Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/4Oz-FQz__9BWHOvPKanu2W67vnk.roa
File: 4Oz-FQz__9BWHOvPKanu2W67vnk.roa (raw, json)
Hash identifier: hkfUn+vfU2TBNz4kP60h6++m7EI3f8lvyKeiWPLTJHQ=
Subject key identifier: E0:EC:FE:15:0C:FF:FF:D0:56:1C:EB:CF:29:A9:EE:D9:6E:BB:BE:79
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 63B6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4Oz-FQz__9BWHOvPKanu2W67vnk.roa
Signing time: Fri 23 May 2025 23:41:01 +0000
ROA not before: Fri 23 May 2025 23:41:01 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25526 (0x63b6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 23 23:41:01 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=E0ECFE150CFFFFD0561CEBCF29A9EED96EBBBE79
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:26:ad:3c:bd:7f:b6:58:db:fb:d4:f4:36:f4:
6a:62:3b:e5:df:8c:75:86:7c:5f:b3:00:70:de:7f:
58:fb:cd:8a:3c:7d:4d:9f:4f:15:d0:91:d2:33:40:
9f:15:bb:41:9c:29:39:4c:ec:56:c3:a3:20:22:23:
7f:a1:6e:3c:52:4d:f6:6f:fa:b6:c0:b4:1d:a7:88:
56:17:2f:7e:8c:3b:de:ef:e3:35:0a:9d:f8:7b:d8:
0a:93:2a:d9:d5:d3:66:8a:32:53:5d:33:6f:1c:4a:
c8:4d:75:39:c5:27:ad:fd:e1:31:dc:0b:7d:b5:18:
c0:9d:81:fb:3d:92:53:72:29:76:ca:35:07:d1:af:
0f:b4:8a:04:a3:fa:25:00:3a:00:7c:a1:f4:b5:d6:
60:79:90:b3:80:50:68:a9:3a:80:68:a4:79:4a:2f:
c9:7d:df:22:2f:5f:b4:fc:90:80:ac:31:5a:34:2e:
37:7d:29:b7:c3:8d:dc:48:37:4d:ae:32:41:4c:ff:
28:38:1c:af:23:b7:38:fb:c2:f7:4a:4e:e4:bf:04:
86:e5:12:bf:7c:a0:89:b9:87:33:37:3f:82:0f:75:
ac:32:36:a7:20:7a:9e:c3:84:8f:a5:55:ac:b4:6f:
50:a1:85:e5:0a:9d:16:e7:8e:1c:c0:1e:03:dc:b2:
af:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:EC:FE:15:0C:FF:FF:D0:56:1C:EB:CF:29:A9:EE:D9:6E:BB:BE:79
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/4Oz-FQz__9BWHOvPKanu2W67vnk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
28:b2:e0:4e:1c:34:f4:8e:fd:78:e8:36:37:ea:f1:4c:d0:d3:
aa:c7:cd:9b:de:2d:04:fc:27:e1:cc:b1:ac:33:13:5e:99:0a:
bb:5a:4a:97:80:9e:43:21:83:32:f4:f3:d4:3c:e4:6a:5f:32:
21:e4:ab:e1:c9:7c:1e:e9:b5:0d:2a:c6:6c:7f:4f:60:a8:3f:
f2:f3:b6:84:ef:a8:9e:7f:0c:b5:af:f8:3c:f2:3b:69:7e:a4:
30:4a:9a:f6:31:62:97:e4:34:e9:15:86:d2:73:2f:82:71:63:
90:c4:a8:41:12:24:e9:bf:84:c4:9c:dd:a2:76:c9:8d:49:00:
9e:d2:42:74:47:67:3d:e7:39:6e:44:f1:bc:6a:fa:4a:ce:7b:
6d:57:ea:ef:65:ce:99:eb:fa:61:09:ac:aa:d3:6a:aa:aa:49:
fa:63:54:6d:53:22:64:47:41:dc:a1:f2:75:22:c7:04:21:da:
ef:c6:02:e2:72:64:79:a1:ba:95:74:a1:19:dc:9f:d4:e2:55:
f2:9f:27:1e:27:62:53:67:06:88:d0:16:2d:b3:65:c0:07:eb:
ed:3c:7e:d5:34:32:51:24:e1:b3:8e:b7:57:9c:c7:7f:b8:33:
cd:86:69:8f:a1:8c:98:9a:d1:ec:06:ee:04:56:1d:c9:eb:35:
04:5a:bb:30
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICY7YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjMy
MzQxMDFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEUwRUNGRTE1MENGRkZG
RDA1NjFDRUJDRjI5QTlFRUQ5NkVCQkJFNzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUJq08vX+2WNv71PQ29GpiO+XfjHWGfF+zAHDef1j7zYo8fU2f
TxXQkdIzQJ8Vu0GcKTlM7FbDoyAiI3+hbjxSTfZv+rbAtB2niFYXL36MO97v4zUK
nfh72AqTKtnV02aKMlNdM28cSshNdTnFJ6394THcC321GMCdgfs9klNyKXbKNQfR
rw+0igSj+iUAOgB8ofS11mB5kLOAUGipOoBopHlKL8l93yIvX7T8kICsMVo0Ljd9
KbfDjdxIN02uMkFM/yg4HK8jtzj7wvdKTuS/BIblEr98oIm5hzM3P4IPdawyNqcg
ep7DhI+lVay0b1ChheUKnRbnjhzAHgPcsq8fAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU4Oz+FQz//9BWHOvPKanu2W67vnkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzRPei1GUXpfXzlCV0hP
dlBLYW51Mlc2N3Zuay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAosuBO
HDT0jv146DY36vFM0NOqx82b3i0E/CfhzLGsMxNemQq7WkqXgJ5DIYMy9PPUPORq
XzIh5KvhyXwe6bUNKsZsf09gqD/y87aE76iefwy1r/g88jtpfqQwSpr2MWKX5DTp
FYbScy+CcWOQxKhBEiTpv4TEnN2idsmNSQCe0kJ0R2c95zluRPG8avpKznttV+rv
Zc6Z6/phCayq02qqqkn6Y1RtUyJkR0HcofJ1IscEIdrvxgLicmR5obqVdKEZ3J/U
4lXynyceJ2JTZwaI0BYts2XAB+vtPH7VNDJRJOGzjrdXnMd/uDPNhmmPoYyYmtHs
Bu4EVh3J6zUEWrsw
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:54:56 2025 by rpki-client