
Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/-OikmirZa_GpMSBp478jADnrNOg.roa
File: -OikmirZa_GpMSBp478jADnrNOg.roa (raw, json)
Hash identifier: F5AoKPxHuN5cUvcgyPfA7NwsSmbp3E83F/5GOWpCgEI=
Subject key identifier: F8:E8:A4:9A:2A:D9:6B:F1:A9:31:20:69:E3:BF:23:00:39:EB:34:E8
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 75C2
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-OikmirZa_GpMSBp478jADnrNOg.roa
Signing time: Fri 11 Jul 2025 08:17:28 +0000
ROA not before: Fri 11 Jul 2025 08:17:28 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30146 (0x75c2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 11 08:17:28 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F8E8A49A2AD96BF1A9312069E3BF230039EB34E8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:d8:73:08:38:4d:ce:a2:2f:be:27:bd:c6:a9:
11:fc:f3:c3:eb:45:36:20:3e:df:8b:65:76:6a:af:
9b:1c:c3:48:a2:61:92:34:4d:7d:72:7f:69:16:da:
d4:62:e2:6f:c4:2f:40:23:a2:0c:c5:50:8f:9c:d3:
74:1a:e4:d9:35:b4:8b:34:05:76:4e:d7:26:7c:94:
f4:e7:ee:a2:a3:ff:40:01:5e:c7:2b:ba:c0:46:45:
1c:d9:fa:ba:f1:27:f1:fb:ab:5d:9d:fa:f7:68:4a:
a0:90:ef:d0:49:78:6e:89:32:01:df:1a:ef:dd:e4:
b3:b1:89:da:19:55:fc:cf:b8:12:fd:15:3a:94:bc:
8a:0e:7a:89:05:dc:21:ea:cf:15:af:cd:ce:04:99:
68:0c:c2:58:3f:f7:58:96:85:7c:44:3f:e7:b8:45:
26:99:69:09:dd:4d:c3:42:50:ca:af:6b:73:92:13:
f3:5a:65:8a:35:4c:1f:bd:4f:5e:3d:65:6f:58:1c:
8c:a9:ca:1e:eb:b8:ff:d7:9d:42:2c:93:ca:92:72:
7e:6b:ae:62:7e:a0:fb:5c:2f:e9:b9:15:04:22:ff:
a8:59:cc:84:02:1a:24:f4:c3:0f:81:f1:11:9b:a9:
4b:fe:70:90:a6:99:2c:36:43:9c:98:85:80:06:ee:
02:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:E8:A4:9A:2A:D9:6B:F1:A9:31:20:69:E3:BF:23:00:39:EB:34:E8
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/-OikmirZa_GpMSBp478jADnrNOg.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
2d:1c:5f:fe:2b:5f:f4:c4:07:2d:33:dd:86:f9:95:ef:f5:bb:
f0:58:fc:7d:e0:ba:7b:a4:7d:d6:1a:62:cd:74:ed:02:2d:30:
7e:01:a3:85:eb:29:07:4b:71:89:cc:59:f2:63:5a:73:a7:28:
cc:d7:46:21:5a:46:95:73:e1:de:ce:78:ba:cd:99:f3:f1:ea:
b6:67:b7:81:64:c5:e3:cd:22:5b:59:44:80:96:01:cb:a5:11:
16:24:9c:6b:63:61:74:ab:5b:c8:87:02:5c:93:94:7c:6f:9d:
aa:e8:c9:c2:5e:3e:31:99:b6:47:19:a6:af:64:2a:20:6b:d3:
b3:ba:5d:9a:9b:93:4b:e1:29:ed:57:3c:9b:4d:b4:6b:33:0c:
d8:1c:12:5e:b7:23:60:d6:fb:86:53:aa:5d:11:d7:a0:24:dd:
dc:5b:99:87:25:b5:a6:a4:aa:e6:e0:42:d6:83:05:a4:9a:3c:
38:90:8b:d6:ce:60:2c:af:cb:eb:0e:80:4d:21:0e:cb:0e:35:
6e:d2:ad:f5:58:e6:2c:4a:30:f3:0b:4f:7f:65:27:49:e4:a4:
99:5c:e7:14:db:4b:20:ed:4b:2e:3b:46:fb:51:f9:8b:3b:4b:
0b:a7:92:c5:e5:f9:f6:0a:52:d5:23:5e:f8:28:68:7d:dd:ed:
60:5e:44:77
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdcIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTEw
ODE3MjhaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEY4RThBNDlBMkFEOTZC
RjFBOTMxMjA2OUUzQkYyMzAwMzlFQjM0RTgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCo2HMIOE3Ooi++J73GqRH888PrRTYgPt+LZXZqr5scw0iiYZI0
TX1yf2kW2tRi4m/EL0AjogzFUI+c03Qa5Nk1tIs0BXZO1yZ8lPTn7qKj/0ABXscr
usBGRRzZ+rrxJ/H7q12d+vdoSqCQ79BJeG6JMgHfGu/d5LOxidoZVfzPuBL9FTqU
vIoOeokF3CHqzxWvzc4EmWgMwlg/91iWhXxEP+e4RSaZaQndTcNCUMqva3OSE/Na
ZYo1TB+9T149ZW9YHIypyh7ruP/XnUIsk8qScn5rrmJ+oPtcL+m5FQQi/6hZzIQC
GiT0ww+B8RGbqUv+cJCmmSw2Q5yYhYAG7gLRAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU+OikmirZa/GpMSBp478jADnrNOgwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3Ly1PaWttaXJaYV9HcE1T
QnA0NzhqQURuck5PZy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAtHF/+
K1/0xActM92G+ZXv9bvwWPx94Lp7pH3WGmLNdO0CLTB+AaOF6ykHS3GJzFnyY1pz
pyjM10YhWkaVc+Hezni6zZnz8eq2Z7eBZMXjzSJbWUSAlgHLpREWJJxrY2F0q1vI
hwJck5R8b52q6MnCXj4xmbZHGaavZCoga9Ozul2am5NL4SntVzybTbRrMwzYHBJe
tyNg1vuGU6pdEdegJN3cW5mHJbWmpKrm4ELWgwWkmjw4kIvWzmAsr8vrDoBNIQ7L
DjVu0q31WOYsSjDzC09/ZSdJ5KSZXOcU20sg7UsuO0b7UfmLO0sLp5LF5fn2ClLV
I174KGh93e1gXkR3
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:48:44 2025 by rpki-client