Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ouod9SQ0ZX3jlbcdtWC-7CHr08M.roa
File: ouod9SQ0ZX3jlbcdtWC-7CHr08M.roa (raw, json)
Hash identifier: yh2/2aT86uVpMBeYW/vOtNNnus+qyNzKY/zOlgl8W3I=
Subject key identifier: A2:EA:1D:F5:24:34:65:7D:E3:95:B7:1D:B5:60:BE:EC:21:EB:D3:C3
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6AC2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ouod9SQ0ZX3jlbcdtWC-7CHr08M.roa
Signing time: Wed 11 Jun 2025 18:42:11 +0000
ROA not before: Wed 11 Jun 2025 18:42:11 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27330 (0x6ac2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 11 18:42:11 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=A2EA1DF52434657DE395B71DB560BEEC21EBD3C3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:93:7f:ad:d1:1a:27:4d:b4:b1:0e:7a:d2:4f:
88:45:6c:d0:05:33:16:c0:85:71:65:0d:c3:a0:a7:
c8:b0:3e:32:fd:15:bf:11:9c:5d:93:9c:12:bd:45:
2b:e1:d6:cd:bf:50:4b:91:86:c7:ae:4a:f9:b2:5b:
a0:2a:ad:83:bb:6c:39:ae:98:0e:d7:60:21:32:c1:
d6:33:81:b8:41:3b:91:01:59:7f:5f:0a:11:50:ff:
86:12:8c:e6:d0:d6:79:58:33:97:1d:df:28:19:bd:
71:dc:ad:1f:72:6d:3f:29:ea:31:13:9c:0a:bf:f3:
74:44:d3:b7:97:b6:86:5a:dd:61:73:fa:57:39:08:
09:9b:0c:ff:8b:32:88:16:e8:e2:fe:14:6c:01:77:
22:c2:b9:07:25:21:31:1a:d7:ac:e2:4d:64:c7:ea:
24:f7:a1:c2:1d:a8:57:35:cf:6a:77:5f:eb:a5:11:
2e:2b:dc:ec:87:8c:39:53:98:86:7a:d0:79:0d:9d:
a4:98:c1:ac:c1:8f:2b:3c:e1:b5:0b:1d:47:41:74:
5f:d8:59:91:67:f2:8a:ec:c4:5c:8c:d3:69:1e:c7:
8e:e7:ae:e2:b8:31:6d:d6:1c:3e:d6:30:e2:e4:61:
7e:4a:bd:51:7e:f3:69:3a:37:7e:17:4a:4c:4b:5d:
fb:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:EA:1D:F5:24:34:65:7D:E3:95:B7:1D:B5:60:BE:EC:21:EB:D3:C3
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ouod9SQ0ZX3jlbcdtWC-7CHr08M.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
30:e7:e0:e9:c8:5c:0d:88:6d:c4:37:68:73:de:8a:0f:da:d4:
e7:c7:6b:f0:3e:cb:60:95:3c:ba:2c:c3:ef:d1:5a:65:f8:9b:
d1:34:2f:cc:e3:17:80:4b:11:fe:2b:7c:57:a6:1f:bb:9e:8b:
f0:c9:8b:3e:16:50:6c:a8:43:43:82:7c:b3:c9:06:3b:51:c0:
d3:3c:15:a2:c5:b7:6c:2b:bb:bf:b1:dd:fa:56:c3:0a:b2:5f:
76:98:3e:1c:d5:96:db:9a:74:e0:bc:15:dd:18:bd:88:bb:50:
96:a9:85:93:73:9b:69:a4:c7:f5:ca:2c:8e:d3:dc:26:f0:c5:
ca:f3:57:3c:6d:75:a0:dd:10:a3:56:2e:6e:a6:58:67:97:08:
1b:6a:ef:5d:ee:c0:2b:39:de:2e:a1:89:dd:6f:3e:b7:06:b4:
49:54:dc:4f:89:5a:77:51:fb:22:00:cc:cd:44:b0:0b:47:be:
92:ad:dc:ea:12:36:88:d5:f4:5f:16:d0:d4:9c:37:66:e0:1e:
6c:2d:f4:5d:6c:fa:ea:47:e9:61:04:09:84:96:7f:a9:be:10:
a9:b3:e6:8c:c4:b7:46:03:ec:a6:20:a8:b0:12:76:46:e2:db:
12:97:aa:a9:0c:37:9d:4b:09:bf:d5:f6:a4:2b:b9:36:55:ed:
7f:7b:e4:9e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICasIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTEx
ODQyMTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEEyRUExREY1MjQzNDY1
N0RFMzk1QjcxREI1NjBCRUVDMjFFQkQzQzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDgk3+t0RonTbSxDnrST4hFbNAFMxbAhXFlDcOgp8iwPjL9Fb8R
nF2TnBK9RSvh1s2/UEuRhseuSvmyW6AqrYO7bDmumA7XYCEywdYzgbhBO5EBWX9f
ChFQ/4YSjObQ1nlYM5cd3ygZvXHcrR9ybT8p6jETnAq/83RE07eXtoZa3WFz+lc5
CAmbDP+LMogW6OL+FGwBdyLCuQclITEa16ziTWTH6iT3ocIdqFc1z2p3X+ulES4r
3OyHjDlTmIZ60HkNnaSYwazBjys84bULHUdBdF/YWZFn8orsxFyM02kex47nruK4
MW3WHD7WMOLkYX5KvVF+82k6N34XSkxLXftrAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUouod9SQ0ZX3jlbcdtWC+7CHr08MwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L291b2Q5U1EwWlgzamxi
Y2R0V0MtN0NIcjA4TS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAw5+Dp
yFwNiG3EN2hz3ooP2tTnx2vwPstglTy6LMPv0Vpl+JvRNC/M4xeASxH+K3xXph+7
novwyYs+FlBsqENDgnyzyQY7UcDTPBWixbdsK7u/sd36VsMKsl92mD4c1ZbbmnTg
vBXdGL2Iu1CWqYWTc5tppMf1yiyO09wm8MXK81c8bXWg3RCjVi5uplhnlwgbau9d
7sArOd4uoYndbz63BrRJVNxPiVp3UfsiAMzNRLALR76SrdzqEjaI1fRfFtDUnDdm
4B5sLfRdbPrqR+lhBAmEln+pvhCps+aMxLdGA+ymIKiwEnZG4tsSl6qpDDedSwm/
1fakK7k2Ve1/e+Se
-----END CERTIFICATE-----
Generated at Sun Jun 22 04:41:05 2025 by rpki-client