Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/OMGxuw-7Jfw0lytT9TjA1y5N9ks.roa
File: OMGxuw-7Jfw0lytT9TjA1y5N9ks.roa (raw, json)
Hash identifier: GhE+ymrr5YP9eyPBYAIM2kWc9vlE6IxkgC+VeP9Hm54=
Subject key identifier: 38:C1:B1:BB:0F:BB:25:FC:34:97:2B:53:F5:38:C0:D7:2E:4D:F6:4B
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6812
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OMGxuw-7Jfw0lytT9TjA1y5N9ks.roa
Signing time: Wed 04 Jun 2025 14:41:46 +0000
ROA not before: Wed 04 Jun 2025 14:41:46 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26642 (0x6812)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 4 14:41:46 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=38C1B1BB0FBB25FC34972B53F538C0D72E4DF64B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:ca:a7:ae:5f:a1:cb:09:ec:16:e9:ca:88:cb:
be:4c:d0:65:35:90:dd:55:dc:e0:e7:00:05:06:bb:
a6:ba:01:8c:3f:54:b9:97:b4:a3:51:2a:2e:b2:99:
c4:86:4a:d8:4d:25:2f:5e:3c:39:20:8b:3b:66:cf:
45:f6:94:db:29:7e:78:54:a5:23:82:e3:9f:1a:97:
9a:ac:6c:08:67:5b:e3:49:39:b1:a3:98:86:6c:fe:
95:80:6b:1c:29:31:07:ae:ec:3e:98:6d:c6:58:84:
35:f4:3c:19:39:bd:89:27:8a:d7:87:de:8d:6d:38:
df:9f:78:e6:dc:e0:1b:4f:00:a8:82:06:a8:70:70:
66:fd:18:69:d5:d4:19:93:44:f3:15:ee:8c:a6:21:
88:5e:1b:d6:2d:50:fc:3f:94:3f:d8:a0:b6:6b:52:
bb:7d:76:b2:67:ea:eb:6b:eb:cb:50:52:92:e5:a9:
e5:f6:4e:b3:ff:97:d5:11:60:71:22:a1:4a:ce:95:
90:1b:68:4e:fd:8b:6c:52:45:21:58:d5:3b:28:9d:
ee:19:fe:dc:34:23:2a:7e:80:0a:1c:f9:d7:de:a2:
60:59:1f:bf:ba:18:b2:b1:36:0f:05:49:82:a4:c1:
1c:bd:d5:fc:6b:03:4a:bb:0e:9c:f2:66:70:5a:7b:
59:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:C1:B1:BB:0F:BB:25:FC:34:97:2B:53:F5:38:C0:D7:2E:4D:F6:4B
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/OMGxuw-7Jfw0lytT9TjA1y5N9ks.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
53:da:2e:b9:d4:cb:90:4a:19:c8:38:a2:62:f7:70:d6:69:7a:
d0:a0:d1:f9:37:b8:78:45:e2:43:9c:06:16:ff:d6:50:55:6f:
5b:a2:d5:5c:e1:85:3c:e0:58:56:7f:65:2f:47:22:fe:f4:62:
f5:f4:b7:f1:54:51:21:32:e9:d0:fc:16:cc:df:f6:d3:8c:a8:
7f:15:b8:cc:06:c6:5f:6f:ba:2c:ad:4c:10:f9:8b:2d:eb:2f:
e5:16:fb:5a:f2:b3:a4:bd:a7:2f:5c:6b:e5:6d:57:ea:d3:a4:
fc:cc:85:ee:31:8a:7d:29:d9:03:7c:e8:ff:09:cf:6d:16:b7:
52:0e:df:88:18:00:7d:f0:a9:11:6a:21:4f:29:80:45:2c:79:
17:1d:24:6b:f7:6b:23:ff:88:87:a0:dc:55:6e:0a:ae:ab:97:
72:0f:56:b9:bd:83:aa:ec:da:b4:79:68:3f:d0:0e:a4:d0:bf:
af:65:6b:05:da:54:12:79:1b:87:fc:78:bb:9b:61:f2:80:fa:
bf:6d:14:00:0f:2d:06:f9:5b:7e:73:37:c4:60:49:5e:d3:d1:
51:83:1c:60:b3:7c:42:f7:39:8c:b2:8e:23:eb:8f:5f:48:ac:
21:3f:7e:a0:99:50:6d:26:ec:b2:d2:09:cd:d6:6c:9c:25:ab:
8b:6a:ca:fa
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaBIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDQx
NDQxNDZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM4QzFCMUJCMEZCQjI1
RkMzNDk3MkI1M0Y1MzhDMEQ3MkU0REY2NEIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4yqeuX6HLCewW6cqIy75M0GU1kN1V3ODnAAUGu6a6AYw/VLmX
tKNRKi6ymcSGSthNJS9ePDkgiztmz0X2lNspfnhUpSOC458al5qsbAhnW+NJObGj
mIZs/pWAaxwpMQeu7D6YbcZYhDX0PBk5vYkniteH3o1tON+feObc4BtPAKiCBqhw
cGb9GGnV1BmTRPMV7oymIYheG9YtUPw/lD/YoLZrUrt9drJn6utr68tQUpLlqeX2
TrP/l9URYHEioUrOlZAbaE79i2xSRSFY1Tsone4Z/tw0Iyp+gAoc+dfeomBZH7+6
GLKxNg8FSYKkwRy91fxrA0q7DpzyZnBae1llAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUOMGxuw+7Jfw0lytT9TjA1y5N9kswHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L09NR3h1dy03SmZ3MGx5
dFQ5VGpBMXk1Tjlrcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBT2i65
1MuQShnIOKJi93DWaXrQoNH5N7h4ReJDnAYW/9ZQVW9botVc4YU84FhWf2UvRyL+
9GL19LfxVFEhMunQ/BbM3/bTjKh/FbjMBsZfb7osrUwQ+Yst6y/lFvta8rOkvacv
XGvlbVfq06T8zIXuMYp9KdkDfOj/Cc9tFrdSDt+IGAB98KkRaiFPKYBFLHkXHSRr
92sj/4iHoNxVbgquq5dyD1a5vYOq7Nq0eWg/0A6k0L+vZWsF2lQSeRuH/Hi7m2Hy
gPq/bRQADy0G+Vt+czfEYEle09FRgxxgs3xC9zmMso4j649fSKwhP36gmVBtJuyy
0gnN1mycJauLasr6
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:04:17 2025 by rpki-client