Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Or9DmEC4nM2YuPWUXQVc7WAFxsc.roa
File: Or9DmEC4nM2YuPWUXQVc7WAFxsc.roa (raw, json)
Hash identifier: +4YNuangAfX7vvs4edR+HW6T7jsIgIeiAQfvDZeDpZk=
Subject key identifier: 3A:BF:43:98:40:B8:9C:CD:98:B8:F5:94:5D:05:5C:ED:60:05:C6:C7
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 69E6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Or9DmEC4nM2YuPWUXQVc7WAFxsc.roa
Signing time: Mon 09 Jun 2025 11:41:59 +0000
ROA not before: Mon 09 Jun 2025 11:41:59 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27110 (0x69e6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 9 11:41:59 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=3ABF439840B89CCD98B8F5945D055CED6005C6C7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:6b:56:ca:36:93:31:6f:e7:59:65:48:03:4e:
e0:91:7d:a9:29:6c:16:02:fd:ad:11:ee:32:c1:23:
fe:67:8f:69:c4:d6:a2:b1:67:10:e8:55:4d:51:93:
ac:30:e1:58:07:ab:49:ac:03:6f:19:2b:8c:38:4f:
66:ed:a4:c0:5f:29:91:5d:e4:74:f4:32:12:ff:80:
e1:76:7e:23:60:21:4a:d6:36:f2:ff:e9:11:77:8f:
8d:bf:12:fe:08:9d:f9:a5:63:2c:38:97:57:a7:52:
90:8d:ef:24:64:de:13:1b:16:ee:c5:ab:cb:88:a3:
68:3c:89:75:e7:25:cf:0d:d5:27:f4:58:8d:04:8a:
6e:c7:0a:eb:7b:bd:8e:dc:27:02:f8:50:fd:7a:a8:
34:f1:74:45:c1:e1:70:10:a5:fd:3c:32:25:88:1f:
d9:0f:c4:78:fe:33:cb:87:3d:44:cb:70:52:a3:23:
8a:38:c2:57:3c:d6:ea:b8:f7:77:aa:26:d1:01:0c:
5f:15:52:90:30:73:9e:0e:25:1b:0d:ac:12:e2:2f:
1a:62:28:21:26:b9:c0:96:68:71:0e:06:61:a3:cf:
68:50:df:b9:38:36:0d:42:c7:ea:0f:15:ea:5b:9f:
16:47:7b:47:08:91:36:7d:3b:74:98:48:c4:dc:38:
d2:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:BF:43:98:40:B8:9C:CD:98:B8:F5:94:5D:05:5C:ED:60:05:C6:C7
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Or9DmEC4nM2YuPWUXQVc7WAFxsc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
77:67:e7:37:56:47:43:f4:64:ce:aa:e5:5d:1a:f1:35:7b:61:
1f:07:0e:f0:84:69:2b:08:0f:31:61:58:55:ea:88:3a:9d:95:
93:f7:90:4f:33:cc:90:d2:3f:9b:87:31:34:2f:52:92:ff:eb:
5a:14:35:76:d5:32:36:da:04:7a:a5:b0:c8:59:c4:58:16:24:
2a:93:0d:7f:34:93:f5:80:99:0b:11:b2:a4:96:8e:e8:0c:03:
16:de:fe:91:fd:e9:10:24:d0:c9:7d:57:86:4f:97:61:0c:63:
79:88:df:72:fa:cf:1b:f7:70:1a:76:7a:dd:e2:a2:0b:c2:c9:
7b:76:30:b7:f1:b9:f6:97:e9:13:fc:3e:8f:9a:e5:75:8b:0e:
0f:89:34:38:9a:fc:9f:dc:6f:dc:9c:ba:20:68:67:eb:6a:eb:
b1:5e:e0:da:7d:bf:55:09:55:34:a3:10:40:c3:ce:2a:57:8b:
fb:7f:53:be:89:de:25:47:50:1d:64:9a:10:3b:93:e6:f0:19:
11:bf:26:29:64:f4:7d:fb:1b:57:1d:a1:39:08:f4:2f:d3:4e:
9a:1e:cd:e2:07:f2:19:b3:3d:81:16:09:44:a3:7a:d0:6e:76:
ed:f4:df:ad:8f:ba:39:33:74:27:6a:0e:a0:4e:b5:51:c3:f7:
7e:aa:c8:59
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaeYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDkx
MTQxNTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDNBQkY0Mzk4NDBCODlD
Q0Q5OEI4RjU5NDVEMDU1Q0VENjAwNUM2QzcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDba1bKNpMxb+dZZUgDTuCRfakpbBYC/a0R7jLBI/5nj2nE1qKx
ZxDoVU1Rk6ww4VgHq0msA28ZK4w4T2btpMBfKZFd5HT0MhL/gOF2fiNgIUrWNvL/
6RF3j42/Ev4InfmlYyw4l1enUpCN7yRk3hMbFu7Fq8uIo2g8iXXnJc8N1Sf0WI0E
im7HCut7vY7cJwL4UP16qDTxdEXB4XAQpf08MiWIH9kPxHj+M8uHPUTLcFKjI4o4
wlc81uq493eqJtEBDF8VUpAwc54OJRsNrBLiLxpiKCEmucCWaHEOBmGjz2hQ37k4
Ng1Cx+oPFepbnxZHe0cIkTZ9O3SYSMTcONJdAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUOr9DmEC4nM2YuPWUXQVc7WAFxscwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L09yOURtRUM0bk0yWXVQ
V1VYUVZjN1dBRnhzYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB3Z+c3
VkdD9GTOquVdGvE1e2EfBw7whGkrCA8xYVhV6og6nZWT95BPM8yQ0j+bhzE0L1KS
/+taFDV21TI22gR6pbDIWcRYFiQqkw1/NJP1gJkLEbKklo7oDAMW3v6R/ekQJNDJ
fVeGT5dhDGN5iN9y+s8b93Aadnrd4qILwsl7djC38bn2l+kT/D6PmuV1iw4PiTQ4
mvyf3G/cnLogaGfrauuxXuDafb9VCVU0oxBAw84qV4v7f1O+id4lR1AdZJoQO5Pm
8BkRvyYpZPR9+xtXHaE5CPQv006aHs3iB/IZsz2BFglEo3rQbnbt9N+tj7o5M3Qn
ag6gTrVRw/d+qshZ
-----END CERTIFICATE-----
Generated at Fri Jun 20 10:11:58 2025 by rpki-client