Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/wPoIKh0j6jCBC2HmRnBB978g8w4.roa
File: wPoIKh0j6jCBC2HmRnBB978g8w4.roa (raw, json)
Hash identifier: +5/yLkCdFFpYPW4KMKnPBZ7b2/fL7AIvgCXqtZO/yH4=
Subject key identifier: C0:FA:08:2A:1D:23:EA:30:81:0B:61:E6:46:70:41:F7:BF:20:F3:0E
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6BBE
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wPoIKh0j6jCBC2HmRnBB978g8w4.roa
Signing time: Sat 14 Jun 2025 09:42:26 +0000
ROA not before: Sat 14 Jun 2025 09:42:26 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 27582 (0x6bbe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 14 09:42:26 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=C0FA082A1D23EA30810B61E6467041F7BF20F30E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:a8:03:c9:12:07:17:ba:7f:c4:9a:9c:0c:52:
6a:aa:27:70:56:a1:a7:46:7b:8e:4f:93:bd:1b:2c:
53:89:b9:d1:b6:2f:02:35:2f:e8:ab:4f:78:48:44:
90:4c:31:3d:e8:1c:74:e7:7c:9e:5b:df:e0:2c:6f:
3b:ad:6c:b9:68:44:3e:c3:7e:6e:d4:ce:90:13:ee:
16:07:1c:9f:5b:00:52:94:4a:61:e4:f2:6f:a0:45:
44:c6:2a:8e:5f:ef:e5:bc:22:e2:20:81:59:d6:4b:
f5:b6:89:b0:72:8e:05:8a:46:8e:69:3b:5f:49:f3:
4e:a7:b0:a8:77:9f:74:a2:fb:db:8a:12:d9:25:41:
18:cc:8b:60:f1:2d:d8:90:c8:7f:66:c9:47:38:4a:
89:55:ea:3e:cb:27:cb:b2:d4:55:df:65:18:57:cc:
87:f8:f5:79:0d:53:d8:c1:96:94:e2:63:72:27:fb:
ca:91:0e:e1:15:b0:bb:59:c6:c0:63:2c:04:73:18:
67:76:cb:fa:06:27:c0:3f:37:f1:aa:d3:1c:61:6b:
1e:16:ae:b0:bd:2a:41:4f:f4:87:f8:95:7b:c3:d4:
a7:3c:99:87:0c:a5:32:64:9d:bd:c6:77:24:4f:ee:
ed:01:df:82:5b:4d:b0:9b:1e:c5:ba:20:7c:5a:12:
42:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:FA:08:2A:1D:23:EA:30:81:0B:61:E6:46:70:41:F7:BF:20:F3:0E
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/wPoIKh0j6jCBC2HmRnBB978g8w4.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b7:01:fc:81:27:82:d5:39:e1:3f:02:75:6c:da:45:59:a6:6d:
ed:95:67:a7:da:55:4c:df:42:18:f6:ec:69:41:bb:73:80:78:
d0:8a:61:2c:72:9c:64:7c:88:58:c5:02:cb:b2:02:d2:ec:3b:
67:97:4c:0f:52:9a:23:f3:30:ea:d5:d3:f1:05:9c:39:d0:48:
e3:6b:f0:9f:9a:7d:16:8a:bb:62:10:d8:24:ff:26:47:bf:f5:
37:e6:51:35:bf:ad:29:b6:be:39:40:ad:5a:96:dc:f7:10:88:
99:e3:9b:b1:05:93:8c:bd:bb:23:5b:a2:95:25:48:78:4b:5a:
39:85:b0:87:8f:73:15:13:93:c6:04:9f:4e:cd:71:5e:a6:69:
50:5d:b5:5f:8a:34:41:f2:0c:03:8c:5a:9f:0b:0e:13:ec:57:
45:dd:23:fd:1e:80:46:f4:17:b0:26:7d:5e:3c:e2:72:ab:5e:
ce:ec:33:17:20:9b:a7:ef:6e:3e:39:40:ec:bc:85:69:e7:aa:
a8:14:1a:2b:ab:51:28:e0:f3:18:d4:bf:4c:e1:aa:b3:f9:f3:
d0:87:2d:f9:14:b7:83:89:d0:9f:75:70:73:f8:70:ff:fa:d7:
d0:d8:2b:59:4e:7a:44:b8:0f:d3:ef:e6:88:16:39:9d:b5:c4:
0b:43:b4:22
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICa74wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MTQw
OTQyMjZaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEMwRkEwODJBMUQyM0VB
MzA4MTBCNjFFNjQ2NzA0MUY3QkYyMEYzMEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYqAPJEgcXun/EmpwMUmqqJ3BWoadGe45Pk70bLFOJudG2LwI1
L+irT3hIRJBMMT3oHHTnfJ5b3+AsbzutbLloRD7Dfm7UzpAT7hYHHJ9bAFKUSmHk
8m+gRUTGKo5f7+W8IuIggVnWS/W2ibByjgWKRo5pO19J806nsKh3n3Si+9uKEtkl
QRjMi2DxLdiQyH9myUc4SolV6j7LJ8uy1FXfZRhXzIf49XkNU9jBlpTiY3In+8qR
DuEVsLtZxsBjLARzGGd2y/oGJ8A/N/Gq0xxhax4WrrC9KkFP9If4lXvD1Kc8mYcM
pTJknb3GdyRP7u0B34JbTbCbHsW6IHxaEkJtAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQUwPoIKh0j6jCBC2HmRnBB978g8w4wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L3dQb0lLaDBqNmpDQkMy
SG1SbkJCOTc4Zzh3NC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQC3AfyB
J4LVOeE/AnVs2kVZpm3tlWen2lVM30IY9uxpQbtzgHjQimEscpxkfIhYxQLLsgLS
7Dtnl0wPUpoj8zDq1dPxBZw50Ejja/Cfmn0WirtiENgk/yZHv/U35lE1v60ptr45
QK1altz3EIiZ45uxBZOMvbsjW6KVJUh4S1o5hbCHj3MVE5PGBJ9OzXFepmlQXbVf
ijRB8gwDjFqfCw4T7FdF3SP9HoBG9BewJn1ePOJyq17O7DMXIJun724+OUDsvIVp
56qoFBorq1Eo4PMY1L9M4aqz+fPQhy35FLeDidCfdXBz+HD/+tfQ2CtZTnpEuA/T
7+aIFjmdtcQLQ7Qi
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:14:06 2025 by rpki-client