Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2F8Mbp0kv8neTt-R_c0VQiMPp-I.roa
File: 2F8Mbp0kv8neTt-R_c0VQiMPp-I.roa (raw, json)
Hash identifier: VVkRb4+v6+qQa4YH2dGA2w1XNCpI9sUg/SrtdYm+G/s=
Subject key identifier: D8:5F:0C:6E:9D:24:BF:C9:DE:4E:DF:91:FD:CD:15:42:23:0F:A7:E2
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 754C
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2F8Mbp0kv8neTt-R_c0VQiMPp-I.roa
Signing time: Thu 10 Jul 2025 02:45:11 +0000
ROA not before: Thu 10 Jul 2025 02:45:11 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 30028 (0x754c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 10 02:45:11 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D85F0C6E9D24BFC9DE4EDF91FDCD1542230FA7E2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:fe:fc:04:68:c4:cc:96:fe:18:70:2b:db:df:
d7:09:b0:f8:1c:12:c4:d5:14:b3:33:25:d6:a6:6e:
20:d9:5a:90:1a:db:27:d3:ef:a5:0b:7f:b3:80:27:
d0:31:04:fa:c3:06:5f:93:5a:dc:01:18:33:08:9a:
7a:a7:35:00:a8:a7:3a:d8:3f:ad:cc:9a:26:ee:d0:
91:b5:6f:25:0a:bd:e3:4b:f4:0f:cb:85:9e:d3:2d:
e1:9f:ed:d2:57:29:b1:02:e4:1d:fd:74:0d:14:fc:
1e:af:0c:da:f5:07:a1:ca:f9:37:f9:26:e2:d8:25:
e4:33:12:06:61:51:66:e6:25:be:9b:ba:e0:69:5a:
df:0f:19:72:78:e7:46:52:92:75:c2:43:14:a3:67:
3a:db:80:bd:51:21:ef:27:18:6f:9b:96:db:8e:5a:
79:a4:cb:4b:16:d5:4a:03:60:11:59:8b:de:0c:d4:
d0:94:b4:93:84:b8:ae:0f:1d:d4:25:3b:92:f3:32:
bd:5d:5b:47:78:10:23:a0:86:f5:8f:2a:1a:a3:59:
0a:17:b5:81:f5:d1:90:15:29:da:e3:5f:1a:ba:4d:
41:86:1f:ec:55:8f:63:c2:4c:4a:ed:cf:94:85:3a:
12:b5:43:c1:3f:a1:1b:ee:21:02:9e:3f:b5:aa:3b:
a4:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:5F:0C:6E:9D:24:BF:C9:DE:4E:DF:91:FD:CD:15:42:23:0F:A7:E2
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2F8Mbp0kv8neTt-R_c0VQiMPp-I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
67:b5:62:9b:f0:bc:da:be:f4:17:1f:db:ea:76:d9:8f:22:ac:
59:ce:b6:56:41:a2:3b:37:a6:60:16:da:78:c2:88:99:f7:ef:
2f:c9:06:de:65:3e:4d:31:00:4d:2e:08:2a:f1:6d:7c:56:9b:
ff:88:b2:9d:9e:6e:0d:8c:8f:45:76:8a:aa:20:d2:b8:6a:a8:
e2:8e:e9:93:28:b0:7e:cd:43:40:cf:62:93:4e:d9:ba:96:e1:
cd:d3:36:23:f9:3c:f2:b7:f0:b3:ed:7c:3f:dc:a0:97:d5:35:
54:4c:62:36:fa:79:72:7e:94:67:f1:b7:60:7b:09:6f:33:da:
b0:95:d0:4f:ea:a5:ce:c2:5b:d2:f8:03:6c:93:61:29:b5:23:
40:23:b8:4e:e2:3d:58:02:3b:59:63:86:d0:8a:a9:1a:58:5c:
c6:b3:bf:97:64:51:d6:08:c5:fc:5d:56:48:f0:b2:f7:41:6e:
c9:dc:21:8f:f4:dc:62:cb:fc:8c:99:1b:4e:74:5f:f6:61:08:
74:a9:86:73:68:67:19:4c:d4:bb:d0:9c:c6:d3:13:fa:c8:fc:
54:c7:4b:ef:67:bc:43:d2:98:95:af:47:73:17:ff:be:a9:6c:
74:02:a2:e3:a4:03:7f:91:06:bd:a8:8e:69:03:da:60:f4:98:
8c:07:2c:f9
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICdUwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MTAw
MjQ1MTFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQ4NUYwQzZFOUQyNEJG
QzlERTRFREY5MUZEQ0QxNTQyMjMwRkE3RTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDl/vwEaMTMlv4YcCvb39cJsPgcEsTVFLMzJdambiDZWpAa2yfT
76ULf7OAJ9AxBPrDBl+TWtwBGDMImnqnNQCopzrYP63Mmibu0JG1byUKveNL9A/L
hZ7TLeGf7dJXKbEC5B39dA0U/B6vDNr1B6HK+Tf5JuLYJeQzEgZhUWbmJb6buuBp
Wt8PGXJ450ZSknXCQxSjZzrbgL1RIe8nGG+bltuOWnmky0sW1UoDYBFZi94M1NCU
tJOEuK4PHdQlO5LzMr1dW0d4ECOghvWPKhqjWQoXtYH10ZAVKdrjXxq6TUGGH+xV
j2PCTErtz5SFOhK1Q8E/oRvuIQKeP7WqO6RZAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU2F8Mbp0kv8neTt+R/c0VQiMPp+IwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJGOE1icDBrdjhuZVR0
LVJfYzBWUWlNUHAtSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBntWKb
8LzavvQXH9vqdtmPIqxZzrZWQaI7N6ZgFtp4woiZ9+8vyQbeZT5NMQBNLggq8W18
Vpv/iLKdnm4NjI9FdoqqINK4aqjijumTKLB+zUNAz2KTTtm6luHN0zYj+Tzyt/Cz
7Xw/3KCX1TVUTGI2+nlyfpRn8bdgewlvM9qwldBP6qXOwlvS+ANsk2EptSNAI7hO
4j1YAjtZY4bQiqkaWFzGs7+XZFHWCMX8XVZI8LL3QW7J3CGP9Nxiy/yMmRtOdF/2
YQh0qYZzaGcZTNS70JzG0xP6yPxUx0vvZ7xD0piVr0dzF/++qWx0AqLjpAN/kQa9
qI5pA9pg9JiMByz5
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:30:46 2025 by rpki-client