Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Oco6Q1PLzxEUfVf4M_YvbxaHfTE.roa
File: Oco6Q1PLzxEUfVf4M_YvbxaHfTE.roa (raw, json)
Hash identifier: MIaq1El/J2m7qaqY98DEj1AUs4MwtLJvtYuDy1gN3X0=
Subject key identifier: 39:CA:3A:43:53:CB:CF:11:14:7D:57:F8:33:F6:2F:6F:16:87:7D:31
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 623E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Oco6Q1PLzxEUfVf4M_YvbxaHfTE.roa
Signing time: Tue 20 May 2025 01:40:43 +0000
ROA not before: Tue 20 May 2025 01:40:43 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25150 (0x623e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 20 01:40:43 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=39CA3A4353CBCF11147D57F833F62F6F16877D31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:ab:f3:a8:a3:dd:37:d3:d1:4c:e9:7e:a5:08:
e0:b4:27:9c:ca:d0:2f:b2:a6:82:bc:b6:06:90:51:
81:7d:93:b6:06:bd:05:56:33:19:af:b0:36:33:e2:
35:d9:43:8c:f2:b5:dd:4a:64:1e:f8:59:18:d8:e7:
c2:90:fe:29:ad:ac:aa:61:99:cf:25:51:d6:5c:c1:
2f:e7:d4:f6:6b:0a:6f:8a:95:1e:2d:d8:31:78:ea:
7c:a6:ba:c8:1b:d2:ca:ee:f4:fe:ec:ba:fe:37:50:
21:ed:62:86:36:8c:4a:42:3b:31:86:81:49:fc:7c:
b1:eb:96:90:a1:e3:1e:0f:70:94:85:e4:39:bd:61:
e9:b4:f2:af:5d:1e:c4:7d:ac:34:b5:97:a5:51:b6:
af:0e:10:84:4e:de:d9:c4:92:7e:4f:e4:db:1f:f7:
d5:57:3a:c6:b2:a0:f0:5b:76:e6:0e:df:2d:64:06:
a3:1f:9f:f1:e7:84:81:37:41:6a:cf:85:6c:96:05:
aa:a4:e2:81:32:13:e6:ea:09:8f:02:85:be:93:99:
da:16:9c:bd:8d:99:04:9d:93:88:41:75:3f:ac:6a:
f4:00:ee:91:14:cd:fd:90:3e:9f:c4:2a:52:33:9a:
f1:b1:ce:4c:56:81:fc:87:5f:0b:16:86:7c:ee:e4:
99:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:CA:3A:43:53:CB:CF:11:14:7D:57:F8:33:F6:2F:6F:16:87:7D:31
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Oco6Q1PLzxEUfVf4M_YvbxaHfTE.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
66:b9:f9:96:c2:f8:ea:d1:4b:fc:6c:e9:15:38:80:9b:7d:03:
7c:c3:70:a1:21:f5:60:ef:73:ec:ac:9b:08:f4:e0:98:25:7e:
3c:40:31:36:52:f2:d0:5d:9f:0e:30:f7:10:ac:f2:8e:71:ac:
9b:c3:1b:14:cb:a5:3d:68:bd:cd:37:47:5e:78:88:c3:e5:ef:
9f:b4:97:47:95:af:38:39:28:4a:67:48:2a:9f:11:1d:76:1c:
d3:bd:64:60:ed:36:23:f3:34:d0:b4:e8:54:bb:e7:1e:f7:41:
e9:66:cb:03:34:8d:54:2e:d2:31:67:0f:22:a2:d7:ea:25:8b:
62:35:90:80:51:56:8e:c4:bf:56:2d:7d:ce:30:1a:32:9e:8e:
b9:19:2f:b0:dc:7b:cf:b2:1b:b7:da:9e:57:76:a3:f0:c1:2f:
50:3e:51:aa:6b:fd:c6:ea:f2:d3:83:64:20:3a:63:80:0c:80:
2f:f3:5a:36:60:5e:87:af:ab:0f:da:f9:87:14:6d:ea:e2:03:
fe:fa:56:d0:b3:2b:8d:6a:f0:0e:92:37:60:5b:74:6e:83:c1:
1c:f4:f2:a6:76:de:af:91:3f:3a:e9:b6:5f:85:af:17:79:11:
9d:d3:31:b8:63:85:59:5e:a1:51:71:d0:a6:f6:42:aa:95:da:
a6:83:71:29
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYj4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjAw
MTQwNDNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDM5Q0EzQTQzNTNDQkNG
MTExNDdENTdGODMzRjYyRjZGMTY4NzdEMzEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCyq/Ooo90309FM6X6lCOC0J5zK0C+ypoK8tgaQUYF9k7YGvQVW
MxmvsDYz4jXZQ4zytd1KZB74WRjY58KQ/imtrKphmc8lUdZcwS/n1PZrCm+KlR4t
2DF46nymusgb0sru9P7suv43UCHtYoY2jEpCOzGGgUn8fLHrlpCh4x4PcJSF5Dm9
Yem08q9dHsR9rDS1l6VRtq8OEIRO3tnEkn5P5Nsf99VXOsayoPBbduYO3y1kBqMf
n/HnhIE3QWrPhWyWBaqk4oEyE+bqCY8Chb6TmdoWnL2NmQSdk4hBdT+savQA7pEU
zf2QPp/EKlIzmvGxzkxWgfyHXwsWhnzu5JnJAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUOco6Q1PLzxEUfVf4M/YvbxaHfTEwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L09jbzZRMVBMenhFVWZW
ZjRNX1l2YnhhSGZURS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBmufmW
wvjq0Uv8bOkVOICbfQN8w3ChIfVg73PsrJsI9OCYJX48QDE2UvLQXZ8OMPcQrPKO
caybwxsUy6U9aL3NN0deeIjD5e+ftJdHla84OShKZ0gqnxEddhzTvWRg7TYj8zTQ
tOhUu+ce90HpZssDNI1ULtIxZw8iotfqJYtiNZCAUVaOxL9WLX3OMBoyno65GS+w
3HvPshu32p5XdqPwwS9QPlGqa/3G6vLTg2QgOmOADIAv81o2YF6Hr6sP2vmHFG3q
4gP++lbQsyuNavAOkjdgW3Rug8Ec9PKmdt6vkT866bZfha8XeRGd0zG4Y4VZXqFR
cdCm9kKqldqmg3Ep
-----END CERTIFICATE-----
Generated at Fri Jun 20 23:03:50 2025 by rpki-client