnRoQWZN4aJ_-rI00.roa
Signing time: Sun 08 Jun 2025 16:42:02 +0000
ROA not before: Sun 08 Jun 2025 16:42:02 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27034 (0x699a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 8 16:42:02 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D1B15A319876BBDBE746841664DE1A27FFAB234D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:a0:6a:2a:26:2b:1c:cf:ce:eb:58:35:c0:61:
f6:c6:ae:b5:4d:ab:dc:04:66:3a:3d:40:35:59:99:
b2:73:a4:81:ba:3f:ae:b4:e0:48:97:1c:3d:91:bd:
70:3b:e3:af:4c:10:d4:ea:76:63:dc:6e:66:11:12:
6d:63:02:53:d9:59:13:7a:1a:3f:a5:fe:23:2e:2b:
a8:7d:31:94:25:21:f0:d0:4a:c5:0f:23:37:75:ff:
be:4f:39:8f:54:75:45:d8:54:a6:12:29:76:fe:d6:
2e:17:c5:14:df:b1:99:5a:c5:1a:14:3d:85:65:7b:
84:cd:45:b7:c1:c9:b3:e6:70:3d:8c:90:53:e7:c6:
d2:cd:98:3b:5c:19:71:b6:45:8b:1a:aa:18:f9:98:
e0:ed:e2:1e:1f:ba:42:f2:31:5e:c7:c3:95:ae:e2:
56:cc:54:a7:de:8e:fc:2a:a6:6e:ec:85:87:36:23:
05:da:12:6e:97:c1:e4:58:29:16:49:28:3c:da:7c:
28:7c:f3:54:ca:2f:db:ed:9e:f4:c8:dc:17:10:c6:
e0:d3:09:c9:c2:7a:81:d8:57:b2:6b:3b:54:77:44:
0d:47:3c:cf:d7:10:2a:07:f7:f3:b9:90:76:1c:d6:
58:20:fd:9a:ff:83:f1:c6:89:9b:5b:31:60:11:89:
b2:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:B1:5A:31:98:76:BB:DB:E7:46:84:16:64:DE:1A:27:FF:AB:23:4D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0bFaMZh2u9vnRoQWZN4aJ_-rI00.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
57:b9:99:6f:39:56:ad:5b:b1:4c:8a:c2:00:40:23:69:50:1b:
ac:35:2c:91:68:cf:5c:84:84:7f:11:5a:14:51:a6:c9:ee:1d:
3c:bd:62:63:6b:58:80:63:eb:9c:68:2b:41:bf:16:49:ed:7b:
c7:46:2f:d6:d3:3e:0e:44:fc:b3:20:d6:5f:82:b3:08:6f:8e:
d5:10:30:3f:5f:8b:08:a6:32:63:10:01:93:5b:5a:10:5a:4e:
7c:96:f3:74:bf:f3:7a:66:b1:ee:6f:36:65:62:90:33:9e:44:
a0:db:6b:9e:da:b0:64:7d:af:26:68:77:5f:0d:2f:58:d4:0e:
7a:d5:a3:f5:1c:e5:45:9e:98:81:d7:5d:45:cc:50:18:d6:66:
82:a6:93:e3:53:5c:5f:57:f7:63:a7:8b:00:e1:de:1f:2d:02:
1e:d9:31:c8:65:e7:ed:fb:66:33:62:22:b6:31:48:f1:8f:58:
ad:93:4d:3f:7e:5d:73:22:c0:ba:83:d1:41:72:8c:fd:f8:0c:
8f:7f:99:aa:68:f6:19:23:d5:03:59:0c:cb:e3:d8:b2:06:79:
fd:1e:76:95:44:ca:f2:04:0c:66:7d:67:e5:50:fd:fb:b0:d3:
e6:2e:cc:2f:89:23:47:ff:1b:88:d4:1a:52:87:e9:97:df:16:
bb:7d:7b:5a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaZowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDgx
NjQyMDJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQxQjE1QTMxOTg3NkJC
REJFNzQ2ODQxNjY0REUxQTI3RkZBQjIzNEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDToGoqJiscz87rWDXAYfbGrrVNq9wEZjo9QDVZmbJzpIG6P660
4EiXHD2RvXA7469MENTqdmPcbmYREm1jAlPZWRN6Gj+l/iMuK6h9MZQlIfDQSsUP
Izd1/75POY9UdUXYVKYSKXb+1i4XxRTfsZlaxRoUPYVle4TNRbfBybPmcD2MkFPn
xtLNmDtcGXG2RYsaqhj5mODt4h4fukLyMV7Hw5Wu4lbMVKfejvwqpm7shYc2IwXa
Em6XweRYKRZJKDzafCh881TKL9vtnvTI3BcQxuDTCcnCeoHYV7JrO1R3RA1HPM/X
ECoH9/O5kHYc1lgg/Zr/g/HGiZtbMWARibIjAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU0bFaMZh2u9vnRoQWZN4aJ/+rI00wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzBiRmFNWmgydTl2blJv
UVdaTjRhSl8tckkwMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBXuZlv
OVatW7FMisIAQCNpUBusNSyRaM9chIR/EVoUUabJ7h08vWJja1iAY+ucaCtBvxZJ
7XvHRi/W0z4ORPyzINZfgrMIb47VEDA/X4sIpjJjEAGTW1oQWk58lvN0v/N6ZrHu
bzZlYpAznkSg22ue2rBkfa8maHdfDS9Y1A561aP1HOVFnpiB111FzFAY1maCppPj
U1xfV/djp4sA4d4fLQIe2THIZeft+2YzYiK2MUjxj1itk00/fl1zIsC6g9FBcoz9
+AyPf5mqaPYZI9UDWQzL49iyBnn9HnaVRMryBAxmfWflUP37sNPmLswviSNH/xuI
1BpSh+mX3xa7fXta
-----END CERTIFICATE-----
Generated at Sat Jun 21 18:23:51 2025 by rpki-client