Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/8MCinNuzF1NNCRIyxpi4HnRE0Rs.roa
File: 8MCinNuzF1NNCRIyxpi4HnRE0Rs.roa (raw, json)
Hash identifier: aCoXZNQolyI02YoaJl3iYbrKFbX7y1uzmTvn33iSFZg=
Subject key identifier: F0:C0:A2:9C:DB:B3:17:53:4D:09:12:32:C6:98:B8:1E:74:44:D1:1B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 629E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8MCinNuzF1NNCRIyxpi4HnRE0Rs.roa
Signing time: Wed 21 May 2025 01:40:46 +0000
ROA not before: Wed 21 May 2025 01:40:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25246 (0x629e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 21 01:40:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F0C0A29CDBB317534D091232C698B81E7444D11B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:f5:4a:40:9b:16:bf:36:94:eb:a1:4d:30:bb:
e4:04:1f:60:c4:b9:31:9f:8b:51:4d:c3:b0:12:42:
30:cf:76:db:38:2d:8b:7a:64:1d:12:53:ac:f4:66:
d2:ca:62:86:4b:3f:b1:01:30:f5:03:51:65:d7:72:
bd:05:dd:cc:a0:3a:9a:a3:c4:43:52:08:40:0f:9e:
7d:65:f4:00:f3:5e:03:57:19:7c:9c:68:1e:16:44:
ef:76:e8:4e:ce:a5:27:6d:65:a0:d0:f9:f9:16:7f:
bd:5e:c8:62:99:64:ac:d0:2d:ca:e2:db:81:cc:94:
9d:e9:38:d3:f9:5b:1a:a9:a5:42:d7:1c:8d:dd:09:
d5:7f:90:12:98:60:0a:d8:85:bc:04:2e:45:df:06:
d5:d9:30:4f:c8:af:77:4c:c9:e8:0c:51:eb:5c:7e:
1d:1c:10:5d:f7:b8:74:08:7f:dc:41:e8:72:3c:0e:
2e:be:c9:6d:5b:06:e9:d7:d0:50:25:f7:a0:8f:6d:
c3:71:97:75:01:0f:20:de:9e:d4:31:d2:61:85:dc:
bb:b6:04:f8:74:42:b9:b0:5d:0e:3a:f9:f3:05:18:
77:97:59:97:26:0f:cf:a1:8d:c2:2f:24:0e:5e:16:
b2:f6:8f:9b:fb:41:e9:5e:56:d1:f8:47:b8:4b:e4:
f0:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:C0:A2:9C:DB:B3:17:53:4D:09:12:32:C6:98:B8:1E:74:44:D1:1B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8MCinNuzF1NNCRIyxpi4HnRE0Rs.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
48:81:66:5c:f3:12:2c:b2:45:56:6e:ce:50:57:c7:a3:d6:ef:
c3:c2:0b:fe:a8:15:5e:43:a6:19:98:52:d3:a6:0e:28:e2:1f:
d0:cc:9d:7f:71:42:ad:b3:9c:3a:8f:e1:50:d7:4d:d5:d2:d8:
5e:20:ec:68:dc:bc:32:c4:2d:88:2e:42:07:71:36:e9:8e:c9:
3e:f4:69:c8:63:0b:09:44:68:dc:cb:ee:3d:50:8b:24:ad:84:
20:a9:7f:6e:35:da:49:83:9b:05:3c:ad:5b:30:e5:48:ec:9f:
91:5a:09:fd:59:a9:31:53:70:fa:6c:f4:42:86:e2:11:f4:73:
3e:b4:bf:2c:49:9e:ce:b0:fd:6e:f3:48:db:01:e4:52:64:d9:
82:31:94:c6:4e:42:df:e9:c5:80:2e:6e:98:4e:0d:00:f1:29:
60:26:28:f1:f9:aa:1c:1e:0a:10:68:fa:0f:fa:31:30:45:80:
d4:fa:ea:d6:7b:5a:66:34:5e:93:fd:9c:f4:ea:e4:08:00:c0:
2d:a3:2b:b6:2a:da:03:48:e4:6e:d7:81:65:a0:7c:17:b4:92:
6a:42:83:d3:3d:31:27:3f:94:c2:02:4a:a2:09:ce:c4:5d:bd:
b6:19:78:34:41:c4:0b:de:77:4b:c8:81:a3:e1:b2:6c:59:b6:
81:58:69:38
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYp4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjEw
MTQwNDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEYwQzBBMjlDREJCMzE3
NTM0RDA5MTIzMkM2OThCODFFNzQ0NEQxMUIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCk9UpAmxa/NpTroU0wu+QEH2DEuTGfi1FNw7ASQjDPdts4LYt6
ZB0SU6z0ZtLKYoZLP7EBMPUDUWXXcr0F3cygOpqjxENSCEAPnn1l9ADzXgNXGXyc
aB4WRO926E7OpSdtZaDQ+fkWf71eyGKZZKzQLcri24HMlJ3pONP5WxqppULXHI3d
CdV/kBKYYArYhbwELkXfBtXZME/Ir3dMyegMUetcfh0cEF33uHQIf9xB6HI8Di6+
yW1bBunX0FAl96CPbcNxl3UBDyDentQx0mGF3Lu2BPh0QrmwXQ46+fMFGHeXWZcm
D8+hjcIvJA5eFrL2j5v7QeleVtH4R7hL5PCjAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU8MCinNuzF1NNCRIyxpi4HnRE0RswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzhNQ2luTnV6RjFOTkNS
SXl4cGk0SG5SRTBScy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBIgWZc
8xIsskVWbs5QV8ej1u/Dwgv+qBVeQ6YZmFLTpg4o4h/QzJ1/cUKts5w6j+FQ103V
0theIOxo3LwyxC2ILkIHcTbpjsk+9GnIYwsJRGjcy+49UIskrYQgqX9uNdpJg5sF
PK1bMOVI7J+RWgn9WakxU3D6bPRChuIR9HM+tL8sSZ7OsP1u80jbAeRSZNmCMZTG
TkLf6cWALm6YTg0A8SlgJijx+aocHgoQaPoP+jEwRYDU+urWe1pmNF6T/Zz06uQI
AMAtoyu2KtoDSORu14FloHwXtJJqQoPTPTEnP5TCAkqiCc7EXb22GXg0QcQL3ndL
yIGj4bJsWbaBWGk4
-----END CERTIFICATE-----
Generated at Sun Jun 22 23:55:05 2025 by rpki-client