Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/8J5jc2oBf6uhqQ2v-H8yjheOnSc.roa
File: 8J5jc2oBf6uhqQ2v-H8yjheOnSc.roa (raw, json)
Hash identifier: c2Q8vY5DCoUDmSyZuoWsstz160pihBPPpeDs3OqwgKE=
Subject key identifier: F0:9E:63:73:6A:01:7F:AB:A1:A9:0D:AF:F8:7F:32:8E:17:8E:9D:27
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 66C6
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8J5jc2oBf6uhqQ2v-H8yjheOnSc.roa
Signing time: Sun 01 Jun 2025 03:42:31 +0000
ROA not before: Sun 01 Jun 2025 03:42:31 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26310 (0x66c6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 1 03:42:31 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F09E63736A017FABA1A90DAFF87F328E178E9D27
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:e0:14:9e:09:e1:58:0f:76:9c:a9:96:31:89:
00:a1:84:23:6f:6c:bd:b5:04:a0:6c:fb:47:00:cd:
49:db:69:6e:7f:db:6b:03:22:24:d1:a1:2c:2a:92:
0a:fe:4f:26:7a:ce:ba:13:40:6c:5e:08:70:81:e6:
bc:5f:59:b8:46:0f:09:04:1f:69:f3:a0:85:d1:4a:
56:e6:6e:81:45:e7:c2:e0:9e:41:12:21:9f:f0:7c:
a4:ca:3e:cb:04:da:17:d2:c7:b3:09:47:a4:7b:03:
ac:58:a0:59:b8:b8:d7:1a:2a:c1:d3:19:11:b8:57:
51:66:62:9e:34:84:2d:ca:9f:71:4c:c0:d2:72:23:
25:6d:18:3f:c0:e8:9e:a6:43:a3:ff:56:e0:a2:ae:
38:c3:59:8d:5e:52:75:67:75:1f:be:78:bf:e5:dd:
a3:9b:fd:d3:0f:56:34:ba:93:1c:93:27:e9:31:00:
6b:58:a0:fa:0d:98:39:88:df:8b:3e:1a:67:4c:97:
33:58:23:c5:4c:6b:43:6c:e1:2e:80:69:82:65:1d:
fc:e3:b5:11:f3:f6:46:6b:66:11:48:98:3e:ce:ca:
61:a2:af:20:25:e1:21:98:e0:0a:b0:a1:4d:63:22:
6e:b6:cc:d9:6f:29:3c:e4:b5:26:5d:b0:62:b8:77:
76:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:9E:63:73:6A:01:7F:AB:A1:A9:0D:AF:F8:7F:32:8E:17:8E:9D:27
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8J5jc2oBf6uhqQ2v-H8yjheOnSc.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
aa:bb:80:19:13:34:39:08:a5:87:1d:5f:16:d6:28:7d:0e:12:
e1:af:67:18:09:2a:ae:02:15:a3:63:db:a1:0f:d6:8f:4c:1f:
c2:40:2b:a9:97:be:c6:08:9e:a6:7d:70:9b:43:52:69:86:35:
3f:0e:07:7e:90:30:20:87:88:86:47:03:f4:11:04:af:8b:37:
2a:db:8a:da:55:24:fe:eb:ea:2f:68:f0:3d:9b:0e:9a:86:55:
c2:c0:17:67:ab:9f:74:a0:e8:75:8b:31:2f:bf:5f:08:c2:08:
d5:56:a2:61:5e:7d:28:ea:bd:6f:ad:ef:9e:a5:4a:b0:6f:57:
f3:1d:75:86:26:05:cd:f2:cf:f0:c8:66:81:ba:c4:cd:a5:d8:
4e:97:72:72:1a:3e:3c:6b:02:bc:13:bf:14:10:1e:c3:4d:75:
39:64:6c:5c:e1:56:90:d2:ab:20:8e:55:b8:64:60:ee:fc:78:
71:72:a5:ff:ad:1b:99:05:c4:47:e0:6b:ed:78:09:d6:7f:e3:
7a:83:77:a9:c3:2c:5a:9c:62:88:f2:15:87:ce:6a:fa:d2:fd:
6d:e1:bf:5a:1c:f5:f5:d1:7a:04:c6:c9:3d:be:63:87:df:9e:
14:03:bb:9f:bf:96:32:34:f7:3d:2e:64:c9:26:e6:6d:d6:27:
2d:8c:d3:15
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICZsYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MDEw
MzQyMzFaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEYwOUU2MzczNkEwMTdG
QUJBMUE5MERBRkY4N0YzMjhFMTc4RTlEMjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCw4BSeCeFYD3acqZYxiQChhCNvbL21BKBs+0cAzUnbaW5/22sD
IiTRoSwqkgr+TyZ6zroTQGxeCHCB5rxfWbhGDwkEH2nzoIXRSlbmboFF58LgnkES
IZ/wfKTKPssE2hfSx7MJR6R7A6xYoFm4uNcaKsHTGRG4V1FmYp40hC3Kn3FMwNJy
IyVtGD/A6J6mQ6P/VuCirjjDWY1eUnVndR++eL/l3aOb/dMPVjS6kxyTJ+kxAGtY
oPoNmDmI34s+GmdMlzNYI8VMa0Ns4S6AaYJlHfzjtRHz9kZrZhFImD7OymGiryAl
4SGY4AqwoU1jIm62zNlvKTzktSZdsGK4d3bzAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU8J5jc2oBf6uhqQ2v+H8yjheOnScwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzhKNWpjMm9CZjZ1aHFR
MnYtSDh5amhlT25TYy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCqu4AZ
EzQ5CKWHHV8W1ih9DhLhr2cYCSquAhWjY9uhD9aPTB/CQCupl77GCJ6mfXCbQ1Jp
hjU/Dgd+kDAgh4iGRwP0EQSvizcq24raVST+6+ovaPA9mw6ahlXCwBdnq590oOh1
izEvv18IwgjVVqJhXn0o6r1vre+epUqwb1fzHXWGJgXN8s/wyGaBusTNpdhOl3Jy
Gj48awK8E78UEB7DTXU5ZGxc4VaQ0qsgjlW4ZGDu/HhxcqX/rRuZBcRH4GvteAnW
f+N6g3epwyxanGKI8hWHzmr60v1t4b9aHPX10XoExsk9vmOH354UA7ufv5YyNPc9
LmTJJuZt1ictjNMV
-----END CERTIFICATE-----
Generated at Wed Jun 4 00:52:33 2025 by rpki-client