Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/0lT8l0BnXqJuFTyXV-IeggUTfMk.roa
File: 0lT8l0BnXqJuFTyXV-IeggUTfMk.roa (raw, json)
Hash identifier: opyyVrM3Rf/Hiz+XBDzCBFvZwqq4Tjknd83IqJSIEbY=
Subject key identifier: D2:54:FC:97:40:67:5E:A2:6E:15:3C:97:57:E2:1E:82:05:13:7C:C9
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7274
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0lT8l0BnXqJuFTyXV-IeggUTfMk.roa
Signing time: Wed 02 Jul 2025 12:45:04 +0000
ROA not before: Wed 02 Jul 2025 12:45:04 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29300 (0x7274)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 2 12:45:04 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D254FC9740675EA26E153C9757E21E8205137CC9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:47:09:91:03:7d:93:c3:0f:6e:c6:24:aa:88:
eb:a6:b8:07:5d:ae:86:cf:a3:97:20:c6:2b:77:b1:
81:0e:43:07:2d:0d:e1:0a:82:39:01:e0:cb:15:06:
46:20:e7:2e:f4:b2:21:8e:49:68:4e:79:15:19:e7:
95:99:7f:84:9c:e5:05:dc:37:5b:67:1e:53:1c:2f:
26:00:48:30:d8:01:42:ff:53:01:9d:b5:6c:ad:be:
6b:0c:24:d9:92:be:3e:39:21:60:3a:e3:f7:7a:56:
99:92:db:8f:0e:13:cf:5c:94:f3:7e:fa:df:17:63:
c6:0b:27:36:cf:c9:23:e3:8a:cf:5b:c6:3f:69:5e:
b7:07:b6:dd:1a:4f:fb:a1:01:03:4c:62:a6:58:2c:
66:47:c3:57:ba:ce:ca:5e:d8:7e:96:58:ba:4f:2d:
15:7c:67:e7:7e:ae:1f:35:87:da:93:d2:a2:f3:8f:
54:a9:45:84:f2:08:91:4d:cd:38:ce:ea:a7:98:46:
05:fb:e8:c5:81:54:82:95:e2:79:a4:01:df:8d:2d:
95:ca:4a:ab:cc:70:11:cc:d2:3e:72:7e:1d:c1:5e:
f5:9d:a6:06:2b:51:b5:4f:b7:83:a1:fb:4e:d9:84:
73:91:60:79:df:23:5d:bd:b9:cc:6a:38:23:aa:a8:
c9:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:54:FC:97:40:67:5E:A2:6E:15:3C:97:57:E2:1E:82:05:13:7C:C9
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/0lT8l0BnXqJuFTyXV-IeggUTfMk.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
21:59:de:28:2d:90:9c:79:d9:51:d0:2c:76:02:83:30:42:91:
58:bb:3a:88:9b:0f:35:ae:69:ea:84:54:22:b4:32:d4:a6:b3:
52:3f:a1:ba:de:55:46:77:e8:92:7d:33:ac:22:fd:fe:0e:96:
4b:9d:41:91:d1:4d:42:b6:50:2c:ba:aa:7c:1a:82:e2:33:7f:
39:58:a6:1a:02:01:d4:75:fe:39:7b:ce:92:54:12:9c:a1:19:
23:58:eb:b6:38:eb:8f:bc:fb:ae:32:1a:ea:6e:05:39:ed:1f:
53:51:0c:7a:9c:53:6a:8e:9c:33:16:9c:bb:7b:c2:77:65:1a:
82:10:5e:8d:45:5d:16:73:de:ae:aa:17:a7:f5:dc:76:1c:c6:
9f:43:af:5c:bb:d2:22:9e:fd:6e:71:36:92:39:28:f9:2c:ff:
3b:18:7a:03:5e:ce:b7:dc:e6:0e:79:2d:54:f4:3f:4a:a6:92:
99:b8:c8:30:c6:10:0a:58:74:3c:2e:b6:1d:a8:74:cd:6c:2d:
6f:41:9d:66:de:16:42:c5:75:ff:3f:78:78:c8:24:f7:37:3a:
10:6d:8f:9b:12:4b:98:66:b7:8c:64:fa:63:34:a5:12:40:ed:
86:3f:34:fc:bd:32:7c:95:de:f9:9f:2e:4e:c3:e8:44:06:26:
c9:83:06:3c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcnQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDIx
MjQ1MDRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQyNTRGQzk3NDA2NzVF
QTI2RTE1M0M5NzU3RTIxRTgyMDUxMzdDQzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvRwmRA32Tww9uxiSqiOumuAddrobPo5cgxit3sYEOQwctDeEK
gjkB4MsVBkYg5y70siGOSWhOeRUZ55WZf4Sc5QXcN1tnHlMcLyYASDDYAUL/UwGd
tWytvmsMJNmSvj45IWA64/d6VpmS248OE89clPN++t8XY8YLJzbPySPjis9bxj9p
XrcHtt0aT/uhAQNMYqZYLGZHw1e6zspe2H6WWLpPLRV8Z+d+rh81h9qT0qLzj1Sp
RYTyCJFNzTjO6qeYRgX76MWBVIKV4nmkAd+NLZXKSqvMcBHM0j5yfh3BXvWdpgYr
UbVPt4Oh+07ZhHORYHnfI129ucxqOCOqqMl7AgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU0lT8l0BnXqJuFTyXV+IeggUTfMkwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzBsVDhsMEJuWHFKdUZU
eVhWLUllZ2dVVGZNay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAhWd4o
LZCcedlR0Cx2AoMwQpFYuzqImw81rmnqhFQitDLUprNSP6G63lVGd+iSfTOsIv3+
DpZLnUGR0U1CtlAsuqp8GoLiM385WKYaAgHUdf45e86SVBKcoRkjWOu2OOuPvPuu
MhrqbgU57R9TUQx6nFNqjpwzFpy7e8J3ZRqCEF6NRV0Wc96uqhen9dx2HMafQ69c
u9Iinv1ucTaSOSj5LP87GHoDXs633OYOeS1U9D9KppKZuMgwxhAKWHQ8LrYdqHTN
bC1vQZ1m3hZCxXX/P3h4yCT3NzoQbY+bEkuYZreMZPpjNKUSQO2GPzT8vTJ8ld75
ny5Ow+hEBibJgwY8
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:57:42 2025 by rpki-client