Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2oZku7C79f0JaKADh4rXWYS8J34.roa
File: 2oZku7C79f0JaKADh4rXWYS8J34.roa (raw, json)
Hash identifier: bLtujsyNOj9w9Oq+c0kJ7S8lTjBfcRo84A58Hb0lDrc=
Subject key identifier: DA:86:64:BB:B0:BB:F5:FD:09:68:A0:03:87:8A:D7:59:84:BC:27:7E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6048
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2oZku7C79f0JaKADh4rXWYS8J34.roa
Signing time: Wed 14 May 2025 20:10:22 +0000
ROA not before: Wed 14 May 2025 20:10:22 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24648 (0x6048)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 20:10:22 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=DA8664BBB0BBF5FD0968A003878AD75984BC277E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:dc:1b:74:7b:e6:d2:bb:e4:f6:67:b3:91:f4:
03:29:8a:a3:bf:09:7a:dc:53:f6:39:06:f9:df:9c:
8b:c6:4f:ac:f2:a0:2e:0e:65:fc:3f:55:cc:51:38:
bb:4f:97:6a:bf:6a:a3:ee:e6:1f:42:6a:e2:69:ec:
9c:67:1a:f6:b6:e8:1a:e3:54:b3:c9:31:82:4f:94:
78:d7:2b:3c:95:71:60:c3:bd:4e:b3:1d:b9:f2:f4:
3a:4a:ed:85:05:cc:4e:6c:90:bc:e4:c4:73:f5:64:
c6:27:f2:4d:4b:f6:a7:e4:4f:42:5c:38:b0:06:b5:
2d:b4:32:03:ec:58:5a:b7:8a:d9:43:f0:71:27:91:
48:53:ec:ad:20:16:ad:65:e3:27:ea:77:7d:56:c1:
d0:82:2c:21:6c:4c:ea:20:3e:2f:b1:9c:6d:73:5d:
7f:ea:e3:55:9c:23:38:8f:8f:58:35:58:62:68:82:
3a:24:0e:65:dd:6c:ba:96:43:65:0a:16:ee:df:e0:
e0:17:5d:30:1f:eb:e3:12:76:3b:bb:0e:0a:82:87:
d5:a9:5f:cb:eb:12:74:89:c9:7f:8d:aa:08:27:00:
e2:99:30:c5:ad:32:1d:4d:06:51:df:3d:45:11:74:
d9:13:5c:99:ed:ad:af:df:94:27:ba:9e:78:47:2d:
e1:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:86:64:BB:B0:BB:F5:FD:09:68:A0:03:87:8A:D7:59:84:BC:27:7E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2oZku7C79f0JaKADh4rXWYS8J34.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7d:26:6f:f9:3c:85:e4:77:21:d5:d7:01:ba:80:34:f0:7a:22:
a3:d3:21:af:cd:b0:bc:e6:b5:4f:51:b8:8b:07:3a:8f:ce:29:
9e:18:1b:ca:51:9e:af:ca:88:a0:67:fb:bc:ae:84:79:bd:0b:
93:53:42:b4:31:d1:97:4d:30:e4:cc:3e:20:0e:11:52:a7:9a:
f1:b1:f6:10:76:45:35:57:d6:19:4d:06:72:5e:29:83:ba:0c:
56:ce:3b:9a:36:6e:14:81:e1:4b:6b:af:de:d9:4b:6c:6b:ed:
e2:a0:ac:a6:63:dd:c2:69:62:50:78:55:b2:2a:23:dc:16:9f:
70:59:93:58:d1:b5:fb:54:d6:8c:7c:65:5b:74:b8:30:82:db:
74:0f:fa:4e:1d:94:15:59:ab:d6:ef:ab:f8:8d:1d:5d:58:d6:
6f:dc:ad:7c:55:86:ff:a2:db:31:27:d4:91:3d:e0:60:1f:08:
cb:ca:54:57:1c:e4:a0:da:8c:7f:75:e6:18:cc:f8:e1:df:c7:
ab:a9:9b:34:a8:db:0c:42:1b:9b:55:36:89:7f:6c:23:cb:90:
cf:d7:15:b9:02:f1:d7:76:36:43:08:2c:de:31:47:39:76:d1:
f2:7a:9b:fd:a9:19:5c:65:ff:fa:cb:3c:71:88:b4:f5:eb:64:
9f:a6:c5:b3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYEgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTQy
MDEwMjJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKERBODY2NEJCQjBCQkY1
RkQwOTY4QTAwMzg3OEFENzU5ODRCQzI3N0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC13Bt0e+bSu+T2Z7OR9AMpiqO/CXrcU/Y5BvnfnIvGT6zyoC4O
Zfw/VcxROLtPl2q/aqPu5h9CauJp7JxnGva26BrjVLPJMYJPlHjXKzyVcWDDvU6z
Hbny9DpK7YUFzE5skLzkxHP1ZMYn8k1L9qfkT0JcOLAGtS20MgPsWFq3itlD8HEn
kUhT7K0gFq1l4yfqd31WwdCCLCFsTOogPi+xnG1zXX/q41WcIziPj1g1WGJogjok
DmXdbLqWQ2UKFu7f4OAXXTAf6+MSdju7DgqCh9WpX8vrEnSJyX+NqggnAOKZMMWt
Mh1NBlHfPUURdNkTXJntra/flCe6nnhHLeFbAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU2oZku7C79f0JaKADh4rXWYS8J34wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJvWmt1N0M3OWYwSmFL
QURoNHJYV1lTOEozNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB9Jm/5
PIXkdyHV1wG6gDTweiKj0yGvzbC85rVPUbiLBzqPzimeGBvKUZ6vyoigZ/u8roR5
vQuTU0K0MdGXTTDkzD4gDhFSp5rxsfYQdkU1V9YZTQZyXimDugxWzjuaNm4UgeFL
a6/e2Utsa+3ioKymY93CaWJQeFWyKiPcFp9wWZNY0bX7VNaMfGVbdLgwgtt0D/pO
HZQVWavW76v4jR1dWNZv3K18VYb/otsxJ9SRPeBgHwjLylRXHOSg2ox/deYYzPjh
38erqZs0qNsMQhubVTaJf2wjy5DP1xW5AvHXdjZDCCzeMUc5dtHyepv9qRlcZf/6
yzxxiLT162SfpsWz
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:52:33 2025 by rpki-client