Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/oU2_ZwE4RqC9lkXiap4e7rpJKZ8.roa
File: oU2_ZwE4RqC9lkXiap4e7rpJKZ8.roa (raw, json)
Hash identifier: aU6nGHm5fKUUm5edQsAe2mssObDV4gniTiB2yEb5YDI=
Subject key identifier: A1:4D:BF:67:01:38:46:A0:BD:96:45:E2:6A:9E:1E:EE:BA:49:29:9F
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 669C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oU2_ZwE4RqC9lkXiap4e7rpJKZ8.roa
Signing time: Sat 31 May 2025 17:11:33 +0000
ROA not before: Sat 31 May 2025 17:11:33 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26268 (0x669c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 31 17:11:33 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A14DBF67013846A0BD9645E26A9E1EEEBA49299F
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:c6:62:08:ac:a3:8e:06:b0:fc:d6:66:d9:05:
2b:66:dd:8f:ad:bb:24:74:52:7a:fc:26:27:7f:4e:
65:82:1e:b0:36:ba:bf:d8:38:78:33:7f:1f:8f:ef:
14:d4:4e:1b:26:d6:61:28:08:98:ae:49:d1:74:b4:
72:94:a3:e1:f5:06:98:ad:d4:60:2a:b0:35:02:97:
ab:8e:06:46:be:89:63:ce:62:ed:62:11:ef:13:9f:
c8:0c:4e:bc:57:02:aa:74:8c:d1:eb:df:11:5d:25:
21:43:dc:fe:88:28:28:e2:ae:9a:31:59:47:7e:72:
ca:31:ab:2e:14:15:78:a9:9d:6e:02:fb:5a:ac:0e:
2b:49:c7:ed:6e:f6:b4:a3:2e:97:8d:19:95:ee:db:
f8:f8:1a:36:2f:cf:b3:a5:3e:24:f6:14:1d:f2:c7:
e4:35:a0:51:68:72:f0:2e:dc:8e:a7:07:fa:4f:7f:
d8:ca:37:ef:c2:ac:86:57:97:4e:14:cc:15:38:da:
41:60:8d:40:87:48:2c:7d:5d:40:f3:da:5b:cd:19:
26:2e:78:7b:c6:0e:56:a7:b7:b9:ee:0a:ff:6c:10:
e2:bf:ca:c7:34:a0:8a:b1:56:b3:57:7d:28:74:7d:
49:36:52:76:21:b4:f3:8c:71:d8:fb:e1:08:75:36:
e9:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:4D:BF:67:01:38:46:A0:BD:96:45:E2:6A:9E:1E:EE:BA:49:29:9F
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/oU2_ZwE4RqC9lkXiap4e7rpJKZ8.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
7a:e8:c9:8c:d4:b4:f6:58:ed:6f:af:08:97:7c:7b:11:e2:43:
07:73:18:79:4a:b4:f5:c7:7d:10:37:9c:95:26:7c:f3:01:e3:
5e:72:48:b3:e6:35:24:c4:41:ee:96:d0:c4:ef:c4:92:e5:10:
20:ba:27:7d:61:0e:4d:f0:60:ae:8c:8e:79:cc:0b:74:db:2f:
12:b6:36:73:8d:7e:c8:2d:55:20:b8:14:57:fa:fd:70:c8:63:
a7:5a:15:e8:53:88:96:d4:ed:a5:ff:b4:2f:d4:78:d5:ea:b4:
73:de:d3:4b:89:af:6a:41:b7:7a:58:3a:89:23:08:ee:41:ae:
40:e1:86:78:7c:97:b4:68:cb:2c:e6:24:51:56:02:37:c2:12:
b3:8f:18:66:03:07:8e:9c:a0:85:d1:df:49:1a:e1:33:f3:17:
ba:a7:07:6a:80:86:4d:f4:c4:6a:2d:08:28:c8:f3:ea:8c:08:
1c:06:46:8c:d1:60:c8:50:f9:42:23:2e:3a:c6:67:4f:db:41:
ea:7e:61:e4:f2:2d:79:8e:cc:9f:d2:1f:f2:75:d5:5a:a0:71:
57:02:00:5a:d5:38:9f:a1:4b:e5:f7:39:22:5d:c0:da:60:69:
c1:90:7e:51:3c:47:ab:0e:66:f6:85:3a:b1:65:77:87:23:53:
45:3d:c2:98
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZpwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA1MzEx
NzExMzNaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEExNERCRjY3MDEzODQ2
QTBCRDk2NDVFMjZBOUUxRUVFQkE0OTI5OUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMxmIIrKOOBrD81mbZBStm3Y+tuyR0Unr8Jid/TmWCHrA2ur/Y
OHgzfx+P7xTUThsm1mEoCJiuSdF0tHKUo+H1Bpit1GAqsDUCl6uOBka+iWPOYu1i
Ee8Tn8gMTrxXAqp0jNHr3xFdJSFD3P6IKCjirpoxWUd+csoxqy4UFXipnW4C+1qs
DitJx+1u9rSjLpeNGZXu2/j4GjYvz7OlPiT2FB3yx+Q1oFFocvAu3I6nB/pPf9jK
N+/CrIZXl04UzBU42kFgjUCHSCx9XUDz2lvNGSYueHvGDlant7nuCv9sEOK/ysc0
oIqxVrNXfSh0fUk2UnYhtPOMcdj74Qh1NulZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUoU2/ZwE4RqC9lkXiap4e7rpJKZ8wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L29VMl9ad0U0UnFDOWxr
WGlhcDRlN3JwSktaOC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQB66MmM
1LT2WO1vrwiXfHsR4kMHcxh5SrT1x30QN5yVJnzzAeNeckiz5jUkxEHultDE78SS
5RAguid9YQ5N8GCujI55zAt02y8StjZzjX7ILVUguBRX+v1wyGOnWhXoU4iW1O2l
/7Qv1HjV6rRz3tNLia9qQbd6WDqJIwjuQa5A4YZ4fJe0aMss5iRRVgI3whKzjxhm
AweOnKCF0d9JGuEz8xe6pwdqgIZN9MRqLQgoyPPqjAgcBkaM0WDIUPlCIy46xmdP
20HqfmHk8i15jsyf0h/yddVaoHFXAgBa1TifoUvl9zkiXcDaYGnBkH5RPEerDmb2
hTqxZXeHI1NFPcKY
-----END CERTIFICATE-----
Generated at Sun Jun 22 03:56:59 2025 by rpki-client