Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/8oaj7Qys-9Z3ys7762GWpgHyPg0.roa
File: 8oaj7Qys-9Z3ys7762GWpgHyPg0.roa (raw, json)
Hash identifier: ItrOnNuBC1EWeVoTYA5qij9vaF1IK4+OOozhBtaQLeU=
Subject key identifier: F2:86:A3:ED:0C:AC:FB:D6:77:CA:CE:FB:EB:61:96:A6:01:F2:3E:0D
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 6E88
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8oaj7Qys-9Z3ys7762GWpgHyPg0.roa
Signing time: Sun 22 Jun 2025 07:44:09 +0000
ROA not before: Sun 22 Jun 2025 07:44:09 +0000
ROA not after: Fri 03 Apr 2026 08:00:09 +0000
asID: 24426
IP address blocks: 43.239.48.0/22 maxlen: 22
43.246.0.0/22 maxlen: 22
43.246.4.0/22 maxlen: 22
43.246.12.0/22 maxlen: 22
43.246.16.0/22 maxlen: 22
43.246.20.0/22 maxlen: 22
43.246.24.0/22 maxlen: 22
43.246.28.0/22 maxlen: 22
43.246.32.0/22 maxlen: 22
43.246.36.0/22 maxlen: 22
43.246.40.0/22 maxlen: 22
43.246.44.0/22 maxlen: 22
43.246.52.0/22 maxlen: 22
43.246.56.0/22 maxlen: 22
43.246.60.0/22 maxlen: 22
43.246.64.0/22 maxlen: 22
43.246.68.0/22 maxlen: 22
43.246.72.0/22 maxlen: 22
43.246.76.0/22 maxlen: 22
43.246.80.0/22 maxlen: 22
43.246.84.0/22 maxlen: 22
43.246.88.0/22 maxlen: 22
43.246.92.0/22 maxlen: 22
43.246.96.0/22 maxlen: 22
103.35.48.0/22 maxlen: 22
103.236.0.0/22 maxlen: 22
103.236.4.0/22 maxlen: 22
103.236.8.0/22 maxlen: 22
103.236.12.0/22 maxlen: 22
103.236.16.0/22 maxlen: 22
103.236.20.0/22 maxlen: 22
103.236.28.0/22 maxlen: 22
103.236.32.0/22 maxlen: 22
103.236.36.0/22 maxlen: 22
103.236.40.0/22 maxlen: 22
103.236.44.0/22 maxlen: 22
103.236.48.0/22 maxlen: 22
103.236.52.0/22 maxlen: 22
103.236.56.0/22 maxlen: 22
103.236.60.0/22 maxlen: 22
103.236.64.0/22 maxlen: 22
103.236.68.0/22 maxlen: 22
103.236.72.0/22 maxlen: 22
103.236.76.0/22 maxlen: 22
103.236.80.0/22 maxlen: 22
103.236.84.0/22 maxlen: 22
103.236.88.0/22 maxlen: 22
103.236.92.0/22 maxlen: 22
103.236.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28296 (0x6e88)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: Jun 22 07:44:09 2025 GMT
Not After : Apr 3 08:00:09 2026 GMT
Subject: CN=F286A3ED0CACFBD677CACEFBEB6196A601F23E0D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:3f:43:ff:28:c5:5b:de:18:81:5c:f4:f0:f2:
2b:8d:f8:02:04:9d:73:43:c5:ee:e6:e9:54:98:4d:
5d:76:f0:bd:b5:4a:a1:d3:61:46:75:1e:f2:fc:d0:
8f:5e:5a:90:a7:f0:7f:19:70:a0:2c:c6:d1:e4:35:
a8:0a:72:d6:d5:43:a3:46:74:a1:00:9b:1c:33:a0:
6e:2e:b9:64:35:41:8a:7f:b2:51:34:dc:30:09:65:
f3:ce:c6:09:dd:df:1b:fe:33:0e:19:77:e4:2c:49:
c1:72:b1:ac:46:70:0a:81:fa:3b:da:07:d5:9f:71:
03:ba:8c:de:7c:b3:4a:25:58:7c:4f:a3:08:0e:7f:
89:92:ec:53:c4:20:64:2f:c2:00:9a:fa:7a:ea:21:
38:fd:a9:7c:db:7c:83:b4:cd:59:44:d8:2b:5a:11:
3d:bc:aa:f3:9f:5e:62:b9:e3:69:65:5e:31:84:3d:
56:f7:8e:d4:90:1a:80:c9:8d:45:93:b6:a4:92:fa:
9d:eb:3e:0e:2f:ac:27:da:7e:83:55:24:c4:4e:0b:
28:dc:c3:9d:f6:7a:09:96:86:8c:9f:ff:e8:58:0d:
53:09:09:0a:8f:eb:e0:2d:d9:f0:e2:24:c6:20:a8:
25:dc:a6:a5:07:65:d5:b9:23:f6:79:cc:64:b3:af:
e9:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:86:A3:ED:0C:AC:FB:D6:77:CA:CE:FB:EB:61:96:A6:01:F2:3E:0D
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/8oaj7Qys-9Z3ys7762GWpgHyPg0.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.48.0/22
43.246.0.0/21
43.246.12.0-43.246.47.255
43.246.52.0-43.246.99.255
103.35.48.0/22
103.236.0.0-103.236.23.255
103.236.28.0-103.236.99.255
Signature Algorithm: sha256WithRSAEncryption
70:41:89:c0:42:6b:67:28:9b:07:9f:7a:00:f3:16:ad:d1:21:
a8:01:0f:16:33:a9:b4:40:68:df:2f:2b:e9:09:02:36:95:7f:
95:2d:0a:e5:01:55:19:cf:db:5b:ea:aa:07:4e:b9:03:4f:ec:
10:c3:f4:18:4d:f4:f5:10:58:d6:6b:28:cc:92:b3:1d:71:37:
df:55:da:e2:7a:f7:cc:60:8c:f2:96:f0:81:97:08:df:5c:38:
91:dd:5c:4d:48:e8:68:f2:e0:4f:f0:b4:37:89:d8:07:3e:36:
b2:ca:1f:42:3f:ec:12:75:a0:f2:d7:db:c2:d4:4c:20:c6:26:
35:b2:73:48:ab:21:32:b3:a7:1b:94:60:2e:56:2f:ce:54:f1:
b2:69:89:14:9a:97:d1:5c:58:9f:32:51:ce:50:2a:d5:c3:14:
94:d7:12:82:b7:1d:42:5a:af:60:53:91:bf:96:2e:89:40:85:
eb:fb:4d:07:92:d5:03:e3:b4:b5:65:d4:df:33:51:45:b1:1c:
37:ff:69:16:a5:ad:32:21:24:c2:84:89:d7:3e:c8:6c:57:6a:
ad:a4:af:da:56:12:ea:4d:04:aa:74:d5:f4:a2:2f:2e:73:d2:
db:90:a7:d5:12:20:66:1a:7f:78:4e:86:57:c2:00:61:dc:e7:
20:2b:21:3a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgICbogwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNTA2MjIw
NzQ0MDlaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEYyODZBM0VEMENBQ0ZC
RDY3N0NBQ0VGQkVCNjE5NkE2MDFGMjNFMEQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCyP0P/KMVb3hiBXPTw8iuN+AIEnXNDxe7m6VSYTV128L21SqHT
YUZ1HvL80I9eWpCn8H8ZcKAsxtHkNagKctbVQ6NGdKEAmxwzoG4uuWQ1QYp/slE0
3DAJZfPOxgnd3xv+Mw4Zd+QsScFysaxGcAqB+jvaB9WfcQO6jN58s0olWHxPowgO
f4mS7FPEIGQvwgCa+nrqITj9qXzbfIO0zVlE2CtaET28qvOfXmK542llXjGEPVb3
jtSQGoDJjUWTtqSS+p3rPg4vrCfafoNVJMROCyjcw532egmWhoyf/+hYDVMJCQqP
6+At2fDiJMYgqCXcpqUHZdW5I/Z5zGSzr+lHAgMBAAGjggI0MIICMDAdBgNVHQ4E
FgQU8oaj7Qys+9Z3ys7762GWpgHyPg0wHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3LzhvYWo3UXlzLTlaM3lz
Nzc2MkdXcGdIeVBnMC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwYgYIKwYBBQUHAQcBAf8EUzBRME8EAgABMEkD
BAIr7zADBAMr9gAwDAMEAiv2DAMEBCv2IDAMAwQCK/Y0AwQCK/ZgAwQCZyMwMAsD
AwJn7AMEA2fsEDAMAwQCZ+wcAwQCZ+xgMA0GCSqGSIb3DQEBCwUAA4IBAQBwQYnA
QmtnKJsHn3oA8xat0SGoAQ8WM6m0QGjfLyvpCQI2lX+VLQrlAVUZz9tb6qoHTrkD
T+wQw/QYTfT1EFjWayjMkrMdcTffVdrievfMYIzylvCBlwjfXDiR3VxNSOho8uBP
8LQ3idgHPjayyh9CP+wSdaDy19vC1EwgxiY1snNIqyEys6cblGAuVi/OVPGyaYkU
mpfRXFifMlHOUCrVwxSU1xKCtx1CWq9gU5G/li6JQIXr+00HktUD47S1ZdTfM1FF
sRw3/2kWpa0yISTChInXPshsV2qtpK/aVhLqTQSqdNX0oi8uc9LbkKfVEiBmGn94
ToZXwgBh3OcgKyE6
-----END CERTIFICATE-----
Generated at Sun Jul 20 12:39:16 2025 by rpki-client