Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/8h1xnvdvGzzW1uN_wqV-0BXdU8Q.roa
File: 8h1xnvdvGzzW1uN_wqV-0BXdU8Q.roa (raw, json)
Hash identifier: EoQqE9vZcTSnC7cdEQniBWxP23eZRsQN5qoqGePDjn8=
Subject key identifier: F2:1D:71:9E:F7:6F:1B:3C:D6:D6:E3:7F:C2:A5:7E:D0:15:DD:53:C4
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 632C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8h1xnvdvGzzW1uN_wqV-0BXdU8Q.roa
Signing time: Thu 22 May 2025 13:10:51 +0000
ROA not before: Thu 22 May 2025 13:10:51 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25388 (0x632c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 22 13:10:51 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F21D719EF76F1B3CD6D6E37FC2A57ED015DD53C4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:64:6e:b5:9c:9b:53:06:66:37:7e:de:46:c7:
1e:4d:b2:af:99:68:cc:46:92:f3:40:a9:b4:32:bb:
aa:7f:8f:6e:b1:cd:a2:56:d3:30:8b:ab:2d:35:e4:
3b:25:51:2e:80:f5:6d:2d:82:cc:34:c7:64:5d:03:
4a:2f:4f:5b:b8:d9:5f:77:e5:3e:05:6c:f3:a8:f8:
20:85:b1:9e:44:df:06:15:a5:e7:93:85:a7:79:02:
34:27:19:24:bb:a8:5f:7f:71:b4:dd:de:96:96:28:
95:6a:62:4c:e9:1c:0e:44:ac:5b:4d:68:ca:64:7a:
80:e9:44:35:ca:48:3c:4f:eb:e8:df:27:2e:eb:b8:
16:f9:80:3e:55:7f:56:71:67:1d:86:ab:88:e2:72:
c0:04:db:c4:88:51:aa:f0:e0:48:f5:ac:69:4d:7c:
21:52:49:eb:84:f5:7f:8e:d5:40:46:69:3e:5b:cb:
50:86:ab:cf:63:bd:3b:ce:1c:01:20:91:df:97:dc:
ec:b3:4f:e1:66:db:bd:97:b2:a9:df:a8:fd:0a:ea:
f1:ef:19:91:02:06:9a:f8:36:3e:b2:0d:53:3e:17:
b9:8f:67:d4:e9:e5:61:5f:2e:a4:57:4d:01:3a:a7:
12:52:d0:06:89:c3:27:e8:ff:3d:df:54:ca:4c:f3:
da:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:1D:71:9E:F7:6F:1B:3C:D6:D6:E3:7F:C2:A5:7E:D0:15:DD:53:C4
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8h1xnvdvGzzW1uN_wqV-0BXdU8Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b6:25:20:d2:42:00:23:27:b1:40:2e:f7:c2:60:d6:30:80:17:
72:57:b8:c5:8e:97:c1:47:60:c8:09:eb:08:f9:91:9b:55:f7:
4f:00:b9:8c:23:44:c0:0c:c6:f1:91:5e:f7:a5:05:e3:8a:b9:
29:56:18:df:f6:fc:d4:d4:81:60:c2:a2:c9:cf:42:c6:5f:0e:
f1:5f:b1:7e:11:d9:11:87:5a:0a:09:0d:fa:07:bf:6c:5d:5f:
dd:5f:20:8c:0a:21:a6:40:33:d8:1a:44:07:fa:56:57:c2:f1:
4a:db:f4:2f:b1:90:1c:45:90:ae:5c:80:30:60:28:0d:24:90:
27:8c:70:d0:a3:65:f9:9e:2f:02:d7:16:c1:1e:5a:79:5e:67:
bc:ef:74:29:48:2d:9b:7d:85:85:1d:69:68:19:d3:e5:a9:d2:
ab:f3:f6:94:02:2f:66:7e:68:7d:98:a5:0e:9c:f6:cc:da:05:
fa:34:93:ae:04:24:ec:04:cb:61:f8:2c:94:2d:8b:7d:8f:dc:
a2:b6:e4:61:d9:5d:ae:2a:26:b5:0f:37:09:79:cf:7d:da:6c:
ec:cc:a6:e6:7d:6b:85:1b:58:d8:38:ba:0a:de:42:aa:d6:ba:
ad:7e:0a:b1:99:a6:0b:66:75:d9:82:d5:02:c0:bd:24:b3:77:
0d:99:7c:38
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYywwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjIx
MzEwNTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEYyMUQ3MTlFRjc2RjFC
M0NENkQ2RTM3RkMyQTU3RUQwMTVERDUzQzQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwZG61nJtTBmY3ft5Gxx5Nsq+ZaMxGkvNAqbQyu6p/j26xzaJW
0zCLqy015DslUS6A9W0tgsw0x2RdA0ovT1u42V935T4FbPOo+CCFsZ5E3wYVpeeT
had5AjQnGSS7qF9/cbTd3paWKJVqYkzpHA5ErFtNaMpkeoDpRDXKSDxP6+jfJy7r
uBb5gD5Vf1ZxZx2Gq4jicsAE28SIUarw4Ej1rGlNfCFSSeuE9X+O1UBGaT5by1CG
q89jvTvOHAEgkd+X3OyzT+Fm272XsqnfqP0K6vHvGZECBpr4Nj6yDVM+F7mPZ9Tp
5WFfLqRXTQE6pxJS0AaJwyfo/z3fVMpM89oPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU8h1xnvdvGzzW1uN/wqV+0BXdU8QwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzhoMXhudmR2R3p6VzF1
Tl93cVYtMEJYZFU4US5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC2JSDS
QgAjJ7FALvfCYNYwgBdyV7jFjpfBR2DICesI+ZGbVfdPALmMI0TADMbxkV73pQXj
irkpVhjf9vzU1IFgwqLJz0LGXw7xX7F+EdkRh1oKCQ36B79sXV/dXyCMCiGmQDPY
GkQH+lZXwvFK2/QvsZAcRZCuXIAwYCgNJJAnjHDQo2X5ni8C1xbBHlp5Xme873Qp
SC2bfYWFHWloGdPlqdKr8/aUAi9mfmh9mKUOnPbM2gX6NJOuBCTsBMth+CyULYt9
j9yituRh2V2uKia1DzcJec992mzszKbmfWuFG1jYOLoK3kKq1rqtfgqxmaYLZnXZ
gtUCwL0ks3cNmXw4
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:55:05 2025 by rpki-client