Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/Ro8wkoGcT9vyq1LsaPtzqY5TfF8.roa
File: Ro8wkoGcT9vyq1LsaPtzqY5TfF8.roa (raw, json)
Hash identifier: zBiQ+2BH1de10Qo0RATZF0Nl9G98+c6k0gYqznWvXBA=
Subject key identifier: 46:8F:30:92:81:9C:4F:DB:F2:AB:52:EC:68:FB:73:A9:8E:53:7C:5F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6876
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ro8wkoGcT9vyq1LsaPtzqY5TfF8.roa
Signing time: Thu 05 Jun 2025 15:42:00 +0000
ROA not before: Thu 05 Jun 2025 15:42:00 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26742 (0x6876)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 5 15:42:00 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=468F3092819C4FDBF2AB52EC68FB73A98E537C5F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:29:ae:11:4e:d0:cf:33:07:9f:0d:a1:a8:21:
18:31:8b:a1:08:92:48:71:8d:6c:79:2b:d0:61:fd:
24:17:5d:d3:f1:2f:d4:63:77:3b:46:be:bf:93:d6:
8e:19:7b:50:46:17:4c:ff:f9:89:49:33:59:9b:1e:
b0:18:52:68:1c:42:8e:e3:ce:79:57:b3:ef:23:38:
f4:84:93:1e:57:99:ec:32:52:c0:19:15:ae:a2:f1:
09:dd:71:e4:e0:ce:6f:a5:52:44:a2:a5:de:9b:3f:
81:a3:91:4d:61:e0:1f:6e:26:6b:e9:2c:36:bd:71:
39:95:2f:c0:08:fc:27:26:aa:48:1c:35:81:86:b9:
3c:91:ee:49:cb:7d:2f:d3:43:ca:1d:4d:53:b9:d7:
32:59:e5:e2:12:ff:cc:05:50:6c:41:c4:10:ab:d3:
ee:e6:28:02:66:9a:99:fd:8e:5a:78:f9:a6:fe:c3:
8e:66:a2:13:78:e9:60:7e:e6:47:7f:95:6c:a1:69:
d8:c9:2b:15:90:81:c5:c6:53:ae:87:ce:8a:63:6c:
40:6e:60:d6:6f:ec:8b:7a:54:ac:fc:c3:8d:37:0c:
64:1b:32:f8:a4:69:9c:98:ca:42:ac:4b:2d:b3:13:
db:65:0e:6a:58:d8:38:64:c2:61:7c:08:3c:85:73:
58:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:8F:30:92:81:9C:4F:DB:F2:AB:52:EC:68:FB:73:A9:8E:53:7C:5F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/Ro8wkoGcT9vyq1LsaPtzqY5TfF8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
15:86:71:69:d2:1d:d5:5f:54:ca:e3:09:ea:fb:dd:57:0f:50:
2a:f3:88:36:74:58:b6:44:1e:67:4f:a9:2b:24:c2:96:39:5f:
bc:7e:5e:e1:46:5a:28:a4:11:d5:f8:ed:4c:bf:0a:15:57:ee:
cb:f4:ad:83:4a:20:a0:c5:12:ae:51:39:6d:d8:c0:3d:7d:39:
d7:3a:c2:66:45:d4:7b:fe:38:6e:5d:67:c1:65:a8:f3:f3:1a:
73:51:df:5d:a7:49:03:a2:87:a6:c2:8f:f8:5f:72:0f:9d:fd:
d3:2c:70:59:15:00:c9:d4:fc:49:cb:d5:7e:60:0b:10:3f:03:
a7:4c:46:f6:30:84:c3:6d:8d:aa:99:71:35:e4:d0:ad:51:1d:
56:78:f5:02:43:5d:ac:49:e5:ed:7a:2a:31:c8:fd:e6:81:70:
30:62:ef:a2:ee:10:3a:6b:66:98:81:b9:3b:17:b0:d3:e2:b3:
dc:d3:44:6d:93:19:6a:ca:ce:06:db:5d:59:bb:fb:7d:c6:a5:
39:35:96:a5:cf:8b:dc:1a:42:e6:6e:25:ee:68:e8:9a:e8:7b:
2f:61:11:6d:08:17:b8:44:c1:ca:cb:fc:8f:54:d1:17:c1:a2:
01:35:70:0a:20:5e:3d:6b:a5:4b:9e:e2:2b:47:a7:62:c9:38:
0c:93:51:23
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICaHYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDUx
NTQyMDBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKDQ2OEYzMDkyODE5QzRG
REJGMkFCNTJFQzY4RkI3M0E5OEU1MzdDNUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwKa4RTtDPMwefDaGoIRgxi6EIkkhxjWx5K9Bh/SQXXdPxL9Rj
dztGvr+T1o4Ze1BGF0z/+YlJM1mbHrAYUmgcQo7jznlXs+8jOPSEkx5XmewyUsAZ
Fa6i8QndceTgzm+lUkSipd6bP4GjkU1h4B9uJmvpLDa9cTmVL8AI/CcmqkgcNYGG
uTyR7knLfS/TQ8odTVO51zJZ5eIS/8wFUGxBxBCr0+7mKAJmmpn9jlp4+ab+w45m
ohN46WB+5kd/lWyhadjJKxWQgcXGU66HzopjbEBuYNZv7It6VKz8w403DGQbMvik
aZyYykKsSy2zE9tlDmpY2DhkwmF8CDyFc1jLAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQURo8wkoGcT9vyq1LsaPtzqY5TfF8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1JvOHdrb0djVDl2eXEx
THNhUHR6cVk1VGZGOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAVhnFp
0h3VX1TK4wnq+91XD1Aq84g2dFi2RB5nT6krJMKWOV+8fl7hRloopBHV+O1MvwoV
V+7L9K2DSiCgxRKuUTlt2MA9fTnXOsJmRdR7/jhuXWfBZajz8xpzUd9dp0kDooem
wo/4X3IPnf3TLHBZFQDJ1PxJy9V+YAsQPwOnTEb2MITDbY2qmXE15NCtUR1WePUC
Q12sSeXteioxyP3mgXAwYu+i7hA6a2aYgbk7F7DT4rPc00Rtkxlqys4G211Zu/t9
xqU5NZalz4vcGkLmbiXuaOia6HsvYRFtCBe4RMHKy/yPVNEXwaIBNXAKIF49a6VL
nuIrR6diyTgMk1Ej
-----END CERTIFICATE-----
Generated at Sat Jun 21 11:58:52 2025 by rpki-client