Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/oEeTtYWL-lZuDwtlCWdEXLZjq5g.roa
File: oEeTtYWL-lZuDwtlCWdEXLZjq5g.roa (raw, json)
Hash identifier: BX6MmG240jKNtXayg1NLrOxAz/q+rt8fsDGL1580kWM=
Subject key identifier: A0:47:93:B5:85:8B:FA:56:6E:0F:0B:65:09:67:44:5C:B6:63:AB:98
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6446
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oEeTtYWL-lZuDwtlCWdEXLZjq5g.roa
Signing time: Sun 25 May 2025 11:41:19 +0000
ROA not before: Sun 25 May 2025 11:41:19 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25670 (0x6446)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 25 11:41:19 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A04793B5858BFA566E0F0B650967445CB663AB98
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:b2:7f:c0:0b:d9:9f:66:de:af:84:07:18:9f:
40:79:b8:47:70:2b:07:89:1f:f5:f2:21:89:4c:c6:
63:c6:8f:d6:11:2f:fb:59:94:83:2e:37:ef:b9:75:
69:a0:b9:21:31:0e:ae:12:70:c9:e6:5c:32:5f:62:
7d:ef:ba:04:8f:76:23:0b:81:ea:44:c4:7d:f7:ea:
25:73:e6:04:90:d4:52:16:fc:09:a7:92:6b:62:8a:
b4:26:21:6d:20:37:96:e7:35:8a:7e:26:f8:c4:29:
c8:92:01:44:51:5c:52:ab:78:6c:e2:f2:a3:5f:9a:
61:5e:aa:5e:e6:23:59:eb:38:d3:35:7a:55:63:fa:
8f:fe:2b:7c:f3:b0:f9:c1:27:d7:03:c4:4a:f3:cc:
26:04:8e:41:9c:35:e5:80:e5:25:45:65:b2:6a:7c:
c3:94:78:f3:9a:fb:18:e0:dd:6d:07:72:5f:a6:68:
4d:c9:a7:fd:22:34:bd:2b:5b:a6:ca:3f:27:9d:07:
aa:96:34:6d:a4:b3:3a:32:2b:cf:6d:98:08:7d:16:
f9:0f:89:1f:c3:33:dc:3d:c5:42:16:3e:1a:4f:7c:
7d:21:36:9b:35:aa:88:b4:02:cd:bf:61:e6:ea:0a:
44:1e:18:7d:66:a2:7e:c9:73:77:e2:e5:a2:e6:0e:
a3:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:47:93:B5:85:8B:FA:56:6E:0F:0B:65:09:67:44:5C:B6:63:AB:98
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oEeTtYWL-lZuDwtlCWdEXLZjq5g.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b1:48:9b:8c:fa:bb:7f:cf:b3:63:19:50:bc:e8:f2:36:f2:66:
fc:c0:6e:3c:6f:a6:cb:8e:c7:ee:90:f3:b8:0c:9f:23:07:2f:
3b:df:6b:65:24:78:71:82:23:43:28:09:cf:f7:1c:db:e0:94:
ed:64:38:bf:11:ad:2f:96:6a:9c:ed:f8:29:fd:2d:02:0d:a0:
43:3a:f7:e7:c0:d5:4e:a2:3e:1e:4e:f1:2c:d8:75:be:95:69:
d5:4a:f4:ee:cd:4f:96:bd:bc:c8:a1:57:dd:9b:a5:17:d5:58:
c6:24:4e:06:fc:86:04:3d:7a:b8:90:04:6f:4d:9f:82:89:bf:
23:4f:c6:01:f2:4c:4d:68:d8:e0:97:00:4d:83:d8:ed:2d:33:
78:fb:01:e0:8e:8a:52:47:b8:35:3e:c4:5c:4c:63:d8:ef:32:
81:90:63:88:d0:37:c3:3c:8e:b8:b2:e4:56:83:bb:0b:31:9e:
35:d0:b5:44:2e:f5:a6:a2:e7:30:59:ad:90:b3:ae:4e:6e:43:
a2:fb:ec:c4:8f:eb:bb:48:c5:87:6f:4a:01:12:3f:97:10:38:
8f:49:f9:07:3f:c9:10:62:92:2b:fd:ef:0e:da:64:a5:bf:26:
5d:fb:6c:4a:aa:8f:c8:db:b6:f7:3e:0b:11:d2:d2:ab:cd:1f:
39:3a:f2:4d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZEYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MjUx
MTQxMTlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEEwNDc5M0I1ODU4QkZB
NTY2RTBGMEI2NTA5Njc0NDVDQjY2M0FCOTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/sn/AC9mfZt6vhAcYn0B5uEdwKweJH/XyIYlMxmPGj9YRL/tZ
lIMuN++5dWmguSExDq4ScMnmXDJfYn3vugSPdiMLgepExH336iVz5gSQ1FIW/Amn
kmtiirQmIW0gN5bnNYp+JvjEKciSAURRXFKreGzi8qNfmmFeql7mI1nrONM1elVj
+o/+K3zzsPnBJ9cDxErzzCYEjkGcNeWA5SVFZbJqfMOUePOa+xjg3W0Hcl+maE3J
p/0iNL0rW6bKPyedB6qWNG2kszoyK89tmAh9FvkPiR/DM9w9xUIWPhpPfH0hNps1
qoi0As2/YebqCkQeGH1mon7Jc3fi5aLmDqPLAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUoEeTtYWL+lZuDwtlCWdEXLZjq5gwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29FZVR0WVdMLWxadUR3
dGxDV2RFWExaanE1Zy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCxSJuM
+rt/z7NjGVC86PI28mb8wG48b6bLjsfukPO4DJ8jBy8732tlJHhxgiNDKAnP9xzb
4JTtZDi/Ea0vlmqc7fgp/S0CDaBDOvfnwNVOoj4eTvEs2HW+lWnVSvTuzU+WvbzI
oVfdm6UX1VjGJE4G/IYEPXq4kARvTZ+Cib8jT8YB8kxNaNjglwBNg9jtLTN4+wHg
jopSR7g1PsRcTGPY7zKBkGOI0DfDPI64suRWg7sLMZ410LVELvWmoucwWa2Qs65O
bkOi++zEj+u7SMWHb0oBEj+XEDiPSfkHP8kQYpIr/e8O2mSlvyZd+2xKqo/I27b3
PgsR0tKrzR85OvJN
-----END CERTIFICATE-----
Generated at Sat Jun 21 11:38:47 2025 by rpki-client