Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0hi-DPQjRXYuh9568CCmMHP4L_o.roa
File: 0hi-DPQjRXYuh9568CCmMHP4L_o.roa (raw, json)
Hash identifier: IEDnlDmWhvPwNKIkCFMTIe8eeg9et/zvWAoE8za9Ff4=
Subject key identifier: D2:18:BE:0C:F4:23:45:76:2E:87:DE:7A:F0:20:A6:30:73:F8:2F:FA
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7478
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0hi-DPQjRXYuh9568CCmMHP4L_o.roa
Signing time: Mon 07 Jul 2025 21:45:05 +0000
ROA not before: Mon 07 Jul 2025 21:45:05 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29816 (0x7478)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 7 21:45:05 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D218BE0CF42345762E87DE7AF020A63073F82FFA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:66:d1:10:ce:38:6a:bb:50:f9:06:c8:cf:8b:
35:11:03:05:a0:83:0b:7b:a8:68:23:a6:38:76:c9:
e5:1d:e5:e2:ab:38:47:30:2c:9a:73:30:6c:53:d8:
af:aa:94:f0:8d:c3:88:13:5b:ed:01:56:10:75:ed:
e1:1e:b6:51:ad:a0:86:1a:5d:ec:ad:e1:bf:bb:54:
2d:61:e9:ee:f5:b8:6f:ab:68:d0:e3:5b:73:c9:fa:
47:28:0b:65:03:69:12:e5:97:a3:b7:27:40:39:0d:
1e:7c:28:69:b6:b3:67:e5:a6:ba:84:9c:f0:07:0d:
e1:3e:1c:7a:e2:b9:7a:81:3f:63:64:42:36:f3:d8:
67:3c:25:b8:8e:8e:8c:be:8c:e8:38:6b:9f:94:95:
4f:90:fb:27:dd:12:85:84:ca:1b:3f:d9:0d:9f:4b:
3b:84:da:db:2b:9d:6a:1f:3d:98:bc:cc:75:c7:94:
4e:cf:87:30:1d:2e:1a:ab:ff:cd:84:ce:a1:b6:0c:
ca:9b:a7:27:f5:af:e1:fd:6d:62:00:36:b3:34:68:
fb:91:90:bf:28:74:de:37:7e:04:15:e1:b4:a1:ad:
27:75:68:ea:f5:e7:74:a2:a6:a5:38:93:91:14:60:
c7:f1:0c:a9:7e:cb:16:a0:0f:52:b0:93:19:2c:bd:
17:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:18:BE:0C:F4:23:45:76:2E:87:DE:7A:F0:20:A6:30:73:F8:2F:FA
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0hi-DPQjRXYuh9568CCmMHP4L_o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
b0:64:c6:4e:ce:6c:f2:e4:be:70:26:07:e0:db:3c:e7:aa:05:
8a:9b:6e:c4:e0:26:79:83:f3:78:13:6e:ca:93:4b:4c:e8:f5:
2d:d2:8d:6d:62:22:c6:75:13:9e:c7:6d:ca:a0:42:b2:15:7e:
ba:de:0b:43:eb:8d:09:f0:61:3d:b0:1d:1e:5f:4b:94:54:f7:
12:e3:13:c9:7f:de:fd:f9:4d:d0:5d:a2:14:43:e7:c6:45:5b:
63:85:33:65:b4:d3:93:4a:68:10:05:9c:ec:a4:01:79:d2:c3:
ea:7a:f5:b0:6d:eb:43:b4:d7:8d:67:2a:ea:34:1e:3a:36:48:
fd:7a:1a:b9:ca:76:a7:88:be:3e:40:2a:d9:80:46:1e:d3:9a:
59:55:28:a2:34:04:08:19:ea:5a:66:6c:ad:7a:81:3f:95:45:
a0:65:f2:32:ac:18:25:1c:c6:7e:33:fc:09:39:54:72:21:f6:
d6:e7:fc:43:9a:01:f5:e1:35:1d:36:ee:cd:31:39:58:99:d6:
d0:e5:b9:61:7b:c6:3d:e9:69:45:45:52:d8:7e:00:c1:5e:78:
83:6f:a7:2d:c1:35:d2:80:b0:e9:53:2b:67:4d:ac:9a:ef:5f:
ec:2e:1b:a8:15:b8:a9:3d:e4:fd:e4:0f:c4:86:50:6b:f2:63:
75:a9:e1:6f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdHgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDcy
MTQ1MDVaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQyMThCRTBDRjQyMzQ1
NzYyRTg3REU3QUYwMjBBNjMwNzNGODJGRkEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC3ZtEQzjhqu1D5BsjPizURAwWggwt7qGgjpjh2yeUd5eKrOEcw
LJpzMGxT2K+qlPCNw4gTW+0BVhB17eEetlGtoIYaXeyt4b+7VC1h6e71uG+raNDj
W3PJ+kcoC2UDaRLll6O3J0A5DR58KGm2s2flprqEnPAHDeE+HHriuXqBP2NkQjbz
2Gc8JbiOjoy+jOg4a5+UlU+Q+yfdEoWEyhs/2Q2fSzuE2tsrnWofPZi8zHXHlE7P
hzAdLhqr/82EzqG2DMqbpyf1r+H9bWIANrM0aPuRkL8odN43fgQV4bShrSd1aOr1
53SipqU4k5EUYMfxDKl+yxagD1KwkxksvReVAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU0hi+DPQjRXYuh9568CCmMHP4L/owHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzBoaS1EUFFqUlhZdWg5
NTY4Q0NtTUhQNExfby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCwZMZO
zmzy5L5wJgfg2zznqgWKm27E4CZ5g/N4E27Kk0tM6PUt0o1tYiLGdROex23KoEKy
FX663gtD640J8GE9sB0eX0uUVPcS4xPJf979+U3QXaIUQ+fGRVtjhTNltNOTSmgQ
BZzspAF50sPqevWwbetDtNeNZyrqNB46Nkj9ehq5ynaniL4+QCrZgEYe05pZVSii
NAQIGepaZmyteoE/lUWgZfIyrBglHMZ+M/wJOVRyIfbW5/xDmgH14TUdNu7NMTlY
mdbQ5blhe8Y96WlFRVLYfgDBXniDb6ctwTXSgLDpUytnTaya71/sLhuoFbipPeT9
5A/EhlBr8mN1qeFv
-----END CERTIFICATE-----
Generated at Sun Jul 20 16:33:47 2025 by rpki-client