Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0bcYI083ay1-h3KvL5LwUNnTcAQ.roa
File: 0bcYI083ay1-h3KvL5LwUNnTcAQ.roa (raw, json)
Hash identifier: 4y0tzsMu1qXA4VR8A+Wm3GM8TKdpJDP5eJB9KpOX5Jo=
Subject key identifier: D1:B7:18:23:4F:37:6B:2D:7E:87:72:AF:2F:92:F0:50:D9:D3:70:04
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6E1A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0bcYI083ay1-h3KvL5LwUNnTcAQ.roa
Signing time: Sat 21 Jun 2025 04:14:20 +0000
ROA not before: Sat 21 Jun 2025 04:14:20 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28186 (0x6e1a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 21 04:14:20 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D1B718234F376B2D7E8772AF2F92F050D9D37004
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:50:3e:c9:2f:ca:ad:14:ba:9d:1f:4a:d0:3d:
eb:a9:59:c6:2e:0a:cf:62:c8:87:44:f2:e2:22:84:
71:3f:83:3e:42:ec:18:07:07:a0:b4:f6:a1:37:2b:
7c:62:fc:9e:96:43:fc:01:e1:40:12:00:44:d7:b7:
dc:fd:b7:e7:af:bf:06:3f:f3:4a:e7:da:17:1b:f4:
d7:20:61:4d:4f:36:c8:8a:c3:98:37:bd:e3:44:f6:
4d:ac:7e:6e:3c:32:de:db:b6:8f:ad:69:2c:6f:1b:
13:7e:3d:0e:cf:a8:9a:47:e4:76:ce:ee:5e:87:a3:
c2:c3:cf:1c:51:dc:88:ab:02:30:09:4f:c0:53:f4:
a1:20:da:a9:59:ad:08:ba:fa:67:8a:92:e6:5e:47:
5a:f9:00:cf:6f:1a:19:49:01:c9:7a:a8:32:54:db:
f1:ba:a1:2a:70:9e:87:36:6b:74:76:a4:d3:d8:b1:
51:1b:19:0f:15:ae:d1:6d:32:a5:13:b4:bd:4d:49:
cd:16:48:11:fb:13:22:30:a1:6d:80:d2:45:bd:7a:
da:5b:3a:79:dd:3c:58:14:dc:1b:86:72:e3:f5:20:
15:4e:53:df:f7:43:3c:27:be:d7:54:d2:6a:87:3a:
4e:d7:22:1a:5b:77:11:fe:14:de:26:71:66:34:8e:
2e:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:B7:18:23:4F:37:6B:2D:7E:87:72:AF:2F:92:F0:50:D9:D3:70:04
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0bcYI083ay1-h3KvL5LwUNnTcAQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
00:01:8b:c0:47:fa:43:39:4a:a5:5d:48:73:dd:47:bd:94:0b:
e5:73:aa:a4:65:6f:c0:60:31:29:2d:77:0b:44:5d:02:22:09:
21:a4:5d:59:3e:01:08:a6:26:b2:e2:51:84:4d:8c:ea:7b:18:
a7:2c:5b:37:39:98:ed:ec:84:2f:71:7c:71:f0:b2:a4:8e:08:
8b:bf:64:e2:d5:36:33:28:1a:48:29:15:bb:b5:b2:db:5e:5a:
5c:c5:ec:d4:31:71:ab:ea:c9:f6:e6:c1:e0:6e:72:a9:12:68:
96:e2:67:93:63:dd:2f:48:e0:95:af:39:95:e6:b3:80:90:52:
79:b9:5e:c9:51:7c:db:cd:c4:28:a5:62:ba:0c:55:bb:ff:1a:
5f:d9:15:f0:47:c2:6d:c0:95:b4:c6:4c:5b:94:86:d9:12:eb:
8e:7d:75:62:23:bd:10:3c:81:b5:d6:a6:0d:b3:33:7a:1d:e8:
e0:20:4c:a5:4e:b3:6f:a3:ca:b4:fa:b8:f0:bc:ee:9c:ec:5a:
5d:72:87:bd:9d:f0:95:42:13:ba:b5:96:32:e7:f1:61:a6:37:
95:84:76:05:6c:d6:cd:67:33:e5:92:3b:8f:de:33:2d:ec:56:
50:4a:73:5c:d8:36:c8:ca:4a:c3:7d:2f:f9:1f:20:d5:9d:fe:
e6:bc:1d:b3
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbhowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjEw
NDE0MjBaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQxQjcxODIzNEYzNzZC
MkQ3RTg3NzJBRjJGOTJGMDUwRDlEMzcwMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPUD7JL8qtFLqdH0rQPeupWcYuCs9iyIdE8uIihHE/gz5C7BgH
B6C09qE3K3xi/J6WQ/wB4UASAETXt9z9t+evvwY/80rn2hcb9NcgYU1PNsiKw5g3
veNE9k2sfm48Mt7bto+taSxvGxN+PQ7PqJpH5HbO7l6Ho8LDzxxR3IirAjAJT8BT
9KEg2qlZrQi6+meKkuZeR1r5AM9vGhlJAcl6qDJU2/G6oSpwnoc2a3R2pNPYsVEb
GQ8VrtFtMqUTtL1NSc0WSBH7EyIwoW2A0kW9etpbOnndPFgU3BuGcuP1IBVOU9/3
QzwnvtdU0mqHOk7XIhpbdxH+FN4mcWY0ji65AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU0bcYI083ay1+h3KvL5LwUNnTcAQwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzBiY1lJMDgzYXkxLWgz
S3ZMNUx3VU5uVGNBUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAAAYvA
R/pDOUqlXUhz3Ue9lAvlc6qkZW/AYDEpLXcLRF0CIgkhpF1ZPgEIpiay4lGETYzq
exinLFs3OZjt7IQvcXxx8LKkjgiLv2Ti1TYzKBpIKRW7tbLbXlpcxezUMXGr6sn2
5sHgbnKpEmiW4meTY90vSOCVrzmV5rOAkFJ5uV7JUXzbzcQopWK6DFW7/xpf2RXw
R8JtwJW0xkxblIbZEuuOfXViI70QPIG11qYNszN6HejgIEylTrNvo8q0+rjwvO6c
7Fpdcoe9nfCVQhO6tZYy5/FhpjeVhHYFbNbNZzPlkjuP3jMt7FZQSnNc2DbIykrD
fS/5HyDVnf7mvB2z
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:50:44 2025 by rpki-client