Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/oQegkwkIp4neUTLdqXsGj8jpna0.roa
File: oQegkwkIp4neUTLdqXsGj8jpna0.roa (raw, json)
Hash identifier: PnSVFH2U1bvqaMS/bN7RNoy1qgnpAJZabIVuN1Xbde8=
Subject key identifier: A1:07:A0:93:09:08:A7:89:DE:51:32:DD:A9:7B:06:8F:C8:E9:9D:AD
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 673A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oQegkwkIp4neUTLdqXsGj8jpna0.roa
Signing time: Mon 02 Jun 2025 08:41:55 +0000
ROA not before: Mon 02 Jun 2025 08:41:55 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26426 (0x673a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 2 08:41:55 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A107A0930908A789DE5132DDA97B068FC8E99DAD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:a2:99:ab:47:b2:dd:eb:4e:14:05:71:03:55:
85:ff:b7:d0:64:b5:f2:ce:53:c6:09:ec:bf:5c:d5:
c2:73:4d:97:16:f8:98:11:27:e3:1f:a5:bc:5f:50:
f8:87:53:07:87:01:13:5f:35:c7:06:2b:af:96:56:
2c:4f:33:9a:2e:b6:67:66:30:31:16:f6:8f:58:98:
ae:e8:a1:3b:cd:06:6c:a8:66:d5:22:ff:6a:d1:5a:
f3:38:d5:63:c8:9e:aa:5a:67:fb:a6:c2:0a:92:d2:
60:a2:6a:95:d9:e5:b6:90:41:7b:bf:cd:c3:be:8c:
60:26:5e:3b:83:b4:5c:42:cd:67:79:e1:cb:e5:7d:
70:44:ac:52:36:49:14:1b:d9:2d:20:9f:0e:84:c7:
04:88:a6:20:9b:70:69:b6:0d:57:df:77:e9:e5:4e:
d5:91:ad:a1:a3:82:d6:38:72:5c:4f:6c:91:71:4d:
e2:2d:c7:2e:9a:28:40:3a:4e:e0:a3:28:5b:92:50:
c5:13:da:54:38:2d:ee:da:0b:b1:30:94:b2:95:95:
7e:8a:e9:c3:66:12:87:c1:88:b9:1d:5d:02:3d:c8:
1e:e6:49:26:db:c7:91:cc:7a:91:aa:36:0a:ae:9f:
21:fb:b1:85:67:22:12:dd:ce:34:34:a5:df:ee:58:
29:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:07:A0:93:09:08:A7:89:DE:51:32:DD:A9:7B:06:8F:C8:E9:9D:AD
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oQegkwkIp4neUTLdqXsGj8jpna0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
4a:3f:09:c6:c0:6d:8a:a8:2c:fe:da:da:8a:7f:b7:58:8c:73:
0f:d8:0e:57:d6:7b:4e:70:4e:ff:6a:bc:f1:c9:f0:b4:7b:33:
54:59:6d:87:c4:41:70:ef:a6:28:b6:60:b5:70:c8:5e:9b:b7:
6a:b2:81:2b:25:00:74:a4:58:8c:e4:12:60:22:8c:f9:87:66:
7f:f2:f1:d1:42:79:b7:13:21:73:2f:88:27:2f:2d:b1:1f:ab:
68:2a:6b:b7:bc:91:a7:20:d5:98:f0:1f:bd:c5:56:e9:65:67:
e7:f6:ac:d8:97:08:90:86:bc:cf:6a:9a:ac:5c:d7:dd:84:1f:
2f:8b:fc:d4:40:67:01:07:27:ad:27:7e:22:67:02:b6:91:a4:
07:33:a6:70:94:8a:77:2d:94:a5:14:6e:18:3f:4e:c9:c6:c9:
6c:8a:b1:24:e0:3d:1b:ba:52:2f:b5:33:99:ea:07:1c:f8:47:
78:22:b2:59:7c:8f:40:35:8d:3d:36:47:dd:b6:50:bf:c0:7c:
48:45:e9:97:02:1e:5f:78:ef:99:ae:f2:8f:49:96:0d:79:8e:
10:fe:21:61:fb:f4:b6:f7:5b:86:01:a0:41:16:6a:5c:a1:9b:
e4:18:81:06:fa:c4:df:fe:d8:11:17:e5:eb:e0:79:2f:71:3c:
45:c0:e1:c8
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZzowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDIw
ODQxNTVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEExMDdBMDkzMDkwOEE3
ODlERTUxMzJEREE5N0IwNjhGQzhFOTlEQUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7opmrR7Ld604UBXEDVYX/t9BktfLOU8YJ7L9c1cJzTZcW+JgR
J+MfpbxfUPiHUweHARNfNccGK6+WVixPM5outmdmMDEW9o9YmK7ooTvNBmyoZtUi
/2rRWvM41WPInqpaZ/umwgqS0mCiapXZ5baQQXu/zcO+jGAmXjuDtFxCzWd54cvl
fXBErFI2SRQb2S0gnw6ExwSIpiCbcGm2DVffd+nlTtWRraGjgtY4clxPbJFxTeIt
xy6aKEA6TuCjKFuSUMUT2lQ4Le7aC7EwlLKVlX6K6cNmEofBiLkdXQI9yB7mSSbb
x5HMepGqNgqunyH7sYVnIhLdzjQ0pd/uWCnrAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUoQegkwkIp4neUTLdqXsGj8jpna0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29RZWdrd2tJcDRuZVVU
TGRxWHNHajhqcG5hMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBKPwnG
wG2KqCz+2tqKf7dYjHMP2A5X1ntOcE7/arzxyfC0ezNUWW2HxEFw76YotmC1cMhe
m7dqsoErJQB0pFiM5BJgIoz5h2Z/8vHRQnm3EyFzL4gnLy2xH6toKmu3vJGnINWY
8B+9xVbpZWfn9qzYlwiQhrzPapqsXNfdhB8vi/zUQGcBByetJ34iZwK2kaQHM6Zw
lIp3LZSlFG4YP07JxslsirEk4D0bulIvtTOZ6gcc+Ed4IrJZfI9ANY09NkfdtlC/
wHxIRemXAh5feO+ZrvKPSZYNeY4Q/iFh+/S291uGAaBBFmpcoZvkGIEG+sTf/tgR
F+Xr4HkvcTxFwOHI
-----END CERTIFICATE-----
Generated at Sun Jun 22 22:39:51 2025 by rpki-client