Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/8h5w4vRcPG8I-F8xtffJAqEF0GI.roa
File: 8h5w4vRcPG8I-F8xtffJAqEF0GI.roa (raw, json)
Hash identifier: 0Sr7/KIVjrIgf3qowOcZBJ5livK683xCAmnXH/VA9e4=
Subject key identifier: F2:1E:70:E2:F4:5C:3C:6F:08:F8:5F:31:B5:F7:C9:02:A1:05:D0:62
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 73E4
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8h5w4vRcPG8I-F8xtffJAqEF0GI.roa
Signing time: Sun 06 Jul 2025 08:45:34 +0000
ROA not before: Sun 06 Jul 2025 08:45:34 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 29668 (0x73e4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jul 6 08:45:34 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F21E70E2F45C3C6F08F85F31B5F7C902A105D062
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:43:67:95:b8:cc:ab:73:e6:87:66:c8:87:d0:
5d:f6:fe:70:20:6a:96:41:2a:4e:1e:50:25:3b:b1:
9e:33:c5:33:c2:53:d9:10:0e:11:53:19:ff:02:54:
03:40:eb:11:04:2e:0a:f3:76:02:87:fb:2e:49:14:
33:9c:58:46:16:d7:30:16:f7:18:32:e6:6a:7d:f2:
05:b5:4b:e7:8e:db:10:93:eb:4e:03:29:21:fc:28:
ce:cb:64:fe:40:c6:4b:f0:7f:5d:4f:ea:c9:35:d5:
ec:e2:4d:30:aa:b7:b1:58:70:69:5e:62:24:c6:a3:
b8:90:84:0b:39:38:c5:10:33:be:03:b4:f2:ac:24:
a3:be:4f:95:71:f5:d2:d1:eb:dd:43:82:3f:e4:c6:
dd:9a:29:01:65:da:50:fa:b7:2f:91:6d:9f:e8:e2:
e1:41:35:e3:ec:68:72:46:31:d7:66:25:5e:54:2a:
4e:9b:33:45:7e:a3:0b:da:16:37:07:cd:9a:02:07:
6e:09:13:dc:7e:f1:dc:bc:42:d6:2d:1a:e9:71:b2:
b4:7e:d1:1b:ff:f1:40:9a:6d:6b:35:5d:87:41:8d:
e5:bb:24:a6:c8:06:cc:58:11:90:71:41:08:29:50:
55:a8:74:56:c4:f3:88:34:39:40:d3:12:84:15:5c:
f0:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:1E:70:E2:F4:5C:3C:6F:08:F8:5F:31:B5:F7:C9:02:A1:05:D0:62
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8h5w4vRcPG8I-F8xtffJAqEF0GI.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
aa:ab:88:51:e2:5c:18:de:6e:42:cf:71:6d:4f:be:f5:0e:0f:
19:10:50:f9:73:21:59:d3:7d:04:37:9f:2b:72:01:a4:72:f2:
71:86:1d:1c:55:c1:e5:e5:47:52:6c:54:86:1a:fc:2a:2d:44:
ed:e6:c7:c0:a7:75:0a:50:4a:88:05:56:ff:ad:84:85:c0:d2:
37:38:68:00:ad:39:7c:66:a2:35:45:c1:92:36:1d:64:17:df:
c3:e5:63:e4:51:9b:41:a3:0b:00:92:2d:71:15:c4:1d:fc:aa:
78:86:1a:e0:b3:9a:fd:d2:77:a7:37:97:ba:ae:7f:48:1c:64:
ca:df:84:1f:a1:a3:68:2a:a7:45:17:51:04:da:93:22:4a:d7:
e9:da:d6:e4:3d:70:15:2e:a8:11:18:8b:67:db:33:da:d3:53:
ed:82:d1:1d:d6:69:3a:49:38:ba:83:7d:0d:f4:ce:76:e5:4b:
63:64:0e:e4:87:b7:2b:fc:ad:d8:4b:a2:7e:97:ac:94:26:14:
cc:e4:59:fc:b9:f1:cb:98:33:97:25:55:df:e8:d1:1e:68:22:
70:d5:20:53:3d:04:a3:cd:84:d7:aa:97:06:c0:03:10:7f:3e:
0b:91:03:65:06:6f:0f:23:bd:05:c9:d5:51:d9:cc:99:d2:f8:
9d:88:e9:67
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICc+QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA3MDYw
ODQ1MzRaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEYyMUU3MEUyRjQ1QzND
NkYwOEY4NUYzMUI1RjdDOTAyQTEwNUQwNjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDmQ2eVuMyrc+aHZsiH0F32/nAgapZBKk4eUCU7sZ4zxTPCU9kQ
DhFTGf8CVANA6xEELgrzdgKH+y5JFDOcWEYW1zAW9xgy5mp98gW1S+eO2xCT604D
KSH8KM7LZP5Axkvwf11P6sk11eziTTCqt7FYcGleYiTGo7iQhAs5OMUQM74DtPKs
JKO+T5Vx9dLR691Dgj/kxt2aKQFl2lD6ty+RbZ/o4uFBNePsaHJGMddmJV5UKk6b
M0V+owvaFjcHzZoCB24JE9x+8dy8QtYtGulxsrR+0Rv/8UCabWs1XYdBjeW7JKbI
BsxYEZBxQQgpUFWodFbE84g0OUDTEoQVXPCHAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU8h5w4vRcPG8I+F8xtffJAqEF0GIwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzhoNXc0dlJjUEc4SS1G
OHh0ZmZKQXFFRjBHSS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQCqq4hR
4lwY3m5Cz3FtT771Dg8ZEFD5cyFZ030EN58rcgGkcvJxhh0cVcHl5UdSbFSGGvwq
LUTt5sfAp3UKUEqIBVb/rYSFwNI3OGgArTl8ZqI1RcGSNh1kF9/D5WPkUZtBowsA
ki1xFcQd/Kp4hhrgs5r90nenN5e6rn9IHGTK34QfoaNoKqdFF1EE2pMiStfp2tbk
PXAVLqgRGItn2zPa01PtgtEd1mk6STi6g30N9M525UtjZA7kh7cr/K3YS6J+l6yU
JhTM5Fn8ufHLmDOXJVXf6NEeaCJw1SBTPQSjzYTXqpcGwAMQfz4LkQNlBm8PI70F
ydVR2cyZ0vidiOln
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:46:26 2025 by rpki-client