Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/oItsSgSatJOHXo05bF6vhOllx1Q.roa
File: oItsSgSatJOHXo05bF6vhOllx1Q.roa (raw, json)
Hash identifier: 3xPE0Di74CpYoHPDpOJisx9PuB7mTyNoPEF35zmdQOw=
Subject key identifier: A0:8B:6C:4A:04:9A:B4:93:87:5E:8D:39:6C:5E:AF:84:E9:65:C7:54
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 604E
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oItsSgSatJOHXo05bF6vhOllx1Q.roa
Signing time: Wed 14 May 2025 21:40:23 +0000
ROA not before: Wed 14 May 2025 21:40:23 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 24654 (0x604e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 14 21:40:23 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A08B6C4A049AB493875E8D396C5EAF84E965C754
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:ab:dd:8c:64:1a:72:c6:c8:8a:a3:9a:37:07:
96:93:79:60:98:ab:7b:42:cc:f3:d9:aa:3f:bb:17:
de:b3:8b:e6:a3:31:e8:46:22:3c:fe:d0:69:3f:c6:
7e:78:76:84:fa:85:5c:7b:e5:ea:03:39:02:3b:8b:
d1:57:72:b9:0a:60:8c:e8:65:fb:54:57:f3:99:23:
76:c3:ba:33:d6:95:1a:ee:53:13:a1:ef:ff:78:c7:
64:ee:58:76:9c:f0:d6:91:34:81:08:f2:6a:44:81:
0a:19:58:34:02:b0:66:0d:55:c5:9d:b8:4a:6d:45:
42:00:77:54:b6:e5:4b:30:c1:e0:62:2d:3f:de:24:
8a:21:98:4b:c5:b3:ea:52:38:fb:b8:99:5f:5b:d6:
ed:46:da:f7:6f:bb:18:cc:36:c9:ce:e3:e3:5f:71:
a1:05:c5:fe:e5:94:d1:f8:84:38:42:1e:c9:5e:e9:
02:25:fc:5c:ba:ab:4f:a4:31:89:fe:fd:d2:5c:13:
1e:c4:95:fb:a4:12:03:0c:8a:28:6d:35:de:b0:84:
20:81:a4:72:d4:70:4f:68:5f:85:75:fc:42:cf:cc:
2d:7a:33:9f:74:19:2f:7a:36:52:ad:5d:85:db:c9:
56:4b:99:86:81:4b:56:e3:71:59:40:3a:83:49:86:
ff:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:8B:6C:4A:04:9A:B4:93:87:5E:8D:39:6C:5E:AF:84:E9:65:C7:54
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oItsSgSatJOHXo05bF6vhOllx1Q.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
a5:24:11:5e:92:3d:b6:93:bb:6e:df:d1:a5:c1:9b:9c:f4:ec:
06:63:ef:98:73:c5:85:69:e4:12:8e:cd:11:b5:df:b4:f7:bc:
07:e7:45:9b:ae:b3:1b:b5:c4:dd:40:89:69:e2:48:16:2c:55:
e4:20:b8:52:bf:3c:bc:d3:d6:72:c4:72:39:6a:21:81:c9:55:
f0:70:1b:69:e8:53:6b:46:8b:a6:67:ed:23:86:5e:91:33:cb:
9d:66:5e:2e:58:3e:71:ef:a5:dc:16:45:83:fa:a8:6a:c7:f9:
ec:5b:4d:77:88:81:dc:ed:90:9e:83:bb:bd:82:80:3d:5a:63:
96:3d:7c:05:ec:19:d0:ec:f7:de:c1:2a:e7:e7:24:9f:2a:2e:
a7:c2:25:b2:a7:60:67:bd:91:22:fa:e2:96:78:f1:cd:a7:72:
5b:75:75:db:ba:70:c4:59:ee:55:35:c0:84:a9:14:bf:b5:4b:
50:9a:72:2b:8d:1b:95:93:2b:63:e7:f7:7d:35:1f:c8:8d:42:
d2:a6:0e:f7:fb:0a:48:9b:50:e8:d7:0b:c3:06:48:db:d7:6a:
e2:ec:c1:f1:80:0d:66:72:4f:88:c2:4c:55:89:aa:7e:0f:10:
7f:8f:4d:69:51:3d:7d:8f:25:e5:e8:56:4c:8c:2c:cb:e4:c6:
13:cf:b8:57
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICYE4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MTQy
MTQwMjNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEEwOEI2QzRBMDQ5QUI0
OTM4NzVFOEQzOTZDNUVBRjg0RTk2NUM3NTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDEq92MZBpyxsiKo5o3B5aTeWCYq3tCzPPZqj+7F96zi+ajMehG
Ijz+0Gk/xn54doT6hVx75eoDOQI7i9FXcrkKYIzoZftUV/OZI3bDujPWlRruUxOh
7/94x2TuWHac8NaRNIEI8mpEgQoZWDQCsGYNVcWduEptRUIAd1S25UswweBiLT/e
JIohmEvFs+pSOPu4mV9b1u1G2vdvuxjMNsnO4+NfcaEFxf7llNH4hDhCHsle6QIl
/Fy6q0+kMYn+/dJcEx7ElfukEgMMiihtNd6whCCBpHLUcE9oX4V1/ELPzC16M590
GS96NlKtXYXbyVZLmYaBS1bjcVlAOoNJhv8jAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUoItsSgSatJOHXo05bF6vhOllx1QwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29JdHNTZ1NhdEpPSFhv
MDViRjZ2aE9sbHgxUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQClJBFe
kj22k7tu39GlwZuc9OwGY++Yc8WFaeQSjs0Rtd+097wH50WbrrMbtcTdQIlp4kgW
LFXkILhSvzy809ZyxHI5aiGByVXwcBtp6FNrRoumZ+0jhl6RM8udZl4uWD5x76Xc
FkWD+qhqx/nsW013iIHc7ZCeg7u9goA9WmOWPXwF7BnQ7PfewSrn5ySfKi6nwiWy
p2BnvZEi+uKWePHNp3JbdXXbunDEWe5VNcCEqRS/tUtQmnIrjRuVkytj5/d9NR/I
jULSpg73+wpIm1Do1wvDBkjb12ri7MHxgA1mck+IwkxViap+DxB/j01pUT19jyXl
6FZMjCzL5MYTz7hX
-----END CERTIFICATE-----
Generated at Sat Jun 21 23:32:35 2025 by rpki-client