Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/2H8MY1ZTcnzw_y_KCpsk1Qa8sjw.roa
File: 2H8MY1ZTcnzw_y_KCpsk1Qa8sjw.roa (raw, json)
Hash identifier: pJg060xXYI6Tfx1dZfh0JVk/53Fxp0iRJnCUandWCU4=
Subject key identifier: D8:7F:0C:63:56:53:72:7C:F0:FF:2F:CA:0A:9B:24:D5:06:BC:B2:3C
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 7062
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2H8MY1ZTcnzw_y_KCpsk1Qa8sjw.roa
Signing time: Fri 27 Jun 2025 00:14:32 +0000
ROA not before: Fri 27 Jun 2025 00:14:32 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28770 (0x7062)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 27 00:14:32 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=D87F0C635653727CF0FF2FCA0A9B24D506BCB23C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:9f:9f:04:87:03:1a:fe:46:16:28:e2:7c:8f:
1f:34:41:7b:20:18:4f:7c:0a:59:da:17:4c:43:47:
11:27:27:c7:fd:df:11:7c:04:53:1b:4f:3f:ba:9c:
1d:18:a0:80:b3:03:fb:d0:9f:3a:2f:d1:05:72:14:
9a:ea:e2:08:dc:4b:fd:3e:f7:71:01:2a:07:84:e9:
90:86:ef:87:c9:7d:6d:cd:6b:ac:a4:0b:97:ea:11:
06:e5:63:d6:6b:2e:cf:de:d8:37:e2:7a:8f:24:17:
ce:2e:9b:4c:0a:5b:0b:99:d8:65:da:f7:61:e9:b6:
66:0a:fa:e8:83:dc:12:f2:51:ef:66:83:08:fe:dc:
19:b6:92:d3:2d:65:44:96:19:3c:5b:86:e5:9f:c5:
fb:a5:2d:2e:5c:09:0c:09:a7:e7:1e:09:a3:ff:ec:
b9:d4:42:64:81:fa:37:c9:e3:d9:51:23:91:14:a9:
de:0a:0b:9e:ce:75:25:ec:a7:6b:21:1e:fb:bc:66:
22:2c:90:04:2e:14:f8:77:0c:42:c2:e9:99:30:1f:
c7:9c:7b:e3:76:fc:e7:2d:52:eb:f3:07:80:21:6f:
ae:cf:ba:5c:2b:70:3d:f0:ba:bc:f4:94:ad:c5:ef:
10:40:0e:32:25:78:7f:1b:4a:5c:b4:94:1b:58:bb:
54:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:7F:0C:63:56:53:72:7C:F0:FF:2F:CA:0A:9B:24:D5:06:BC:B2:3C
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/2H8MY1ZTcnzw_y_KCpsk1Qa8sjw.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
0f:df:8c:3a:91:a3:ea:c4:0e:0d:15:65:1e:0f:7b:5d:e5:58:
75:a2:97:f0:bb:bb:da:a8:f2:05:5e:d9:81:41:49:af:8e:4a:
bb:4b:c7:6c:98:f8:b7:d0:80:5e:db:2c:58:12:24:14:69:3b:
14:96:dc:5e:12:3a:1e:f5:6a:9a:e5:9e:3c:5f:1f:75:2c:5b:
4d:c5:f2:f9:96:5c:50:e4:c1:d2:51:bf:73:f3:f0:f3:e0:cf:
99:da:82:bd:a9:8b:87:1f:c4:13:a7:ca:97:0b:2b:47:58:d8:
3f:75:7f:ba:78:25:ba:87:9f:89:bc:ae:dc:1f:f3:ce:17:95:
2f:c7:e1:ff:3a:d2:98:63:cd:42:5a:3d:9a:25:a2:d8:aa:ff:
e0:80:dc:e2:64:b7:26:56:77:38:47:93:69:28:06:b7:49:fe:
7e:79:99:c2:77:41:c8:ee:ba:4d:e0:c5:66:7d:f1:7a:f5:d2:
ae:98:fc:77:3d:49:af:20:73:b3:72:e1:11:3f:2e:2e:70:29:
48:8d:a8:a8:68:75:e5:d3:e5:ce:df:47:20:a9:83:31:33:a0:
da:96:63:3d:48:50:d1:67:9e:ec:7b:38:ed:12:24:5f:9b:38:
f4:e5:65:65:5c:90:f5:03:bb:1a:ff:e8:5f:c9:3a:e3:71:53:
5c:1d:2b:41
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICcGIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2Mjcw
MDE0MzJaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEQ4N0YwQzYzNTY1Mzcy
N0NGMEZGMkZDQTBBOUIyNEQ1MDZCQ0IyM0MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXn58EhwMa/kYWKOJ8jx80QXsgGE98ClnaF0xDRxEnJ8f93xF8
BFMbTz+6nB0YoICzA/vQnzov0QVyFJrq4gjcS/0+93EBKgeE6ZCG74fJfW3Na6yk
C5fqEQblY9ZrLs/e2Dfieo8kF84um0wKWwuZ2GXa92HptmYK+uiD3BLyUe9mgwj+
3Bm2ktMtZUSWGTxbhuWfxfulLS5cCQwJp+ceCaP/7LnUQmSB+jfJ49lRI5EUqd4K
C57OdSXsp2shHvu8ZiIskAQuFPh3DELC6ZkwH8ece+N2/OctUuvzB4Ahb67Pulwr
cD3wurz0lK3F7xBADjIleH8bSly0lBtYu1SPAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU2H8MY1ZTcnzw/y/KCpsk1Qa8sjwwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzJIOE1ZMVpUY256d195
X0tDcHNrMVFhOHNqdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQAP34w6
kaPqxA4NFWUeD3td5Vh1opfwu7vaqPIFXtmBQUmvjkq7S8dsmPi30IBe2yxYEiQU
aTsUltxeEjoe9Wqa5Z48Xx91LFtNxfL5llxQ5MHSUb9z8/Dz4M+Z2oK9qYuHH8QT
p8qXCytHWNg/dX+6eCW6h5+JvK7cH/POF5Uvx+H/OtKYY81CWj2aJaLYqv/ggNzi
ZLcmVnc4R5NpKAa3Sf5+eZnCd0HI7rpN4MVmffF69dKumPx3PUmvIHOzcuERPy4u
cClIjaioaHXl0+XO30cgqYMxM6DalmM9SFDRZ57sezjtEiRfmzj05WVlXJD1A7sa
/+hfyTrjcVNcHStB
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:32:05 2025 by rpki-client